Home page logo
/

361 messages starting May 24 05 and ending May 25 05
Date index | Thread index | Author index

ACROS Security

ACROS Security: HTML Injection in BEA WebLogic Server Console (2) ACROS Security (May 24)
ACROS Security: HTML Injection in BEA WebLogic Server Console (1) ACROS Security (May 24)
RE: ACROS Security: HTML Injection in BEA WebLogic Server Console (2) ACROS Security (May 27)

admin

JGS-Portal 3.0.1 SQL-Injection admin (May 02)

albatross

NISCC Vulnerability Advisory IPSEC - 004033 albatross (May 09)

Alberto Trivero

Multiple vulnerabilities in myBloggie 2.1.1 Alberto Trivero (May 05)
SQL Injection Exploit for myBloggie 2.1.1 - 2.1.2 Alberto Trivero (May 27)
Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 Alberto Trivero (May 31)

alert7

Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability alert7 (May 17)

alessandro

DSL-504T (and maybe many other) remote access without password bug alessandro (May 27)
504T and now also 604T remote access. alessandro (May 31)

Alexander Kornbrust

Oracle 9i / 10g Fine Grained Auditing Issue Alexander Kornbrust (May 05)
Oracle 10g DBMS_SCHEDULER SESSION_USER issue Alexander Kornbrust (May 05)

ali reza AcTiOnSpIdEr

Mac OS X - Adobe Version Cue local root exploit [c version exploit] ali reza AcTiOnSpIdEr (May 16)

a.list.address () gmail com

Re: Apache hacks (./atac, d0s.txt) a.list.address () gmail com (May 02)

Alok Menghrajani - Ilion Security SA

TCP/IP implementations do not adequately validate ICMP error messages Alok Menghrajani - Ilion Security SA (May 10)

Andrew Griffiths

Re: Linux kernel ELF core dump privilege elevation (kernel module workaround) Andrew Griffiths (May 12)

antoine

Re: Linux kernel ELF core dump privilege elevation antoine (May 12)

Anton Ivanov

Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks Anton Ivanov (May 12)

Arne Vidström

Commonly used disk imaging and wiping tools can be tricked to miss parts of a disk Arne Vidström (May 11)
Re: Commonly used disk imaging and wiping tools can be tricked to miss parts of a disk Arne Vidström (May 26)

August Christopher

MyBB 1.0 RC4 XSS Bug August Christopher (May 30)

Auston J

Meteor FTP Server v1.5 Buffer Overflow Auston J (May 23)

Bahaa Naamneh

UNICODE BUFFER OVERFLOW IN MS-WORD Bahaa Naamneh (May 19)
[UPDATE] UNICODE BUFFER OVERFLOW IN MS-WORD Bahaa Naamneh (May 20)

Bakchodiya

Security issue in Microsoft Outlook Bakchodiya (May 18)

Benjamin Tobias Franz

Microsoft Internet Explorer - Crash on adding sites to restricted zone (05/28/2005) Benjamin Tobias Franz (May 30)
Microsoft Internet Explorer - Crash on JavaScript "window()"-calling (05/28/2005) Benjamin Tobias Franz (May 30)
Microsoft Internet Explorer - Crash on processing embedded files with endless loop (05/28/2005) Benjamin Tobias Franz (May 30)
Microsoft Internet Explorer - Crash on to many stack overflows (05/28/2005) Benjamin Tobias Franz (May 30)

Benton Lam

Re: Microsoft Internet Explorer - Crash on JavaScript "window()"-calling (05/28/2005) Benton Lam (May 31)

Bernhard Mitterer

Re: Windows image size crash Bernhard Mitterer (May 14)

Boren, Rich (SSRT)

[security bulletin] SSRT4884 rev.0 - HP-UX TCP/IP Remote Denial of Service (DoS) Boren, Rich (SSRT) (May 26)
[security bulletin] SSRT5954 rev.1 - HP-UX TCP/IP Remote Denial of Service (DoS) Boren, Rich (SSRT) (May 26)
[security bulletin] SSRT5899 rev.0 - HP-UX trusted system remote unauthorized access Boren, Rich (SSRT) (May 26)

Braden Thomas

4d WebSTAR 5.x Web Server Mac OS X Buffer Overflow Braden Thomas (May 06)

Bruno Lustosa

Re: Linux kernel ELF core dump privilege elevation Bruno Lustosa (May 11)

bugs

Linux kernel pktcdvd ioctl break user space limit vulnerability [corrected] bugs (May 18)

CENSORED

SQL injections in PortailPHP CENSORED (May 23)
Multiple vulnerabilities in x-cart Gold CENSORED (May 30)

Cesar

[Argeniss] MS05-012 Exploit Cesar (May 31)

chris

Re: Linux kernel ELF core dump privilege elevation (kernel module workaround) chris (May 13)

