Home page logo
/

366 messages starting Sep 01 05 and ending Oct 01 05
Date index | Thread index | Author index

Thursday, 01 September

Re: Vulnerability in Symantec Anti Virus Corporate Edition v9.x] secure
[USN-173-4] PCRE vulnerabilities Martin Pitt
RE: Vulnerability in Symantec Anti Virus Corporate Edition v9.x James C Slora Jr
SimplePHPBlog Arbitrary File Deletion and Sample Exploit 'ken'@FTU
Adobe Version Cue exploits. v9
[ GLSA 200509-01 ] MPlayer: Heap overflow in ad_pcm.c Thierry Carrez
UMN gopher[v3.0.9+] multiple(2) client buffer overflows. v9
RE: Ariba password exposure vulnerability Craig Kennedy
[SecuriWeb.2005.1] - Barracuda SPAM firewall advisory Francois Harvey
Re: secure client-side platform liudieyu
File aribitary read access in frox un4m31
Re: Vulnerability in Symantec Anti Virus Corporate Edition v9.x Colin
[SECURITY] [DSA 793-1] New sqwebmail packages fix cross-site scripting Martin Schulze
silc server and toolkit insecure temporary file creation Eric Romang / ZATAZ.com
re: Ariba Spend Management System gerald626
[SECURITY] [DSA 779-2] New Mozilla Firefox packages fix several vulnerabilities Martin Schulze
[security bulletin] SSRT051005 rev.1 - HP ProLiant DL585 Servers Unauthorized Remote Access Boren, Rich (HP SSRT)
SUSE Security Announcement: kernel multiple security problems (SUSE-SA:2005:050) Marcus Meissner
iDEFENSE Security Advisory 09.01.05: 3Com Network Supervisor Directory Traversal Vulnerability iDEFENSE Labs
iDEFENSE Security Advisory 09.01.05: Novell NetMail IMAPD Command Continuation Request Heap Overflow iDEFENSE Labs
Re: secure client-side platform Keith Oxenrider
RE: Re: secure client-side platform Mark Senior
[SECURITY] [DSA 794-1] New polygen packages fix denial of service Martin Schulze
Re: secure client-side platform devnull
CYBSEC - Multiple Vendor Web Vulnerability Scanner Arbitrary Script Injection Vulnerability Mariano Nuñez Di Croce

Friday, 02 September

[SECURITY] [DSA 800-1] New pcre3 packages fix arbitrary code execution Martin Schulze
[SECURITY] [DSA 798-1] New phproupware packages fix several vulnerabilities Martin Schulze
[SECURITY] [DSA 799-1] New webcalendar packages fix remote code execution Michael Stone
Re: Vulnerability in Symantec Anti Virus Corporate Edition v9.x] Steven M. Christey
CodePimps e-zine #0x07 was released codepimps

Saturday, 03 September

FileZilla weakly-encrypted password vulnerability: advisory + PoC [#*at*#]

Tuesday, 06 September

MAXdev MD-Pro 1.0.73 (possibly prior versions) remote code execution / cross site scripting / path disclosure retrogod
[NOBYTES.COM: #11] MidiCart ASP Shopping Cart, Evaluation Version 7 & Standard & Pro - Multiple Vulnerabilities John Cobb
I have discovered small xss error in open webmail 2.41 s3cure
IIS 5.1 allows for remote viewing of source code on FAT/FAT32 volumes using WebDAV inge . henriksen
[KDE Security Advisory] kcheckpass local root vulnerability Dirk Mueller
Microsoft Windows keybd_event validation vulnerability Frederic Charpentier
[OpenPKG-SA-2005.020] OpenPKG Security Advisory (proftpd) OpenPKG
[ GLSA 200509-02 ] Gnumeric: Heap overflow in the included PCRE library Thierry Carrez
[OpenPKG-SA-2005.017] OpenPKG Security Advisory (modssl) OpenPKG
[ GLSA 200509-04 ] phpLDAPadmin: Authentication bypass Thierry Carrez
SUSE Security Announcement: php4, php5 remote code execution (SUSE-SA:2005:051) Marcus Meissner
Re: [Full-disclosure] Microsoft Windows keybd_event validation vulnerability Jerome Athias
[USN-145-2] wget bug fix Martin Pitt
[ GLSA 200509-03 ] OpenTTD: Format string vulnerabilities Stefan Cornelius
Re: CMS Made Simple <= 0.10 - PHP injection garaged
Multiple vulnerabilities in FreeBSD 'urban' Shaun Colley
[ GLSA 200509-05 ] Net-SNMP: Insecure RPATH Thierry Carrez
Re: FileZilla weakly-encrypted password vulnerability: advisory + PoC Nick Boyce
Land Down Under 'events.php' Cross Site Scripting Vulnerability conor . e . buckley
PHP-Nuke bhfh
UNB 1.5.3 cross site scripting retrogod
Re: FileZilla weakly-encrypted password vulnerability: advisory + PoC Nicholas Knight