Christophe Lucas

Re: Firefox Crash?? Christophe Lucas (May 12)

Chris Umphress

Re: Apache hacks (./atac, d0s.txt) Chris Umphress (May 02)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: FWSM URL Filtering Solution TCP ACL Bypass Vulnerability Cisco Systems Product Security Incident Response Team (May 11)

class

Microsoft WINS Vulnerability + OS/SP Scanner class (May 02)
BakBone NetVault last warning class (May 12)

Claus R. F. Overbeck

Pico Server (pServ) Local Information Disclosure Claus R. F. Overbeck (May 16)
Pico Server (pServ) Information Disclosure Of CGI Sources Claus R. F. Overbeck (May 16)
Pico Server (pServ) Remote Command Injection Claus R. F. Overbeck (May 16)

cmthemc

Re: Windows image size crash cmthemc (May 18)

codeQ

Re: Linux kernel ELF core dump privilege elevation codeQ (May 13)

Conectiva Updates

[CLA-2005:952] Conectiva Security Announcement - kernel Conectiva Updates (May 02)
[CLA-2005:953] Conectiva Security Announcement - kde Conectiva Updates (May 17)

contact

Announcement: The Web Security Mailing List contact (May 09)

cybertronic

dSMTP - SMTP Mail Server 3.1b Linux Remote Root Format String Exploit cybertronic (May 05)

Daniel Cid

Re: Apache hacks (./atac, d0s.txt) Daniel Cid (May 02)

Daniel Souza

Re: User32.dll Icon Size Crash Daniel Souza (May 27)

DarkBicho

multiple vulnerability Calendarix Advanced DarkBicho (May 31)

David Nichols

Re: SPAM-HIGH: TCP/IP implementations do not adequately validate ICMP error messages David Nichols (May 12)

David Remahl

Advisories for 4 vulnerabilities addressed by Apple SU 2005-005 David Remahl (May 05)
[DR018] Quartz Composer / QuickTime 7 information leakage David Remahl (May 12)

David Schwartz

RE: TCP/IP implementations do not adequately validate ICMP error messages David Schwartz (May 12)

dcrab

Multiple SQL injections and XSS in FishCart 3.1 dcrab (May 05)
Authentication bypass, sql injections and xss in ArticleLive 2005 dcrab (May 05)

dedi dwianto

Multiple Vulnerabilities in MetaCart e-Shop dedi dwianto (May 16)

deluxe

[SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05) deluxe (May 16)
Re: [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05) deluxe (May 19)

Dennis Elser

PicoWebServer Remote Unicode Stack Overflow Dennis Elser (May 30)

Dim K0r0l

Meteor FTP Server: PoC Exploit Dim K0r0l (May 26)

Donato Ferrante

Multiple Vulnerabilities in Video Cam Server 1.0.0 Donato Ferrante (May 02)
directory traversal in SimpleCam 1.2 Donato Ferrante (May 05)

Ejovi Nuwere

[SecurityLab] Ethereal 0.10.10 SIP Dissector Overflow Ejovi Nuwere (May 09)

Exoduks

[hackgen-2005-#004] - Multiple bugs in MidiCart PHP Shopping Cart Exoduks (May 05)

Eyal Udassin

Citrix security contact Eyal Udassin (May 27)

farhad koosha

episodex guestbook security bypass & html injection farhad koosha (May 20)

Felix

MRO Maximo v4 & v5 Felix (May 05)

Filippo Spike Morelli

Gforge - viewFile.php security flaw Filippo Spike Morelli (May 24)

Francesco Orro

D-Link DSL routers authentication bypass Francesco Orro (May 19)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-05:06.iir FreeBSD Security Advisories (May 06)
FreeBSD Security Advisory FreeBSD-SA-05:07.ldt FreeBSD Security Advisories (May 06)
FreeBSD Security Advisory FreeBSD-SA-05:08.kmem FreeBSD Security Advisories (May 06)
FreeBSD Security Advisory FreeBSD-SA-05:09.htt [REVISED] FreeBSD Security Advisories (May 13)

Gadi Evron

Wide-scale industrial espionage using Trojan horses in Israel Gadi Evron (May 31)

Gary O'leary-Steele

[SEC-1 LTD] RSA SecurID Web Agent Heap Overflow Gary O'leary-Steele (May 06)

gilbert nzeka

tHorK FrameWork Beta v0.1::: another exploit framework gilbert nzeka (May 02)

Giuseppe `lan` Marocchio

Re: Windows image size crash Giuseppe `lan` Marocchio (May 13)

Greg KH

Re: Linux kernel ELF core dump privilege elevation Greg KH (May 11)
Re: Linux kernel ELF core dump privilege elevation Greg KH (May 11)

GulfTech Security Research

Multiple Vulnerabilities In SitePanel2 GulfTech Security Research (May 05)
Multiple Vulnerabilities In osTicket GulfTech Security Research (May 05)
Multiple Vulnerabilities In Invision Power Board GulfTech Security Research (May 06)
Yappa-NG Multiple Vulnerabilities GulfTech Security Research (May 12)
Woltlab Burning Board SQL Injection Vulnerability GulfTech Security Research (May 16)
Help Center Live Vulnerabilities GulfTech Security Research (May 18)
Format String Vulnerability In Peercast 0.1211 And Earlier GulfTech Security Research (May 30)

Gunter Ollmann

Re: Can't trust COMODO - An Update Gunter Ollmann (May 09)

Gunter Ollmann (NGS)

Can't trust COMODO Gunter Ollmann (NGS) (May 02)

H D Moore

Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks H D Moore (May 05)
Metasploit Framework v2.4 H D Moore (May 11)

hennoj

Multiple vulnearabilities in e107 cms hennoj (May 06)

Hohn, Joerg

RE: Microsoft Internet Explorer - Crash on adding sites to restri cted zone (05/28/2005) Hohn, Joerg (May 31)

Hyperdose Security

Local file detection bug found through Adobe SVG Viewer Hyperdose Security (May 05)

iDEFENSE Labs

iDEFENSE Security Advisory 05.03.05: Mac OS X Server NeST -target Buffer Overflow Vulnerability iDEFENSE Labs (May 05)
iDEFENSE Security Advisory 05.04.05: Apple Mac OS X vpnd Server_id Buffer Overflow Vulnerability iDEFENSE Labs (May 05)
iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP STATUS Remote Buffer Overflow Vulnerability iDEFENSE Labs (May 24)
iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP LSUB DoS Vulnerability iDEFENSE Labs (May 24)
iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP LOGIN Remote Buffer Overflow Vulnerabilities iDEFENSE Labs (May 24)
iDEFENSE Security Advisory 05.24.05: Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability iDEFENSE Labs (May 24)
iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP SELECT Command DoS Vulnerability iDEFENSE Labs (May 24)
iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 imap4d Format String Vulnerability iDEFENSE Labs (May 25)
iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 mail header_get_field_name() Buffer Overflow Vulnerability iDEFENSE Labs (May 25)
iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 imap4d fetch_io Heap overflow Vulnerability iDEFENSE Labs (May 25)
iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 imap4d FETCH Command Resource Consumption DoS Vulnerability iDEFENSE Labs (May 25)

Ingvar Gilbert

phpATM arbitrary PHP code inclusion Ingvar Gilbert (May 19)

jamesbug

Re: [Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability jamesbug (May 26)

Jay D. Dyson

Re: Apache hacks (./atac, d0s.txt) Jay D. Dyson (May 02)

Jeremy Kelley

Re: Firefox Crash?? Jeremy Kelley (May 12)

Jerome ATHIAS

Re: Privilege escalation in BulletProof FTP Server v2.4.0.31 [PoC] Jerome ATHIAS (May 02)

John GALLET

Re: [SECURITY] [DSA 729-1] New PHP4 packages fix denial of service John GALLET (May 27)

john smith

firefox 1.0.3 spoof+auto dl john smith (May 07)

Joxean Koret

Re: Firefox Crash?? Joxean Koret (May 12)

Justin

Re: [security () suse de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3 Justin (May 31)

- k -

User32.dll Icon Size Crash - k - (May 27)
Re: Microsoft Internet Explorer - Crash on JavaScript "window()"-calling (05/28/2005) - k - (May 31)

Kenshoto

Defcon Capture the Flag registration is open Kenshoto (May 02)

Kevin Finisterre

DMA[2005-0502a] - 'Apple OSX multiple Bluetooth vulnerabilities' Kevin Finisterre (May 05)

KF (lists)

DMA[2005-0501a] - 'ARPUS/Ce setuid buffer overflow and file overwrite' KF (lists) (May 02)
Re: Apache hacks (./atac, d0s.txt) KF (lists) (May 02)

Kold

Sql Injection in CJ Ultra Plus v1.0.3-1.0.4 Kold (May 06)

Konrad Malewski

Windows (XP, 2k3, Longhorn) is vulnerable to IpV6 Land attack. Konrad Malewski (May 18)

K sPecial

htdigest exploit code [bid 13537] K sPecial (May 12)

Lachlan. H

Directory Traversal Vuln - RaidenFTPD 2.4 < Build 2241 Lachlan. H (May 02)
Golden Ftp Server Pro - Directory Traversal Vuln Lachlan. H (May 05)

Lars Olsson

32-bit qmail fun (qmail-pop3d) (fwd) Lars Olsson (May 13)