Wednesday, 07 September

Re: FileZilla weakly-encrypted password vulnerability Luigi Auriemma
[NewAngels Advisory] aMember Pro 2.3.X - Remote File Include Vulnerability 4Degrees
Re: FileZilla weakly-encrypted password vulnerability: advisory + PoC medhead
[SECURITY] [DSA 801-1] New ntp packages fix group id confusion Martin Schulze
phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting retrogod
Revised paper on "ICMP attacks against TCP" Fernando Gont
[OpenPKG-SA-2005.019] OpenPKG Security Advisory (openssh) OpenPKG
[OpenPKG-SA-2005.018] OpenPKG Security Advisory (pcre) OpenPKG
USB Lock Auto-Protect v1.5 - Local Password Encryption Weakness unsecure
[security bulletin] SSRT051023 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access security-alert
Update: Realchat user impersonation - BSA 200506110001 Andreas Beck
[SECURITY] [DSA 795-2] Updated i386 proftpd packages fix format string vulnerability Michael Stone
Secunia Research: SqWebMail Conditional Comments Script Insertion Vulnerability Secunia Research
(Annex A) ADSL Road Runner Exploit Description & Theory gp32boy
Vulnerability in myBloggie 2.1.3-beta and prior os2a . bto
[ GLSA 200509-06 ] Squid: Denial of Service vulnerabilities Sune Kloppenborg Jeppesen
FreeBSD Security Advisory FreeBSD-SA-05:20.cvsbug FreeBSD Security Advisories
Vulnerability In SecureOL VE2 v1.05.1008 maxim
Re: Microsoft Windows keybd_event validation vulnerability Ansgar -59cobalt- Wiechers
SQL Injection[2] In MyBB PR2 stranger-killer
Re: [NOBYTES.COM: #11] MidiCart ASP Shopping Cart, Evaluation Version 7 & Standard & Pro - Multiple Vulnerabilities [at]
[SECURITY] [DSA 802-1] New cvs packages fix insecure temporary files Martin Schulze
MDKSA-2005:160 - Updated kdebase packages fix potential local root vulnerability Mandriva Security Team
MDKSA-2005:159 - Updated kdeedu packages fix tempfile vulnerability Mandriva Security Team
PBLang 4.65 (possibly prior versions) remote code execution retrogod
WebArchiveX - Unsafe Methods Vulnerability Brett Moore
MDKSA-2005:158 - Updated mplayer packages fix vulnerabilities Mandriva Security Team
MDKSA-2005:157 - Updated smb4k packages fix vulnerabilities Mandriva Security Team
[NewAngels Advisory #5] Stylemotion WEB//NEWS 1.4 Vulnerabilities r . verton
MDKSA-2005:156 - Updated ntp packages fix small security-related issue. Mandriva Security Team
Rule bypassing in CheckPoint NGX R60 fitz
[ Suresec Advisories ] - Kcheckpass file creation vulnerability Suresec Advisories
RE: FileZilla weakly-encrypted password vulnerability: advisory + PoC MacIntyre, Lawrence Paul
Re: Microsoft Windows keybd_event validation vulnerability galacticjello
USN-160-2: Apache vulnerability Martin Pitt
[USN-177-1] Apache 2 vulnerabilities Martin Pitt
[USN-176-1] kcheckpass vulnerability Martin Pitt
Cisco Security Advisory: Cisco IOS Firewall Authentication Proxy for FTP and Telnet Sessions Buffer Overflow Cisco Systems Product Security Incident Response Team
RE: FileZilla weakly-encrypted password vulnerability: advisory + PoC Mark Senior
anti Windows XP SP2 firewall trick crusoe

Thursday, 08 September

[SECURITY] [DSA 803-1] New Apache packages fix HTTP request smuggling Martin Schulze
[SECURITY] [DSA 804-1] New kdelibs packages fix backup file information leak Martin Schulze
Secunia Research: ALZip ACE Archive Handling Buffer Overflow Secunia Research
Secunia Research: NOD32 Anti-Virus ARJ Archive Handling Buffer Overflow Secunia Research
[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities Martin Schulze
MDKSA-2005:161 - Updated apache2 packages to address multiple vulnerabilities Mandriva Security Team

Friday, 09 September

[SECURITY] [DSA 806-1] New cvs packages fix insecure temporary files Martin Schulze
TSLSA-2005-0047 - multi Trustix Security Advisor
iDEFENSE Security Advisory 09.09.05: GNU Mailutils 0.6 imap4d 'search' Format String Vulnerability iDEFENSE Labs
KillProcess 2.20 and priors "FileDescription" Local Buffer Overflow Issue fRoGGz
Cj Desing Three Aplications One Bug psymera
KillProcess 2.20 and priors "FileDescription" Local Buffer Overflow Issue fRoGGz
Zebedee DoS Vulnerability Shiraishi.M
class-1 Forum Software v 0.24.4 Remote code execution retrogod
[USN-178-1] Linux kernel vulnerabilities Martin Pitt
(TOOL) TAPiON (Polymorphic Decryptor Generator) Engine Piotr Bania
[USN-179-1] openssl weak default configuration Martin Pitt
FreeBSD Security Advisory FreeBSD-SA-05:20.cvsbug [REVISED] FreeBSD Security Advisories

Monday, 12 September

[SECURITY] [DSA 807-1] New mod_ssl packages fix acl restriction bypass Martin Schulze
Re[2]: [Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine Alejandro Barrera
Sawmill XSS vuln Mark Terry
Security Flaw in pam_per_user Module Mark D. Roth
SUSE Security Announcement: apache2 (SUSE-SA:2005:051) Thomas Biege
PHP Nuke <= 7.8 Multiple SQL Injections r . verton
[SECURITY] [DSA 808-1] New tdiary packages fix Cross Site Request Forgery Martin Schulze
Re: [Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine Piotr Bania
Re: [Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine Alejandro Barrera
[OpenPKG-SA-2005.021] OpenPKG Security Advisory (squid) OpenPKG
util-linux: unintentional grant of privileges by umount David Watson
[ GLSA 200509-08 ] Python: Heap overflow in the included PCRE library Thierry Carrez
[ GLSA 200509-07 ] X.Org: Heap overflow in pixmap allocation Thierry Carrez
[USN-83-2] LessTif 1 vulnerabilities Martin Pitt
[USN-181-1] Mozilla products vulnerability Martin Pitt