Laurent Destailleur

Re: AWStats <= 6.4 Multiple vulnerabilities Laurent Destailleur (May 05)

list

NOVELL ZENWORKS MULTIPLE REMØTE STACK & HEAP OVERFLOWS list (May 18)
Computer Associates Vet Antivirus Library Remote Heap Overflow list (May 23)

Luigi Auriemma

Clients format string and server crash in Mtp-Target 1.2.2 Luigi Auriemma (May 02)
Gamespy cd-key validation system: Cd-key never in use Luigi Auriemma (May 06)
Crash in Zoidcom 1.0 beta 4 Luigi Auriemma (May 10)
Gamespy cd-key validation system: "Cd-key in use" DoS versus many games Luigi Auriemma (May 10)
Format string and crash in Warrior Kings 1.3 and Battles 1.23 Luigi Auriemma (May 23)
Endless loop in Halo 1.06 Luigi Auriemma (May 24)
Buffer-overflow and crash in Terminator 3: War of the Machines 1.16 Luigi Auriemma (May 26)
Buffer-overflow in C'Nedra 0.4.0 Luigi Auriemma (May 26)
Crash in Stronghold 2 1.2 Luigi Auriemma (May 30)

Luiz Henrique

Re: Apache hacks (./atac, d0s.txt) Luiz Henrique (May 02)

Luke Macken

[ GLSA 200505-01 ] Horde Framework: Multiple XSS vulnerabilities Luke Macken (May 02)
[ GLSA 200505-02 ] Oops!: Remote code execution Luke Macken (May 06)

Maciej Soltysiak

Re: TCP/IP implementations do not adequately validate ICMP error messages Maciej Soltysiak (May 11)

Macromedia Security Zone

New Macromedia Security Zone Bulletin Posted Macromedia Security Zone (May 10)

Maksymilian Arciemowicz

[SECURITYREASON.COM] PostNuke XSS 0.760{RC2,RC3} Maksymilian Arciemowicz (May 21)
[SECURITYREASON.COM] PostNuke XSS and Full path disclosure 0.760RC3=>x Maksymilian Arciemowicz (May 21)
[SECURITYREASON.COM] PostNuke Non Critical SQL Injection and Include 0.760-RC3=>x Maksymilian Arciemowicz (May 21)
[SECURITYREASON.COM] PostNuke SQL Injection 0.750=>x Maksymilian Arciemowicz (May 21)

Mandriva Security Team

MDKSA-2005:082 - Updated OpenOffice.org packages fix heap overflow vulnerability Mandriva Security Team (May 06)
MDKSA-2005:081 - Updated XFree86/XOrg packages fix libXpm vulnerabilities Mandriva Security Team (May 06)
MDKSA-2005:083 - Updated ethereal packages fix multiple vulnerabilities Mandriva Security Team (May 11)
MDKSA-2005:087 - Updated tcpdump packages fix multiple vulnerabilities Mandriva Security Team (May 12)
MDKSA-2005:086 - Updated gaim packages fix multiple vulnerabilities Mandriva Security Team (May 12)
MDKSA-2005:085 - Updated kdelibs packages fix vulnerabilities Mandriva Security Team (May 12)
MDKSA-2005:084 - Updated gnutls packages fix vulnerabilities Mandriva Security Team (May 12)
MDKSA-2005:088 - Updated mozilla packages fix multiple vulnerabilities Mandriva Security Team (May 14)
MDKSA-2005:088-1 - Updated mozilla-firefox packages re-enable extensions Mandriva Security Team (May 17)
MDKSA-2005:089 - Updated cdrdao packages fix local root vulnerability Mandriva Security Team (May 19)
MDKSA-2005:090 - Updated nasm packages fix vulnerability Mandriva Security Team (May 19)
MDKSA-2005:091 - Updated bzip2 packages fix multiple vulnerabilities Mandriva Security Team (May 19)
MDKSA-2005:092 - Updated gzip packages fix several vulnerabilities Mandriva Security Team (May 19)
MDKSA-2005:095 - Updated gdb packages fix vulnerabilities Mandriva Security Team (May 30)

Marc Deslauriers

[FLSA-2005:155508] Updated cvs package fixes security issues Marc Deslauriers (May 13)
[FLSA-2005:154988] Updated openoffice.org packages fix security issues Marc Deslauriers (May 13)
[FLSA-2005:152763] Updated qt packages fixes security issues Marc Deslauriers (May 14)
[FLSA-2005:152768] Updated ruby package fixes security issues Marc Deslauriers (May 14)
[FLSA-2005:152804] Updated openmotif packages fix image vulnerability Marc Deslauriers (May 14)
[FLSA-2005:152856] Updated sudo packages fix security issue Marc Deslauriers (May 14)
[FLSA-2005:152912] Updated imap packages fix security issues Marc Deslauriers (May 14)
[FLSA-2005:152871] Updated nfs-utils package fixes security issue Marc Deslauriers (May 14)
[FLSA-2005:152883] Updated mozilla packages fix security issues Marc Deslauriers (May 18)
[FLSA-2005:152771] Updated pam packages fix security issue Marc Deslauriers (May 18)
[FLSA-2005:152815] Updated libtiff packages fix security issues Marc Deslauriers (May 19)