Tuesday, 13 September

[SECURITY] [DSA 810-1] New Mozilla packages fix several vulnerabilities Martin Schulze
AzDGDatingLite V 2.1.3 remote code execution retrogod
Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability h4cky0u
[SECURITY] [DSA 809-1] New squid packages fix several vulnerabilities Martin Schulze
MDKSA-2005:162 - Updated squid packages fix vulnerabilities Mandriva Security Team
MDKSA-2005:163 - Updated MySQL packages fix vulnerability Mandriva Security Team
Re: anti Windows XP SP2 firewall trick Ansgar -59cobalt- Wiechers
Serious Security issue with broken - Microsoft's .Net XML Serialization API Rohit
Re: Serious Security issue with broken - Microsoft's .Net XML Serialization API Rohit
iDEFENSE Security Advisory 09.13.05: Linksys WRT54G Router Remote Administration Fixed Encryption Key Vulnerability iDEFENSE Labs
iDEFENSE Security Advisory 09.13.05: Linksys WRT54G 'restore.cgi' Configuration Modification Design Error Vulnerability iDEFENSE Labs
iDEFENSE Security Advisory 09.13.05: Linksys WRT54G Management Interface DoS Vulnerability iDEFENSE Labs
iDEFENSE Security Advisory 09.13.05: Linksys WRT54G 'upgrade.cgi' Firmware Upload Design Error Vulnerability iDEFENSE Labs
iDEFENSE Security Advisory 09.13.05: Linksys WRT54G Router Remote Administration apply.cgi Buffer Overflow Vulnerability iDEFENSE Labs
Re: [Snort-users] Snort DoS Fallacies Martin Roesch

Wednesday, 14 September

Mozilla / Mozilla Firefox authentication weakness 3APA3A
Secunia Research: AVIRA Antivirus ACE Archive Handling Buffer Overflow Secunia Research
ATutor 1.5.1 SQL Injection / Admin credentials disclosure / remote code execution retrogod

Thursday, 15 September

[SECURITY] [DSA 814-1] New lm-sensors packages fix insecure temporary file Martin Schulze
Secunia Research: Ahnlab V3 Antivirus Multiple Vulnerabilities Secunia Research
Digital Scribe v1.4 Login Bypass / SQL injection / remote code execution retrogod
[SECURITY] [DSA 813-1] New centericq packages fix several vulnerabilities Martin Schulze
[SECURITY] [DSA 812-1] New turqstat packages fix buffer overflow Martin Schulze
Airscanner Mobile Security Advisory #05081203: vxTftpSrv 1.7.0 Remote Code Execution Buffer Overflow Vulnerability contact
Airscanner Mobile Security Advisory #05081101: vxWeb v.1.1.4 Denial of Service Vulnerability contact
DriverStudio Remote Control Authentication Bypass Vulnerability cocoruder
Airscanner Mobile Security Advisory #05081102: vxFtpSrv 0.9.7 Remote Code Execution Buffer Overflow Vulnerability contact
TWiki Remote Command Execution Vulnerability Sap .
SQL injection & XSS in phpoutsourcing Noah's classifieds alireza hassani
Avocent CCM: Port Access Control Bypass Vulnerability spam
Character Manipulation in Online Systems. hackology
gtkdiskfree insecure temporary file creation ZATAZ Audits
Is netcraft publishing URL of your intranet sites? Saqib Ali
Remote File Inclusion in MyGuestbook rod hedor
Re: [Full-disclosure] Mozilla / Mozilla Firefox authentication weakness Juha-Matti Laurio
404 error XSS Josh Zlatin-Amishav
CastleCops ramps up fight against CoolWebSearch/HomeSearch Paul Laudanski
Online Dating Software by AEwebworks - aeDating Script <= 4.0 Version Vulnerability alexsrb
Oracle Reports: Generic SQL Injection Vulnerability via Lexical References ak
Re: AWstats Path Disclosure Vulnerability Fournaux
Re: PHP Nuke <= 7.8 Multiple SQL Injections evaders99
Re: [Full-disclosure] Mozilla / Mozilla Firefox authentication weakness Daniel Veditz
RE: [Snort-devel] Re: [Snort-users] Snort DoS Fallacies Steven Sturges
Anti Arp Poisoning Daemon (OpenAAPD) PS: Link corrected Andrea Di Pasquale
RE: [Snort-devel] Re: [Snort-users] Snort DoS Fallacies Ferguson, Justin (IARC)
Re: Re: Serious Security issue with broken - Microsoft's .Net XML Serialization API darkangel . stt
RE: [Full-disclosure] FireFox Host: Buffer Overflow is not justexploitable on FireFox Peter Kruse
[SECURITY] [DSA 811-1] New common-lisp-controller packages fix arbitrary code injection Martin Schulze
MDKSA-2005:164 - Updated XFree86/x.org packages fix vulnerability Mandriva Security Team
Re: PHP Nuke <= 7.8 Multiple SQL Injections Paul Laudanski

Friday, 16 September

XSS Vulnerability in MIVA Merchant 5 - Includes Fix admin
Airscanner Mobile Security Advisory #05082201: File Transfer Anywhere v3.01 Local Server Password Disclosure contact
Re: AWstats Path Disclosure Vulnerability cwh01
PTL Advisory 050825 - HP LaserJet Network Username and Information Enumeration Pinion Lab
Re: AWstats Path Disclosure Vulnerability Martin Pitt
[FLSA-2005:160202] Updated mozilla packages fix security issues Marc Deslauriers
[FLSA-2005:162680] Updated Zlib packagea fix security issues Marc Deslauriers
[FLSA-2005:163047] Updated squirrelmail package fixes security issues Marc Deslauriers
[FLSA-2005:163274] Updated CUPS packages fix security issue Marc Deslauriers
FF IDN buffer overflow workaround works in Netscape too Juha-Matti Laurio
worring about YaST in SuSE 9.3 and maybe lower innate
Re: CastleCops ramps up fight against CoolWebSearch/HomeSearch Paul Laudanski
arc insecure temporary file creation ZATAZ Audits
Re: CastleCops ramps up fight against CoolWebSearch/HomeSearch Times Enemy
SUSE Security Announcement: squid (SUSE-SA:2005:053) Thomas Biege
ncompress insecure temporary file creation ZATAZ Audits
SUSE Security Announcement: evolution (SUSE-SA:2005:054) Ludwig Nussel
PHP SESSION MODIFICATION unknow
gwcc insecure temporary file creation ZATAZ Audits
[SECURITY] [DSA 815-1] New kdebase packages fix local root vulnerability Martin Schulze
(TOOL) TAPiON ver 0.1c Piotr Bania
[FLSA-2005:152919] Updated grip package fixes security issue Marc Deslauriers
TSLSA-2005-0049 - multi Trustix Security Advisor
Re: PHP SESSION MODIFICATION David N Murray
Re: PHP Nuke <= 7.8 Multiple SQL Injections Matthias Jim Knopf
Re: PHP Nuke <= 7.8 Multiple SQL Injections Paul Laudanski
RE: [Full-disclosure] FireFox Host: Buffer Overflow is not justexploitable on FireFox Juha-Matti Laurio
Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox Juha-Matti Laurio
Greyhats Security back online pvnick
CDMA1X Security pen-test
Re: worring about YaST in SuSE 9.3 and maybe lower Marcus Meissner
Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox milw0rm Inc.
Re: PHP Nuke <= 7.8 Multiple SQL Injections Paul Laudanski