Marcus Meissner

Re: [security () suse de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3 Marcus Meissner (May 31)

Mariano Nuñez Di Croce

CYBSEC - PHPMailer Infinite Loop Denial of Service Mariano Nuñez Di Croce (May 30)

Markus Wörle

Mac OS 10.4: new-account-wizzard in Mail 2.0 sends clear-text passwords Markus Wörle (May 06)

Mark Woan

DotNetNuke (Multiple XSS) Mark Woan (May 16)

martin f krafft

davfs2 does not honour Unix permissions martin f krafft (May 25)

Martin Pitt

[USN-113-1] libnet-ssleay-perl vulnerability Martin Pitt (May 05)
[USN-116-1] gzip vulnerabilities Martin Pitt (May 05)
[USN-118-1] PostgreSQL vulnerabilities Martin Pitt (May 05)
[USN-114-1] kimgio vulnerability Martin Pitt (May 05)
[USN-117-1] cvs vulnerability Martin Pitt (May 05)
[USN-115-1] Kommander vulnerability Martin Pitt (May 05)
[USN-119-1] tcpdump vulnerabilities Martin Pitt (May 06)
[USN-122-1] Squid vulnerability Martin Pitt (May 06)
[USN-121-1] OpenOffice.org vulnerability Martin Pitt (May 06)
[USN-120-1] Apache 2 vulnerability Martin Pitt (May 06)
[USN-123-1] Xine library vulnerabilities Martin Pitt (May 06)
[USN-125-1] Gaim vulnerabilities Martin Pitt (May 12)
[USN-124-1] Mozilla and Firefox vulnerabilities Martin Pitt (May 12)
[USN-124-2] Fixed packages for USN-124-1 Martin Pitt (May 12)
[USN-126-1] GNU TLS library vulnerability Martin Pitt (May 14)
[USN-127-1] bzip2 vulnerabilities Martin Pitt (May 18)
[USN-128-1] nasm vulnerability Martin Pitt (May 18)
[USN-129-1] Squid vulnerability Martin Pitt (May 18)
[USN-130-1] TIFF library vulnerability Martin Pitt (May 19)
[USN-131-1] Linux kernel vulnerabilities Martin Pitt (May 24)
[USN-132-1] ImageMagick vulnerabilities Martin Pitt (May 24)
[USN-133-1] Apache utility vulnerability Martin Pitt (May 26)
[USN-134-1] Firefox vulnerabilities Martin Pitt (May 26)
[USN-114-2] Fixed packages for USN-114-1 Martin Pitt (May 27)
[USN-135-1] gdb vulnerabilities Martin Pitt (May 27)
[USN-136-1] binutils vulnerability Martin Pitt (May 27)
[USN-136-2] Fixed packages for USN-136-1 Martin Pitt (May 27)

Martin Schulze

[SECURITY] [DSA 720-1] New smartlist packages fix unauthorised un/subscription Martin Schulze (May 05)
[SECURITY] [DSA 721-1] New squid packages fix ACL bypass Martin Schulze (May 06)
[SECURITY] [DSA 723-1] New XFree86 packages fix arbitrary code execution Martin Schulze (May 09)
[SECURITY] [DSA 722-1] New smail packages fix arbitrary code execution Martin Schulze (May 09)
[SECURITY] [DSA 724-1] New phpsysinfo packages fix cross site scripting Martin Schulze (May 18)
[SECURITY] [DSA 725-1] New ppxp packages fix local root exploit Martin Schulze (May 19)
[SECURITY] [DSA 726-1] New oops packages fix format string vulnerability Martin Schulze (May 20)
[SECURITY] [DSA 727-1] New libconvert-uulib-perl packages fix arbitrary code execution Martin Schulze (May 20)
[SECURITY] [DSA 728-1] New qpopper packages fix arbitrary file overwriting Martin Schulze (May 25)
[SECURITY] [DSA 728-2] New qpopper packages fix arbitrary file overwriting Martin Schulze (May 26)
[SECURITY] [DSA 729-1] New PHP4 packages fix denial of service Martin Schulze (May 26)
[SECURITY] [DSA 730-1] New bzip2 packages fix file unauthorised permissions modification Martin Schulze (May 27)

Martin Tornwall

Acrowave AAP-3100AR authetication bypass Martin Tornwall (May 12)

Matthias Andree

leafnode security announcement leafnode-SA-2005-01 Matthias Andree (May 05)