Monday, 19 September

Cisco IOS hacked? ciscoioshehehe
[ GLSA 200509-10 ] Mailutils: Format string vulnerability in imap4d Thierry Carrez
CuteNews 1.4.0 remote code execution retrogod
CuteNews 1.4.0 remote code execution retrogod
[ GLSA 200509-11 ] Mozilla Suite, Mozilla Firefox: Buffer overflow Thierry Carrez
Antigen 8.0 for Exchange/SMTP Rule Vulnerability Alan Monaghan
ERRATA: [ GLSA 200507-20 ] Shorewall: Security policy bypass Thierry Carrez
router worms and International Infrastructure [was: Re: IOS exploit] Gadi Evron
[ GLSA 200509-12 ] Apache, mod_ssl: Multiple vulnerabilities Thierry Carrez
[Full-disclosure] killbits? should have named them kibbles and bits Ill will
Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability h4cky0u
Web Application Security Analyzer for PHP-Nuke/phpBB CMS Paul Laudanski
Re: Airscanner Mobile Security Advisory #05082201: File Transfer Anywhere v3.01 Local Server Password Disclosure 3APA3A
Dumb Question Sean Warnock
[BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.8/9 bugtraq
Possible memory corruption problems in Apple Safari Jonathan Rockway
Re: PHP Nuke <= 7.8 Multiple SQL Injections Daniel Bonekeeper
Re: PHP Nuke <= 7.8 Multiple SQL Injections Paul Laudanski
Re: PHP Nuke <= 7.8 Multiple SQL Injections hans
[ GLSA 200509-09 ] Py2Play: Remote execution of arbitrary Python code Thierry Carrez
[USN-184-1] umount vulnerability Martin Pitt
@System Security Conference Giorgio Zoppi
Whitepaper - Writing small shellcode Dafydd Stuttard
[ GLSA 200509-13 ] Clam AntiVirus: Multiple vulnerabilities Thierry Carrez
Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability h4cky0u
Re: [Full-disclosure] Cisco IOS hacked? Andrei Mikhailovsky

Tuesday, 20 September

[security bulletin] SSRT5999 rev.0 HP OpenVMS Secure Web Browser Mozilla Application Node Spoofing security-alert
[security bulletin] SSRT5971 rev.0 - HP Tru64 Unix FTP Daemon (ftpd) Remote Denial of Service (DoS) security-alert
Debian Security Host Bandwidth Saturation Martin Schulze
MDKSA-2005:165 - Updated cups packages fix vulnerability Mandriva Security Team
bacula insecure temporary file creation Eric Romang / ZATAZ.com
phpBB 2.0.17 remote avatar size bug SmOk3
Secunia Research: Opera Mail Client Attachment Spoofing and Script Insertion Secunia Research
Hesk Session ID Validation Vulnerability os2a . bto
MDKSA-2005:138-1 - Updated cups packages fix vulnerability Mandriva Security Team
[USN-185-1] CUPS vulnerability Martin Pitt
mercury imap4 remote BOF exploit ( IHSTeam ) c0d3r
[ GLSA 200509-14 ] Zebedee: Denial of Service vulnerability Thierry Carrez
[ GLSA 200509-15 ] util-linux: umount command validation error Thierry Carrez
RE: phpBB 2.0.17 remote avatar size bug Sean Sullivan

Wednesday, 21 September

Paper - How It's Difficult to Ruin a Good Name: An Analysis of Reputational Risk Kenneth F. Belva
Re: Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability please_use_support_form
Re: phpBB 2.0.17 remote avatar size bug Peter Kieser
MDKSA-2005:168 - Updated masqmail packages fix vulnerabilities Mandriva Security Team
PocketPC exploitation Jose Morales
MDKSA-2005:166 - Updated clamv packages fix vulnerabilities Mandriva Security Team
MDKSA-2005:167 - Updated util-linux packages fix umount vulnerability Mandriva Security Team
Upcoming Black Hat events announcement Jeff Moss
[BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.7 bugtraq
[SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability snsadv
UnixWare 7.1.4 : LibTIFF < 3.72 malformed data code exec please_reply_to_security
Re: Paper - How It's Difficult to Ruin a Good Name: An Analysis of Reputational Risk hodejo1
[security bulletin] SSRT5988 rev.1 - HP Tru64 Unix libXpm Remote Denial of Service (DoS) or Execute Privileged Code security-alert

Thursday, 22 September

FireFox exploit updated Berend-Jan Wever
Protty v.01A (beta) - shellcode execution protection library for Windows NT based systems Piotr Bania
OpenServer 6.0.0 : TCP Remote ICMP Denial Of Service Vulnerabilities please_reply_to_security
[SECURITY] [DSA 818-1] New kdeedu packages fix insecure temporary files Martin Schulze
RE: router worms and International Infrastructure [was: Re: IOS exploit] martin
Platinum Secure smartcard security bypass acidemon
HTTP Request Smuggling - ERRATA (the IIS 48K buffer phenomenon) Amit Klein (AKsecurity)
[SECURITY] [DSA 817-1] New python2.2 packages fix arbitrary code execution Martin Schulze
My Little Forum 1.5 / 1.6beta SQL Injection retrogod
Hack Dot AE v2 SpyHat
[security bulletin] SSRT5998 Rev.2 HP System Management Homepage (v2.0.x) Denial of Service (DoS) and XSS security-alert
[scip_Advisory 1746] Microsoft Internet Explorer 6.0 embedded content cross site scripting Marc Ruef
Re: [Full-disclosure] [scip_Advisory 1746] Microsoft Internet Explorer 6.0 embedded content cross site scripting Brion Vibber

Friday, 23 September

Secunia Research: PowerArchiver ACE/ARJ Archive Handling Buffer Overflow Secunia Research
Sql injection in jPortal version 2.3.1 (module download) krasza
TSLSA-2005-0051 - clamav Trustix Security Advisor
[SECURITY] [DSA 819-1] New python2.1 packages fix arbitrary code execution Martin Schulze
Secunia Research: 7-Zip ARJ Archive Handling Buffer Overflow Secunia Research
Re: Remote File Inclusion in MyGuestbook security curmudgeon
PhpMyFAQ 1.5.1 multiple vulnerabilities retrogod
Rita Scams Call to Arms - Update Gadi Evron

Saturday, 24 September

AlstraSoft E-Friends Remote Command Exucetion khc
MailGust 1.9 SQL Injection retrogod
My Little Forum 1.5 / 1.6beta SQL Injection retrogod
"Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein Amit Klein (AKsecurity)
Hijacking Bluetooth Headsets for Fun and Profit? KF (lists)
[ GLSA 200509-17 ] Webmin, Usermin: Remote code execution through PAM authentication Thierry Carrez
[SECURITY] [DSA 820-1] New courier packages fix cross-site scripting Martin Schulze
[SECURITY] [DSA 817-1] New python2.2 packages fix arbitrary code execution joey
[USN-186-1] Mozilla and Firefox vulnerabilities Martin Pitt
[ GLSA 200509-16 ] Mantis: XSS and SQL injection vulnerabilities Thierry Carrez

Monday, 26 September

Server crash and motd deletion in MultiTheftAuto 0.5 patch 1 Luigi Auriemma
FL Studio 5 (.flp file processing) Heap Overflow varunuppal
SUSE Security Announcement: XFree86-server,xorg-x11-server (SUSE-SA:2005:056) Thomas Biege
[ GLSA 200509-18 ] Qt: Buffer overflow in the included zlib library Sune Kloppenborg Jeppesen
[USN-186-2] Ubuntu 4.10 packages for USN-186-1 Firefox security update Martin Pitt
[USN-187-1] Linux kernel vulnerabilities Martin Pitt

Tuesday, 27 September

Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein anonymous
[ISR] - Novell GroupWise Client Integer Overflow Francisco Amato
MDKSA-2005:170 - Updated mozilla packages fix multiple vulnerabilities Mandriva Security Team
Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein Yutaka OIWA
Announce: RSBAC v1.2.5 released Amon Ott
lucidCMS 1.0.11 is susceptible to a cross site scripting attack x1ngbox
ElseNot project layne
SEO borad: SQL injection ghc
Nokia 7610, 3210 denial of service in OBEX. A. Ramos
FreeBSD GNU Mailutils 0.6 imap4d exploit angelo
CMS Made Simple 0.10 is susceptible to a cross site scripting attack. X1ngBox
RealPlayer && HelixPlayer Remote Format String Exploit c0ntexb
PacSec 05 Dragos Ruiu
MDKSA-2005:169 - Updated mozilla-firefox packages fix multiple vulnerabilities Mandriva Security Team
Re: [ISR] - Novell GroupWise Client Integer Overflow Crist J. Clark
[ GLSA 200509-19 ] PHP: Vulnerabilities in included PCRE and XML-RPC libraries Thierry Carrez
Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities Joxean Guay del Paraguay