Matthias Geerdsen

[ GLSA 200505-04 ] GnuTLS: Denial of Service vulnerability Matthias Geerdsen (May 09)

Matt Johnston

Insecure pty permissions in OS X < 10.4 Matt Johnston (May 02)

Max Kanat-Alexander

Security Advisory for Bugzilla 2.18, 2.19.2, and 2.16.8 Max Kanat-Alexander (May 12)

Megasky

WowBB view_user.php SQL Injection Vulnerability Megasky (May 10)
OpenBB SQL Injection & Cross-site Scripting Vulnerability Megasky (May 13)
PHPHeaven PHPMyChat Cross-site Scripting Vulnerablitiy Megasky (May 13)

Michael Cordover

Re: PHP Injection in PHP Poll Creator Michael Cordover (May 26)

Michal Szymanski

ITU 2005 Call For Papers Michal Szymanski (May 13)

Michal Zalewski

ASP.NET __VIEWSTATE crypto validation prone to replay attacks Michal Zalewski (May 03)
Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks Michal Zalewski (May 05)
Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks Michal Zalewski (May 06)

mohamed amhemed

Golden FTP Server Pro Remote Buffer Overflow Exploit mohamed amhemed (May 02)

Morinex Eneco

Directtopics Multiple Vulnerabilities (Security Advisory) Morinex Eneco (May 12)
Ultimate PHP Board (UPB) Security Advisory Morinex Eneco (May 13)
Skull-Splitter's Guestbook Multiple XXS/HTML injection Morinex Eneco (May 14)

Morning Wood

Re: MegaBook V2.0 - Cross Site Scripting Exploit Morning Wood (May 06)

M. Perri

worm "postcard" e-mail issue M. Perri (May 20)

Nathan House

Gossamer Threads Links SQL login XSS Vulnerability Nathan House (May 05)

newbug Tseng

cdrdao exploit for mandrake 10.2 ( Mandriva 2005) newbug Tseng (May 16)

NGSSoftware Insight Security Research

High Risk Vulnerability in L-Soft's LISTSERV Server NGSSoftware Insight Security Research (May 25)

Nick Bright

Re: Apache hacks (./atac, d0s.txt) Nick Bright (May 02)

Nick FitzGerald

Spam exploiting MS05-016 Nick FitzGerald (May 31)

nolimit bugtraq

Netvault Remote Heap Overflow (another one) nolimit bugtraq (May 13)

Oliver Goebel

CAIF 1.2 released Oliver Goebel (May 10)

Oliver J. Morais

Re: Windows image size crash Oliver J. Morais (May 13)

Oliver Karow

Blue Coat Reporter multiple remote vulnerabilities Oliver Karow (May 24)

orebla Orebla

Firefox Crash?? orebla Orebla (May 10)

organiser () syscan org

SyScAN'05 organiser () syscan org (May 31)

Ow Mun Heng

Re: [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3 Ow Mun Heng (May 31)

Paul

Firefox Remote Compromise Leaked Paul (May 09)
Re: firefox 1.0.3 spoof+auto dl Paul (May 09)
Firefox Remote Compromise Technical Details Paul (May 09)
Firefox 1.0.4 released. Several vulnerabilities fixed Paul (May 12)

Paul Laudanski

phpbb 2.0.15 released - patches high critical vuln Paul Laudanski (May 09)
Re: phpbb 2.0.15 released - patches high critical vuln Paul Laudanski (May 13)

Paul Starzetz

Linux kernel ELF core dump privilege elevation Paul Starzetz (May 11)
Re: Linux kernel ELF core dump privilege elevation Paul Starzetz (May 12)

Pedro Venda

Re: Linux kernel ELF core dump privilege elevation Pedro Venda (May 13)

Peter Keel

Re: TCP/IP implementations do not adequately validate ICMP error messages Peter Keel (May 11)

Petey Beege

Invision Power Board 1.* and 2.* Exploit (BID 13529) Petey Beege (May 26)

Pieter de Boer

Local root vuln in VPN daemon on MacOS X Pieter de Boer (May 05)

Piotr Bania

OllyDbg "INT3 AT" Format String Vulnerability Piotr Bania (May 13)
Alwil Software Avast Antivirus Device Driver Memory Overwrite Vulnerability Piotr Bania (May 26)
Compuware Softice (DbgMsg driver) Local Denial Of Service Piotr Bania (May 30)

please_reply_to_security

OpenServer 5.0.6 OpenServer 5.0.7 : chroot A known exploit can break a chroot prison. please_reply_to_security (May 12)
OpenServer 5.0.7 UnixWare 7.1.4 UnixWare 7.1.3 : Hyper-Threading information leakage please_reply_to_security (May 13)
OpenServer 5.0.6 OpenServer 5.0.7 : telnet client multiple issues please_reply_to_security (May 17)
UnixWare 7.1.4 : Updated mozilla fixes many security issues please_reply_to_security (May 18)
OpenServer 5.0.6 OpenServer 5.0.7 : nwprint privilege escalation please_reply_to_security (May 25)

plugger

exim 4.40 exploit plugger (May 25)

pokley

[Scan Associates Advisory] Neteyes Nexusway multiple vulnerability pokley (May 11)
Postnuke 0.750 - 0.760rc4 local file inclusion pokley (May 16)

preasoner

Re: PowerLink WAN Aggregator - Vunerability preasoner (May 26)

rash ilusion

PHP Injection in PHP Poll Creator rash ilusion (May 25)