Wednesday, 28 September

Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein Amit Klein (AKsecurity)
Is the Bottom Line Impacted by Security Breaches? Kenneth F. Belva
[SECURITY] [DSA 821-1] New python2.3 packages fix arbitrary code execution Martin Schulze
Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC Debasis Mohanty
PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure retrogod
OpenServer 5.0.7 OpenServer 6.0.0 : UnZip File Permissions Change Vulnerability please_reply_to_security
Re: PocketPC exploitation Jose Morales

Thursday, 29 September

[SECURITY] [DSA 824-1] New ClamAV packages fix denial of service Martin Schulze
[SECURITY] [DSA 797-2] Updated zsync i386 packages fix build error Michael Stone
Serendipity: Account Hijacking / CSRF Vulnerability enji
Re: Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC warl0ck
SquirrelMail Address Add Plugin XSS Moritz Naumann
Re: PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure Petko Petkov
[SECURITY] [DSA 823-1] New util-linux packages fix privilege escalation Martin Schulze
[SECURITY] [DSA 825-1] New loop-aes-utils packages fix privilege escalation Martin Schulze
AV == parasites? (was: PocketPC exploitation) Michael Shigorin
[SECURITY] [DSA 822-1] New gtkdiskfree packages fix insecure temporary file Martin Schulze
[USN-188-1] AbiWord vulnerability Martin Pitt
[USN-189-1] cpio vulnerabilities Martin Pitt
[USN-190-1] SNMP vulnerability Martin Pitt
[USN-191-1] unzip vulnerability Martin Pitt
Lucid CMS 1.0.11 SQL Injection / Login Bypass / remote code execution retrogod

Friday, 30 September

Zone Labs response to "Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC" Zone Labs Security Team
[SECURITY] [DSA 832-1] New gopher packages fix several buffer overflows Martin Schulze
Re: PocketPC exploitation Denis Jedig
apachetop insecure temporary file creation ZATAZ Audits
[SECURITY] [DSA 830-1] New ntlmaps packages fix information leak Martin Schulze
Re: Serendipity: Account Hijacking / CSRF Vulnerability kreon
Multiple vulnerabilities in Merak Mail Server 8.2.4r with Icewarp Web Mail 5.5.1 ss_contacts
[ GLSA 200509-21 ] Hylafax: Insecure temporary file creation in xferfaxstats script Thierry Carrez
Re: PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure security curmudgeon
Re: PocketPC exploitation Joel Maslak
[SECURITY] [DSA 826-1] New helix-player packages fix multiple vulnerabilities Michael Stone
RE: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein Sergey V. Gordeychik
Re: Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC Paul Laudanski
Citrix Metaframe Presentation Server bypassing policies gustavog
TSLSA-2005-0053 - unzip Trustix Security Advisor
[SECURITY] [DSA 831-1] New mysql-dfsg packages fix arbitrary code execution Martin Schulze
[USN-192-1] Squid vulnerability Martin Pitt
Announce: Bluetooth mailing list - Bluetraq Adam Laurie
Buffer-overflow and directory traversal bugs in Virtools Web Player 3.0.0.100 Luigi Auriemma
iDEFENSE Security Advisory 09.30.05: RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability iDEFENSE Labs
Re: IIS 5.1 allows for remote viewing of source code on FAT/FAT32 volumes using WebDAV inge . henriksen
BID #14752 update Josh Zlatin-Amishav
UPDATE: [ GLSA 200509-11 ] Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities Thierry Carrez
[SECURITY] [DSA 809-2] New squid packages fix denial of service Martin Schulze
[SECURITY] [DSA 829-1] New mysql packages fix arbitrary code execution Martin Schulze

Saturday, 01 October

[ GLSA 200509-20 ] AbiWord: RTF import stack-based buffer overflow Thierry Carrez
[SECURITY] [DSA 827-1] New backupninja packages fix insecure temporary file Michael Stone
[SECURITY] [DSA 828-1] New squid packages fix denial of service Martin Schulze
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]