Ricky Latt

JavaMail Information Disclosure (msgno) Ricky Latt (May 19)
Javamail Multiple Information Disclosure Vulnerabilities Ricky Latt (May 24)

Robert Zilbauer

Re: Apache hacks (./atac, d0s.txt) Robert Zilbauer (May 02)

Ron

Gaim 1.2.1 -- PoC Stack Overflow Ron (May 14)

Roy Hills

Nortel VPN Router Malformed Packet DoS Vulnerability Roy Hills (May 31)

RSnake

Windows image size crash RSnake (May 13)

Ryan S

Regions bank phishing scam Ryan S (May 02)

Sagiko

Re: Apache hacks (./atac, d0s.txt) Sagiko (May 02)

Scovetta, Michael V

RE: Security issue in Microsoft Outlook Scovetta, Michael V (May 20)

SecuBox fRoGGz

PwsPHP v1.2.2 Final - Multiples vulnerabilities SecuBox fRoGGz (May 09)
Willings WebCam - Password Disclosure Issue SecuBox fRoGGz (May 13)

security curmudgeon

Re: Multiple Sql injection and XSS vulnerabilities in phpBB Plus v.1.52 and below and some of its modules. security curmudgeon (May 26)
Re: Citrix security contact security curmudgeon (May 31)

Shaun Colley

Ethereal <= 0.10.10 SIP dissector stack overflow DoS exploit Shaun Colley (May 11)
picasm error handling stack overflow vulnerability Shaun Colley (May 20)

ShineShadow

Multiple vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 ShineShadow (May 05)

Skip Carter

Re: Apache hacks (./atac, d0s.txt) Skip Carter (May 02)

SoulBlack Group

Easy Message Board Directory Traversal and Remote Command SoulBlack Group (May 09)
Guesbook Pro XSS & HTML Injection SoulBlack Group (May 11)
Cookie Cart Default Installation Multiple Vulnerabilities SoulBlack Group (May 23)
PHP Stat Administrative User Authentication Bypass SoulBlack Group (May 27)
PowerDownload Remote File Inclusion SoulBlack Group (May 31)

sp3x

PostNuke Critical SQL Injection and XSS 0.750=>x sp3x (May 27)

Spy Hat

MegaBook V2.0 - Cross Site Scripting Exploit Spy Hat (May 05)
Re: MegaBook V2.0 - Cross Site Scripting Exploit Spy Hat (May 09)
Advanced Guestbook 2.3.1 Spy Hat (May 09)

SSC Advisory Notice

Secure Science Corporation Advisory CSA-056 SSC Advisory Notice (May 06)

Steve Kemp

Re: Apache hacks (./atac, d0s.txt) Steve Kemp (May 02)

Steven M. Christey

Re: Authentication bypass, sql injections and xss in ArticleLive 2005 Steven M. Christey (May 11)
Re: [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05) Steven M. Christey (May 18)

Sune Kloppenborg Jeppesen

[ GLSA 200504-30 ] phpMyAdmin: Insecure SQL script installation Sune Kloppenborg Jeppesen (May 02)
[ GLSA 200505-03 ] Ethereal: Numerous vulnerabilities Sune Kloppenborg Jeppesen (May 06)
[ GLSA 200505-05 ] gzip: Multiple vulnerabilities Sune Kloppenborg Jeppesen (May 10)
[ GLSA 200505-06 ] TCPDump: Decoding routines Denial of Service vulnerability Sune Kloppenborg Jeppesen (May 10)
[ GLSA 200505-08 ] HT Editor: Multiple buffer overflows Sune Kloppenborg Jeppesen (May 10)
[ GLSA 200505-07 ] libTIFF: Buffer overflow Sune Kloppenborg Jeppesen (May 10)
[ GLSA 200505-09 ] Gaim: Denial of Service and buffer overflow vulnerabilties Sune Kloppenborg Jeppesen (May 12)
[ GLSA 200505-10 ] phpBB: Cross-Site Scripting Vulnerability Sune Kloppenborg Jeppesen (May 14)
[ GLSA 200505-11 ] Mozilla Suite, Mozilla Firefox: Remote compromise Sune Kloppenborg Jeppesen (May 16)
[ GLSA 200505-12 ] PostgreSQL: Multiple vulnerabilities Sune Kloppenborg Jeppesen (May 16)
[ GLSA 200505-13 ] FreeRADIUS: Buffer overflow and SQL injection vulnerability Sune Kloppenborg Jeppesen (May 17)
[ GLSA 200505-14 ] Cheetah: Untrusted module search path Sune Kloppenborg Jeppesen (May 19)
UPDATE: [ GLSA 200504-23 ] Kommander: Insecure remote script execution Sune Kloppenborg Jeppesen (May 20)
ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability Sune Kloppenborg Jeppesen (May 20)
[ GLSA 200505-15 ] gdb: Multiple vulnerabilities Sune Kloppenborg Jeppesen (May 20)
[ GLSA 200505-17 ] Qpopper: Multiple Vulnerabilities Sune Kloppenborg Jeppesen (May 24)
[ GLSA 200505-18 ] Net-SNMP: fixproc insecure temporary file creation Sune Kloppenborg Jeppesen (May 24)

Suramya Tomar

Security contact for Trillian Suramya Tomar (May 20)

suresec advisories

remote root security bug in ethereal 0.9.13 >= and <= 0.10.10 suresec advisories (May 10)

Team SHATTER

[AppSecInc Advisory BEA05-V0100] BEA WebLogic Administration Console error page cross-site scripting vulnerability Team SHATTER (May 27)
[AppSecInc Advisory BEA05-V0101] BEA WebLogic Administration Console login page cross-site scripting vulnerability Team SHATTER (May 27)

Thierry Carrez

[ GLSA 200505-16 ] ImageMagick, GraphicsMagick: Denial of Service vulnerability Thierry Carrez (May 24)
[ GLSA 200505-19 ] gxine: Format string vulnerability Thierry Carrez (May 26)
[ GLSA 200505-20 ] Mailutils: Multiple vulnerabilities in imap4d and mail Thierry Carrez (May 27)

Thomas Waldegger

[BuHa Security] Wordpress SQL-Injection Thomas Waldegger (May 20)

Thor Arne Johansen

Re: Commonly used disk imaging and wiping tools can be tricked to miss parts of a disk Thor Arne Johansen (May 12)

Tim Farley

RE: ASP.NET __VIEWSTATE crypto validation prone to replay attacks Tim Farley (May 05)

Tim Tompkins

cross-domain cookie theft: who's to blame? Tim Tompkins (May 13)

Tirath Rai

Esqo advisory: GeoVision Digital Video Surveillance System - Multiple authentication issues Tirath Rai (May 10)

tjomi4

PHP Advanced Transfer Manager v1.21 tjomi4 (May 06)

Todd C. Miller

Re: [security () suse de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3 Todd C. Miller (May 31)

Torseq Tech .

Yahoo! Messenger URL Handler Remote DoS Vulnerability Torseq Tech . (May 13)
Yahoo! Chat Add Buddy Without Consent Privacy Issue Torseq Tech . (May 13)
Yahoo! Messenger may be storing all session data 'Unencoded' on the local machine Torseq Tech . (May 18)
Re: Yahoo! Messenger may be storing all session data 'Unencoded' on the local machine Torseq Tech . (May 18)

Trustix Security Advisor

TSLSA-2005-0021 - squid Trustix Security Advisor (May 10)
TSL-2005-0026 - multi Trustix Security Advisor (May 31)
TSL-2005-0025 - binutils Trustix Security Advisor (May 31)

Vade 79

Re: Mac OS X - Adobe Version Cue local root exploit [c version exploit] Vade 79 (May 18)

Williams, James K

CAID 32896 - Computer Associates Vet Antivirus engine heap overflow vulnerability Williams, James K (May 24)
RE: CAID 32896 - Computer Associates Vet Antivirus engine heap overflow vulnerability Williams, James K (May 27)

Will Schroeder

Re: ACROS Security: HTML Injection in BEA WebLogic Server Console (2) Will Schroeder (May 26)

xerces8

Viruses can evade Sophos Anti-Virus xerces8 (May 09)

Xnuxer Security

[XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3 Xnuxer Security (May 31)

yan feng

pst.advisory: gedit fun. opensource is god .lol windows yan feng (May 20)
pst.advisory 2005-21: gxine remote exploitable . opensource is god .lol windows yan feng (May 21)

ZATAZ.net

shtool insecure temporary file creation ZATAZ.net (May 25)

Zinho

[HSC Security Group] ASP Inline Corporate Calendar SQL injection Zinho (May 05)
[HSC Security Group] MaxWebPortal - Multiple SQL injection/XSS Zinho (May 11)

Zone Labs Product Security

Zone Labs ZoneAlarm Vet anti-virus engine OLE processing vulnerability Zone Labs Product Security (May 25)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault