Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
516 messages
starting Mar 31 05 and
ending Apr 29 05
Date index |
Thread index |
Author index
Thursday, 31 March
(PAPER) "Vision of danger: The Firefox Greasemonkey" Piotr Bania
[HV-HIGH] Microsoft Jet DB engine vulnerabilities vuln
Reverse shell using netcat on AS/400 Shalom Carmel
Security holes in the iTunes Music Store Charles M. Hannum
Friday, 01 April
[SECURITY] [DSA 703-1] New krb5 packages fix arbitrary code execution Martin Schulze
[SECURITY] [DSA 702-1] New ImageMagick packages fix several vulnerabilities Martin Schulze
iDEFENSE Security Advisory 03.31.05: PHP getimagesize() Multiple Denial of Service Vulnerabilities iDEFENSE Labs
PayPal "security" measures Jeremy Rasmussen
[Hat-Squad Advisory] Bakbone NetVault Heap overflow Vulnerabilities Hat-Squad Security Team
Re: cPanel/WHM demo account problems Darren
Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Thor (Hammer of God)
Buffer Overflow within the RUMBA product Bahaa Naamneh
[USN-103-1] Linux kernel vulnerabilities Martin Pitt
DMA[2005-0401a] - 'IVT BlueSoleil Directory Transversal' KF (Lists)
(Paper) Programming: The Heart of Web Security Sumy
Solaris 10 Containers / Zones Security Flaw jim allan
multiple remote denial of service vulnerabilities in Gaim Jean-Yves Lefort
Information leak in the Linux kernel ext2 implementation Arkoon Security Team
[ GLSA 200504-01 ] telnet-bsd: Multiple buffer overflows Thierry Carrez
Saturday, 02 April
Re: bzip2 TOCTOU file-permissions vulnerability Steve Grubb
In-game players kicking in the Quake 3 engine Luigi Auriemma
In-game server buffer-overflow in Jedi Academy 1.011 Luigi Auriemma
In-game server crash in Call of Duty 1.5b and United Offensive 1.51b Luigi Auriemma
RE: Microsoft Windows Server 2003 "Shell Folders" Directory Traversal Vulnerability Eiji James Yoshida
Re: Solaris 10 Containers / Zones Security Flaw Robert Escue
MDKSA-2005:066 - Updated grip packages fix vulnerability Mandrakelinux Security Team
MDKSA-2005:065 - Updated ImageMagick packages fix multiple vulnerabilities Mandrakelinux Security Team
Re: Solaris 10 Containers / Zones Security Flaw Jonathan Katz
AlstraSoft EPay Pro v2.0 has file include and multiple xss vulnerabilities dcrab
Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Denis Jedig
How to write remote exploits ( V. 1.1) Sumy
Yet Another Forum.net XSS vulnerabilities maty siman
Re: bzip2 TOCTOU file-permissions vulnerability Jason V. Miller
[ GLSA 200504-02 ] Sylpheed, Sylpheed-claws: Buffer overflow on message display Thierry Carrez
Monday, 04 April
SUSE Security Announcement: kernel local privilege escalation (SUSE-SA:2005:021) Marcus Meissner
Local buffer overflow on Aeon<=0.2a patr0n
Microsoft Windows Internet Name Service (WINS) Remote Heap Overflow Exploit class101 () HAT-SQUAD com
possible privilege escalation on Sco OpenServer 5.0.7 pasquale minervini
AW: PayPal "security" measures Michael Rueve
[SECURITY] [DSA 705-1] New wu-ftpd packages fix denial of service Martin Schulze
Re: Solaris 10 Containers / Zones Security Flaw jim allan
Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Thor (Hammer of God)
Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Steve Shockley
[SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12 Maksymilian Arciemowicz
Full path disclosure and XSS in PHPNuke SecurityReason
SonicWALL SOHO/10 - XSS vulnerability Oliver Karow
[SECURITY] [DSA 704-1] New remstats packages fix several vulnerabilities Martin Schulze
ArGoSoft FTP Server is still vuln + PoC exploit code (IHSTeam) c0d3r
[CLA-2005:946] Conectiva Security Announcement - MySQL Conectiva Updates
[USN-104-1] unshar vulnerability Martin Pitt
[ GLSA 200504-03 ] Dnsmasq: Poisoning and Denial of Service vulnerabilities Thierry Carrez
Disclosure of AS/400 user accounts via the FTP server Shalom Carmel
Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Son SonOfLilit
Re: Solaris 10 Containers / Zones Security Flaw Darren Reed
Re: AW: PayPal "security" measures David F. Russell
phpMyAdmin Cross-site Scripting Vulnerability Oriol Torrent Santiago
Re: AW: PayPal 'security' measures mike
RE: AW: PayPal "security" measures J B
Re: AW: PayPal "security" measures Rainer Duffner
RE: PayPal "security" measures McAllister, Andrew
Authenticaion bypass, Directory transversal and XSS vulnerabilities in PayProCart 3.0 - Profitcode Software dcrab
Tuesday, 05 April
gzip TOCTOU file-permissions vulnerability Imran Ghory
SQL INJECTION in LinksLinks Pro. PHPBB Mod. rock master
Logics Software BS2000 Host to Web Client ALL PLATFORMS Román Ramírez
[SECURITYREASON.COM] Full path disclosure and XSS in PHPNuke part 3 sp3x
FreeBSD Security Advisory FreeBSD-SA-05:02.sendfile FreeBSD Security Advisories
Sanboxed browsing and authentication credentials Max Moser
TSLSA-2005-0011 - kernel Trustix Security Advisor
iDEFENSE Labs Releases OllyDbg Breakpoint Manager iDEFENSE Labs
SQL INJECTION in DLMan Pro. PHPBB Mod. rock master
[USN-105-1] PHP4 vulnerabilities Martin Pitt
[USN-106-1] Gaim vulnerabilities Martin Pitt
[USN-107-1] racoon vulnerability Martin Pitt
Sybase ASE Multiple Security Issues (#NISR05042005) NGSSoftware Insight Security Research
[OpenPKG-SA-2005.005] OpenPKG Security Advisory (imapd) OpenPKG
iDEFENSE Security Advisory 04.05.05: Computer Associates eTrust Intrusion Detection System CPImportKey DoS iDEFENSE Labs
MailEnable Smtpd remote Dos [x0n3-h4ck] CorryL
Wednesday, 06 April
crontab from vixie-cron allows read other users crontabs Karol Więsek
[ GLSA 200504-05 ] Gaim: Denial of Service issues Luke Macken
[USN-109-1] MySQL vulnerability Martin Pitt
drone armies C&C report - March/2005 Gadi Evron
Microsoft Explorer Denial of Service Luca Ercoli
runcms/e-xoops 1.1A and below file upload vulnerability pokley
Cisco Security Advisory: Vulnerabilities in the Internet Key Exchange Xauth Implementation Cisco Systems Product Security Incident Response Team
OSX - trojan apps can bypass authentication controls and gain root privilages bert
Active Auction House has multiple Sql injection, error and XSS vulnerabilities dcrab
FreeBSD Security Advisory FreeBSD-SA-05:03.amd64 FreeBSD Security Advisories
[ GLSA 200504-04 ] mit-krb5: Multiple buffer overflows in telnet client Thierry Carrez
[USN-108-1] GDK vulnerability Martin Pitt
[NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure John Cobb
Re: crontab from vixie-cron allows read other users crontabs Richard Moore
RE: Microsoft Explorer Denial of Service Larry Seltzer
Cisco Security Advisory: Vulnerabilities in Cisco IOS Secure Shell Server Cisco Systems Product Security Incident Response Team
Re: Microsoft Explorer Denial of Service Des Ward
iDEFENSE Security Advisory 04.06.05: IBM Lotus Domino Server Web Service DoS Vulnerability iDEFENSE Labs
LiteCommerce Sql injection and reveling errors vulnerability dcrab
Re: PayPal "security" measures sh0rtie
[waraxe-2005-SA#041] - Critical Sql Injection in PhpNuke 6.x-7.6 Top module Janek Vind
RE: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure John Cobb
RE: PayPal "security" measures McAllister, Andrew
Re: OSX - trojan apps can bypass authentication controls and gain root privilages KF (lists)
RE: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure Ravish Ahuja
Thursday, 07 April
[ GLSA 200504-06 ] sharutils: Insecure temporary file creation Luke Macken
Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability Adam Back
[SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability chewkeong
Re: crontab from vixie-cron allows read other users crontabs David Malone
Re: crontab from vixie-cron allows read other users crontabs Gadi Evron
iDEFENSE Security Advisory 04.07.05: SGI IRIX gr_osview Information Disclosure Vulnerability iDEFENSE Labs
iDEFENSE Security Advisory 04.07.05: SGI IRIX gr_osview File Overwrite Vulnerability iDEFENSE Labs
[SECURITYREASON.COM] phpnuke 7.6 Multiple vulnerabilities in Downloads Module cXIb8O3.13 Maksymilian Arciemowicz
Macromedia Security Bulletin - ColdFusion MX 6.1 Macromedia Security Zone
[SECURITYREASON.COM] phpnuke 7.6 Multiple vulnerabilities in Web_Links Module cXIb8O3.14 Maksymilian Arciemowicz
OpenServer 5.0.6 OpenServer 5.0.7 : termsh atcronsh auditsh environment buffer overflows please_reply_to_security
UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : CDE dtlogin unspecified double free please_reply_to_security
UnixWare 7.1.4 : libtiff Multiple vulnerabilities please_reply_to_security
UnixWare 7.1.4 : cdrecord local root exploit please_reply_to_security
OpenServer 5.0.6 OpenServer 5.0.7 : cscope local attacker can remove arbitrary files please_reply_to_security
Friday, 08 April
MDKSA-2005:067 - Updated sharutils packages fix multiple vulnerabilities Mandrakelinux Security Team
Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3 dcrab
MacOSX Java Runtime Environment Remote Denial-of-Service (DoS) Vulnerability Marc Schoenefeld
MDKSA-2005:068 - Updated gtk+2.0 packages fix vulnerability Mandrakelinux Security Team
MDKSA-2005:069 - Updated gdk-pixbuf packages fix vulnerability Mandrakelinux Security Team
phpBB Upload Script "up.php" Arbitrary File Upload Status-x
Saturday, 09 April
PunBB <= 1.2.4 - change email to become admin exploit exploits () nopiracy de
Pafiledb ACTION Parameter XSS tom cruise
Double Choco Latte Remote Code Execution JeiAr
iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability iDEFENSE Labs
How to Report a Security Vulnerability to Microsoft Microsoft Security Response Center
UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : telnet client multiple issues please_reply_to_security
Monday, 11 April
[USN-110-1] Linux kernel vulnerabilities Martin Pitt
[ GLSA 200504-07 ] GnomeVFS, libcdaudio: CDDB response overflow Thierry Carrez
UPDATE: [ GLSA 200503-35 ] Smarty: Template vulnerability Thierry Carrez
OpenText FirstClass 8.0 Client Arbitrary File Execution dila
SUSE Security Announcement: various KDE security problems (SUSE-SA:2005:022) Marcus Meissner
================================ GNU Core Utilities race condition file-permissions vulnerability ================================ Software: mkdir, mknod, mkfifo Version: Part of GNU Core Utilities 5.2.1 Software URL: <http://www.gnu.org/software/cor Imran Ghory
Multiple ModernBill 4.3.0 And Earlier Vulnerabilities GulfTech Security Research
TowerBlog <= 0.6 Admin Account View [x0n3-h4ck] CorryL
Miranda IM and Miranda Installer Let Local Users Execute Arbitrary Code Kozan
Re: Microsoft Explorer Denial of Service Luca Ercoli
OpenOffice DOC document Heap Overflow lee xiaojun
RE: Miranda IM and Miranda Installer Let Local Users Execute Arbitrary Code Richard Stanway
Microsoft Windows image rendering DoS vuln Andrew
[WHITEPAPER] Bugger The Debugger Brett Moore
Sql injection in jPortal version 2.3.1 (module banner) Marcin "CiNU5" Krupowicz
Directory transversal, sql injection and xss vulnerabilities in RadBids Gold v2 dcrab
XV multiple buffer overflows (update) Greg Roelofs
rpdump TOCTOU file-permissions vulnerability Imran Ghory
rsnapshot Security Advisory 001 security
Microsoft Jet (msjet40.dll) Exploit Stuart Pearson
Tuesday, 12 April
7a69Adv#23 - Jar tool directory transversal vulnerability Pluf
WebCT 4.1 vulnerable to XSS attacks lacertosum
Sql injection in jPortal version 2.3.1 (module banner) Marcin "CiNU5" Krupowicz
iDEFENSE Security Advisory 04.12.05: Microsoft Windows CSRSS.EXE Stack Overflow Vulnerability iDEFENSE Labs
iDEFENSE Security Advisory 04.12.05: Microsoft MSHTA Script Execution Vulnerability iDEFENSE Labs
iDEFENSE Security Advisory 04.12.05: Microsoft Windows Internet Explorer Long Hostname Heap Corruption Vulnerability iDEFENSE Labs
iDEFENSE Security Advisory 04.12.05: Microsoft Internet Explorer DHTML Engine Race Condition Vulnerability iDEFENSE Labs
Centra 7 XSS Exploit Clorox
IRM 011: Sygate,Security Agent (Sygate Secure Enterprise) Fail Open DoS IRM Advisories
eGroupWare Leaks Files Gerald Quakenbush
Remote Buffer Overflow in Lotus Domino Next Generation Insight Security Research (NGS Software)
Re: [SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12 Paul Laudanski
Re: Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3 Dionysios G. Synodinos
JavaMail allows directory traversal in attachments Rafael San Miguel Carrasco
QuickTime for Windows malformed GIF DoS liquid
[ GLSA 200504-09 ] Axel: Vulnerability in HTTP redirection handling vorlon
Re: Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3 Maksymilian Arciemowicz
DoKuWiki file-upload vulnerabilities kreon
Window Washer 6.0: False Sense of Security WBG Links
RE: iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability Larry Seltzer
WordPress XSS and HTML injection Nicolas Montoza
Wednesday, 13 April
GLD (Greylisting daemon for Postfix) multiple vulnerabilities. dong-hun you
Re: gzip TOCTOU file-permissions vulnerability Martin Pitt
zOOM Media Gallery - Simple SQL Injection discovery Andreas Constantinides
'Widcomm BTW (Microsoft Windows BT stack) Directory Transversal' KF (lists)
Patch available for critical Veritas i3 Server vulnerability NGSSoftware Insight Security Research
Gld 1.5 released (security fix) Salim Gasmi
Multiple medium risk flaws fixed in new version of PHP (late advisory) NGSSoftware Insight Security Research
Multiple High Risk flaws fixed in Oracle NGSSoftware Insight Security Research
IBM WebSphere Widespread configuration JSP disclosure SPI Labs
cpio TOCTOU file-permissions vulnerability Imran Ghory
[SECURITY] [DSA 707-1] New mysql packages fix several vulnerabilities Martin Schulze
Details and PoC for MS05-020 MSIE DHTML Object handling vulnerabilities Berend-Jan Wever
NetManage RUMBA 7.4 Profile Handling Multiple Buffer Overflow Vulnerabilities Bahaa Naamneh
[SECURITY] [DSA 706-1] New axel packages fix arbitrary code execution Martin Schulze
MDKSA-2005:070 - Updated MySQL packages fix vulnerability Mandrakelinux Security Team
ms05016 POC zwell zwell
[ GLSA 200504-10 ] Gld: Remote execution of arbitrary code Sune Kloppenborg Jeppesen
HTTP RESPONSE SPLITTING by Diabolic Crab dcrab
LG U8120 Mobile Phone Denial of Service Luca Ercoli
Re: gzip TOCTOU file-permissions vulnerability Derek Martin
Re: gzip TOCTOU file-permissions vulnerability Peter J. Holzer
Multiple Sql injection and XSS vulnerabilities in phpBB Plus v.1.52 and below and some of its modules. dcrab
[ GLSA 200504-11 ] JunkBuster: Multiple vulnerabilities Sune Kloppenborg Jeppesen
Windows kernel overflow fixed NGSSoftware Insight Security Research
Re: gzip TOCTOU file-permissions vulnerability Joey Hess
serendipity SQL Injection vulnerability kreon
[ GLSA 200504-12 ] rsnapshot: Local privilege escalation Thierry Carrez
Thursday, 14 April
Internet Explorer wininet.dll URL parsing memory corruption technical details 3APA3A
Re: gzip TOCTOU file-permissions vulnerability psz
MDKSA-2005:071 - Updated gaim packages fix multiple vulnerabilities Mandriva Security Team
All4WWW-Homepagecreator Remote Command Execution Francisco Alisson
sumus[v0.2.2]: (httpd) remote buffer overflow exploit. Vade 79
Security Contact for NetApp ? Fabrice Marie
Computer Associates BrightStor ARCserve Backup and BrightStor Enterprise Backup UniversalAgent buffer overflow vulnerability Williams, James K
Re: Security Contact for NetApp ? Antonio Varni
BCS Asia 2005 Slides and pictures Anthony Zboralski
Multiple multiple sql injection/errors and xss vulnerabilities in OneWorldStore dcrab
Re: serendipity SQL Injection vulnerability sebastian
Multiple vulnerabilities in Yager 5.24 Luigi Auriemma
Re: gzip TOCTOU file-permissions vulnerability Derek Martin
RE: gzip TOCTOU file-permissions vulnerability Mark Senior
Trojan file issue in Musicmatch software Hyperdose Security
Trusted Site Cross Site Scripting Elevation of Privilege in Musicmatch Hyperdose Security
Re: gzip TOCTOU file-permissions vulnerability Steve Grubb
Re: bzip2 TOCTOU file-permissions vulnerability Steve Grubb
Re: gzip TOCTOU file-permissions vulnerability Derek Martin
[USN-111-1] Squid vulnerability Martin Pitt
[USN-112-1] PHP4 vulnerabilities Martin Pitt
Friday, 15 April
FreeBSD Security Advisory FreeBSD-SA-05:04.ifconf FreeBSD Security Advisories
Improper log file storage in Musicmatch software Hyperdose Security
Re: gzip TOCTOU file-permissions vulnerability Theodor Milkov
[SECURITY] [DSA 709-1] New libexif packages fix arbitrary code execution Martin Schulze
[ GLSA 200504-13 ] OpenOffice.Org: DOC document Heap Overflow Sune Kloppenborg Jeppesen
windux-linux-gui-rainbow-lanman-cracker released Philippe Oechslin
[Overflow.pl] GOCR - Multiple vulnerabilities Overflow.pl
[SECURITY] [DSA 708-1] New PHP3 packages fix denial of service Martin Schulze
Enumeration of AS/400 users and their status via POP3 Shalom Carmel
Dameware NT Utilities and MiniRemote Control <= 4.9 vulnerability Jordi Corrales
Arbitrary file overwrite possible by Musicmatch ActiveX control Hyperdose Security
myBloggie 2.1.1 Francisco Alisson
Re: gzip TOCTOU file-permissions vulnerability devnull
[ GLSA 200504-14 ] monkeyd: Multiple vulnerabilities Sune Kloppenborg Jeppesen
Vulnerabilities in sphpblog echo staff
[ECHO_ADV_12$2005] Vulnerabilities in sphpblog echo staff
Re: gzip TOCTOU file-permissions vulnerability Peter J. Holzer
Mafia Blog Francisco Alisson
Re: gzip TOCTOU file-permissions vulnerability Scott Gifford
[Overflow.pl] Libsafe - Safety Check Bypass Vulnerability Overflow.pl
Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below dcrab
Re: Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below JeiAr
Saturday, 16 April
[DR001] AppleWebKit XMLHttpRequest arbitrary file disclosure vulnerability David Remahl
Re: Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below Paul Laudanski
phpBB datenbank mod has XSS/SQL Injection in the id variable tom cruise
Re: gzip TOCTOU file-permissions vulnerability Dmitry Yu. Bolkhovityanov
Re: ================================ GNU Core Utilities race condition file-permissions vulnerability ================================ Software: mkdir, mknod, mkfifo Version: Part of GNU Core Utilities 5. Pavel Kankovsky
Require many large corporate emails for contact regarding vulnerability. dcrab
Monday, 18 April
SUSE Security Announcement: cvs (SUSE-SA:2005:024) Sebastian Krahmer
Re: Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below Amit Klein (AKsecurity)
Vulnerability in Coppermine Photo Gallery 1.3.* GHC team
[ECL] Windows IP Options DoS POC [ECL] Yuri Gushin
Firelinking [Firefox 1.0.2] mikx
[ GLSA 200504-15 ] PHP: Multiple vulnerabilities Thierry Carrez
Firesearching 1 + 2 [Firefox 1.0.2] mikx
phpBB - Knowledge Base MOD - SQL-Injection and Full Path Disclosure deluxe
Re: HTTP RESPONSE SPLITTING by Diabolic Crab Amit Klein (AKsecurity)
[SECURITY] [DSA 710-1] New gtkhtml packages fix denial of service Martin Schulze
ERNW Security Advisory 01/2005 Mailinglists
[AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages Team SHATTER
[AppSecInc Team SHATTER Security Advisory] SQL Injection in CREATE_SCN_CHANGE_SET procedure Team SHATTER
[AppSecInc Team SHATTER Security Advisory] Denial of Service in Oracle interMedia Team SHATTER
[AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_METADATA package Team SHATTER
[AppSecInc Team SHATTER Security Advisory] SQL Injection in ALTER_MANUALLOG_CHANGE_SOURCE procedure Team SHATTER
[ GLSA 200504-16 ] CVS: Multiple vulnerabilities Sune Kloppenborg Jeppesen
The first open source spyware gilbert nzeka
Tuesday, 19 April
iDEFENSE Security Advisory 04.18.05: McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability iDEFENSE Labs
- Argeniss - Oracle exploits and workarounds Cesar
MDKSA-2005:072 - Updated php packages fix multiple vulnerabilities Mandriva Security Team
[ GLSA 200504-17 ] XV: Multiple vulnerabilities Sune Kloppenborg Jeppesen
Portcullis Security Advisory 05-012 Ebay Session Riding Vulnerability Paul J Docherty
[SECURITY] [DSA 711-1] New info2www packages fix cross-site scripting vulnerability Martin Schulze
Re: cpio TOCTOU file-permissions vulnerability Steve G
Directoy Traversal Attack in apexec.pl (.%00./-Bug) msdarkflyer
RE: ERNW Security Advisory 01/2005 [ EXPLOIT ] cybertronic
UBB Thread printthread.php SQL Injection Hillel Himovich
File Selection May Lead to Command Execution (GM#015-IE) GreyMagic Security
[SECURITY] [DSA 712-1] New geneweb packages fix insecure file operations Martin Schulze
[ GLSA 200504-18 ] Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities Thierry Carrez
CAU - New Tool: hcraft - HTTP Vuln Request Crafter I)ruid
MS05-021 Microsoft Exchange X-LINK2STATE Heap Overflow PoC Evgeny Pinchuk
PAKCON II: Call for Papers (CfP - 2005) Ayaz Ahmed Khan
Announcing PAKCON II (2005)! Ayaz Ahmed Khan
RE: Portcullis Security Advisory 05-012 Ebay Session Riding Vulnerability GulfTech Security Research
Capital One's website inadvertently assists phishing Joseph Barillari
Wednesday, 20 April
[CLA-2005:947] Conectiva Security Announcement - MySQL Conectiva Updates
DUportal Pro 3.4 has MANY Sql injection and Sql Errors. dcrab
[SECURITY] [DSA 661-2] New f2c packages fix insecure temporary files Martin Schulze
SUSE Security Announcement: PostgreSQL buffer overflow problems (SUSE-SA-2005:027) Marcus Meissner
SUSE Security Announcement: RealPlayer buffer overflow in RAM file handling (SUSE-SA:2005:026) Marcus Meissner
[HSC Security Group] Ocean12 Calendar manager 1.01 SQL injection Zinho
[ GLSA 200504-19 ] MPlayer: Two heap overflow vulnerabilities Matthias Geerdsen
RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Overflow Piotr Bania
Neslo Desktop Rover Remote DoS Vulnerability Adam Baldwin
ICMP attacks against TCP (Proof-of-Concept code) (MS05-019, CISCO:20050412) houseofdabus HOD
Multiple eGroupware Vulnerabilities GulfTech Security Research
RE: iDEFENSE Security Advisory 04.18.05: McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability Boyce, Nick
Multiple Security Issues Found In AZBB GulfTech Security Research
Re: Capital One's website inadvertently assists phishing Joseph Barillari
Re: Capital One's website inadvertently assists phishing Allen Parker
Annuaire Netref v4.2 [ fwrite php ] vulnerability jaguar
Ecommerce-Carts SQL injection vulnerability ( IHSTeam ) c0d3r
[waraxe-2005-SA#042] - Multiple vulnerabilities in Coppermine Photo Gallery 1.3.2 Janek Vind
Shoutbox SCRIPT <= 3.0.2 Administrative MD5 Username and Password Retrieval [x0n3-h4ck] CorryL
Linux vsyscalls may be used as attack vectors Clad Strife
Secure Science Corporation Application Software Advisory 055 SSC Advisory Notice
[OpenPKG-SA-2005.006] OpenPKG Security Advisory (mysql) OpenPKG
Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Stephen Frost
gzip directory traversal vulnerability Imran Ghory
Re: Vulnerability in Coppermine Photo Gallery 1.3.* nibbler999
PMsoftware mini http server remote stack overflow exploit (IHSTeam) c0d3r
Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Stephen Frost
Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords David F. Skoll
cpio directory traversal vulnerability Imran Ghory
Linux vsyscalls may be used as attack vectors Clad Strife
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Jim C. Nasby
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Tom Lane
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Bruce Momjian
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Jim C. Nasby
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Tom Lane
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Tom Lane
Re: Microsoft Windows image rendering DoS vuln patrick
Thursday, 21 April
[PLSN-0004] - Buffer overflow in PostgreSQL Peachtree Linux Security Team
MDKSA-2005:076 - Updated xli packages fix multiple vulnerabilities Mandriva Security Team
MDKSA-2005:074 - Updated gnome-vfs2 packages fix vulnerability Mandriva Security Team
Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Josh Berkus
[SECURITY] [DSA 701-2] New samba packages fix correct sporadic crash Martin Schulze
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Joshua D. Drake
directory traversal in Yawcam 0.2.5 Donato Ferrante
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Tino Wildenhain
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Stephen Frost
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords David F. Skoll
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Stephen Frost
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Jim Knoble
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted Rod Taylor
MDKSA-2005:073 - Updated cvs packages fix vulnerability Mandriva Security Team
Vulnerability kali's tagboard piker piker
MDKSA-2005:075 - Updated libcdaudio1 packages fix vulnerability Mandriva Security Team
Re: Vulnerability kali's tagboard Jason Dodson
xine security announcement: multiple heap overflows in MMS and Real RTSP streaming clients Michael Roitzsch
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted Tino Wildenhain
RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Mike Fratto
Re: Microsoft Windows image rendering DoS vuln patrick
[SECURITY] [DSA 713-1] New junkbuster packages fix several vulnerabilities Martin Schulze
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Stephen Frost
[PLSN-0001] - Multiple PHP vulnerabilities Peachtree Linux Security Team
APG Classmaster Workstation Windows SMB share access vulnerability Alex Garrett
TSLSA-2005-0013 - cvs Trustix Security Advisor
MDKSA-2005:077 - Updated cdrecord packages fix vulnerability Mandriva Security Team
Canonicalization and directory traversal in iSeries FTP security products Shalom Carmel
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Lance James
[ GLSA 200504-20 ] openMosixview: Insecure temporary file creation Thierry Carrez
[PLSN-0002] - Multiple vulnerabilities in Gaim Peachtree Linux Security Team
Friday, 22 April
UPDATE: [ GLSA 200504-16 ] CVS: Multiple vulnerabilities Sune Kloppenborg Jeppesen
UPDATE: [ GLSA 200410-10 ] gettext: Insecure temporary file handling Sune Kloppenborg Jeppesen
[PLSN-0003] - Remote exploits in mplayer Peachtree Linux Security Team
Multiple Sql injection and XSS in Asp Nuke 0.80 (Working exploits included) dcrab
[KDE Security Advisory]: kimgio input validation errors Dirk Mueller
[KDE Security Advisory]: Kommander untrusted code execution Dirk Mueller
[PLSN-0002] - Multiple vulnerabilities in Gaim Peachtree Linux Security Team
[PLSN-0001] - Multiple vulnerabilities in Gaim Peachtree Linux Security Team
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Stephen Frost
Re: Microsoft Windows image rendering DoS vuln Randy
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted Michael Samuel
Multiple vulnerabilities in Argosoft Mail Server 1.8.7.6 ShineShadow
RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Mark Senior
RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Mike Fratto
RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Mike Fratto
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Bruno Wolff III
[PLSN-0003] - Remote exploits in MPlayer Peachtree Linux Security Team
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Jim Knoble
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Stephen Frost
[ GLSA 200504-21 ] RealPlayer, Helix Player: Buffer overflow vulnerability Thierry Carrez
[ GLSA 200504-22 ] KDE kimgio: PCX handling buffer overflow Sune Kloppenborg Jeppesen
[ GLSA 200504-23 ] Kommander: Insecure remote script execution Sune Kloppenborg Jeppesen
Microsoft Windows image rendering DoS vuln Luis Alberto Cortes Zavala
Re: Microsoft Windows image rendering DoS vuln Jesse Morgan
Re: RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Overflow Göran Sandahl
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Antoine Martin
BitDefender 8 - Race condition vulnerability SecuBox fRoGGz
FreeBSD Security Advisory FreeBSD-SA-05:05.cvs FreeBSD Security Advisories
[SePro Bugtraq] WBB - WoltLab Burning Board <= 2.3.1 - XSS Vulnerability (22.04.05) deluxe
Saturday, 23 April
Multiple Sql injection vulnerabilities in BK Forum v.4 dcrab
ACSblog bug farhad koosha
New auto download / install / exploit URL? Gandalf The White
-==phpBB 2.0.14 Multiple Vulnerabilities==- HaCkZaTaN
artmedic_links5 remote file access exploit Adam n30n Simuntis
Multiple Sql injection and XSS in CartWIZ ASP Cart dcrab
E-Cart v1.1 Remote Command Execution Nicolas Montoza
Local file detection found through Adobe Reader ActiveX control Hyperdose Security
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted Antoine Martin
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted Stephen Frost
Monday, 25 April
TSLSA-2005-0015 - postgresql Trustix Security Advisor
[SNS Advisory No.80] nProtect:Netizen Arbitrary File Download Vulnerability snsadv
[CIRT.DK - Advisory] Novell Nsure Audit 1.0.1 Denial of Service CIRT.DK Advisory
remote command execution in inserter.cgi script fireboy fireboy
Sql Injection in Confixx 3.06 & 3.08 & 3.?? ? Erich Klaus
Re: -==phpBB 2.0.14 Multiple Vulnerabilities==- Paul Laudanski
DMA[2005-0423a] - 'Nokia Affix Bluetooth Integer Underflow' KF (lists)
Multiple SQL Injections in StorePortal 2.63 dcrab
remote command execution in include.cgi script fireboy fireboy
MS05-019 Windows IP options DoS exploit GomoR
[INetCop Security Advisory] Snmppd potentially format string vulnerability. dong-hun you
hyper.cgi script file show bug fireboy fireboy
remote command execution in citat.pl script fireboy fireboy
remote command execution in includer.cgi script fireboy fireboy
Possible XSS in User-Agent Nicolas Montoza
Yager <= 5.24 Remote Buffer Overflow Exploit cybertronic
E-Cart v1.1 Remote Command Execution Vulnerability Emanuele "z\" Gentili
[Overflow.pl] ImageMagick ReadPNMImage() Heap Overflow Damian Put
MailEnable HTTPS Buffer Overflow [x0n3-h4ck] CorryL
remote command execution in text.cgi script fireboy fireboy
Re: BitDefender 8 - Race condition vulnerability Ovidiu Constantin
index.cgi script XSS + file show fireboy fireboy
remote command execution in forum.pl script fireboy fireboy
RE: New auto download / install / exploit URL? Geoff Vass
WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability (24.04.05) admin
Re: [Full-disclosure] [VulnDiscuss] Re: -==phpBB 2.0.14 Multiple Vulnerabilities==-[Scanned] Dave Aitel
remote command execution in ad.cgi script fireboy fireboy
[ GLSA 200504-24 ] eGroupWare: XSS and SQL injection vulnerabilities Matthias Geerdsen
[security bulletin] SSRT5954 rev.0 HP-UX TCP/IP Remote Denial of Service (DoS) Boren, Rich (SSRT)
dBpowerAMP Auxiliary - Abnormal execution SecuBox fRoGGz
RE: Possible XSS in User-Agent Scovetta, Michael V
Re: index.cgi script XSS + file show D.C. van Moolenbroek
Tuesday, 26 April
[SECURITY] [DSA 714-1] New kdelibs packages fix arbitrary code execution Martin Schulze
iDEFENSE Security Advisory 04.26.05: Citrix Program Neighborhood Agent Buffer Overflow iDEFENSE Labs
iDEFENSE Security Advisory 04.26.05: Citrix Program Neighborhood Agent Arbitrary Shortcut Creation Vulnerability iDEFENSE Labs
iDEFENSE Security Advisory 04.26.05: MySQL MaxDB Webtool Remote 'If' Stack Overflow Vulnerability iDEFENSE Labs
Multiple SQL Injections in MetaCart e-Shop V-8 dcrab
Multiple SQL Injections in MetaCart2 for PayPal dcrab
Multiple SQL Injections in MetaCart2 for SQL Server Special Edition U.K dcrab
MetaCart2 for PayFlow Multiple Sql Injection Vulnerabilities dcrab
Multiple SQL Injections in MetaBid Auctions dcrab
E-Cart E-Commerce Software EXPLOIT Emanuele "z\" Gentili
[exploits] phpMyVisites 1.3 local file retrieval Max Cerny
GrayCMS php code injection Kold
tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop DOS. Vade 79
tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits. Vade 79
[PLSN-0007] new libcdaudio package available Peachtree Linux Security Team
[PLSN-0006] new libexif package available Peachtree Linux Security Team
[PLSN-0005] new cvs package available Peachtree Linux Security Team
IE - cross site click detection? ViPeR
SQL-injections in Invision Power Board v2.0.1 CENSORED
[Hackers Center Security Group] Sqwebmail Http Splitting Vulnerability Zinho
Discovering and Stopping Phishing/Scam Attacks steven
[ GLSA 200504-25 ] Rootkit Hunter: Insecure temporary file creation Sune Kloppenborg Jeppesen
iDEFENSE Security Advisory 04.25.05: MySQL MaxDB Webtool Remote Stack Overflow Vulnerability iDEFENSE Labs
iDEFENSE Security Advisory 04.25.05: MySQL MaxDB Webtool Remote Lock-Token Stack Overflow Vulnerability iDEFENSE Labs
Re: New auto download / install / exploit URL? joke0
[ GLSA 200504-26 ] Convert-UUlib: Buffer overflow Sune Kloppenborg Jeppesen
ADV: NetTerm's NetFtpd 4.2.2 Buffer Overflow + PoC Exploit shadown
New Whitepaper: Stopping Automated Attack Tools Gunter Ollmann (NGS)
Wednesday, 27 April
SUSE Security Announcement: Mozilla Firefox, Mozilla various security problems (SUSE-SA:2005:028) Marcus Meissner
Black Hat USA 2005 Reminder CFP closing soon! Jeff Moss
[HSC Security Group] Comersus v6 Script injection Zinho
myPHP Forum v3 (possible v1 & 2 also) Identification 'spoof' Terencentanio Enache
Re: SQL-injections in Invision Power Board v2.0.1 Steven M. Christey
[SECURITY] [DSA 715-1] New cvs packages fix unauthorised repository access Martin Schulze
[ GLSA 200504-27 ] xine-lib: Two heap overflow vulnerabilities Thierry Carrez
[SECURITY] [DSA 717-1] New lsh packages fix several vulnerabilities Martin Schulze
[SECURITY] [DSA 716-1] New gaim packages fix denial of service Martin Schulze
[CLA-2005:950] Conectiva Security Announcement - evolution Conectiva Updates
[CLA-2005:949] Conectiva Security Announcement - gaim Conectiva Updates
SQL-injections in koobi-cms CENSORED
iDEFENSE Labs Releases dltrace iDEFENSE Labs
Privilege escalation in BakBone NetVault 7.1 Reed Arvin
Privilege escalation in BulletProof FTP Server v2.4.0.31 Reed Arvin
[CLA-2005:948] Conectiva Security Announcement - squid Conectiva Updates
Buffer overflow in KMiNT21 Software Golden FTP Server Pro v2.52 (10.04.2005) Reed Arvin
ZRCSA-200501 - Multiple vulnerabilities in Claroline Sieg Fried
RE: IE - cross site click detection? ViPeR
Re: Discovering and Stopping Phishing/Scam Attacks byte_jump
Re: Discovering and Stopping Phishing/Scam Attacks Crispin Cowan
Thursday, 28 April
Re: New auto download / install / exploit URL? Hermann Arens
Security contact at sourceforge? Joxean Koret
RE: Capital One's website inadvertently assists phishing Rager, Anton (Anton)
[ GLSA 200504-28 ] Heimdal: Buffer overflow vulnerabilities Sune Kloppenborg Jeppesen
[SECURITY] [DSA 718-2] New ethereal packages fix buffer overflow Martin Schulze
[SECURITY] [DSA 718-1] New ethereal packages fix buffer overflow Martin Schulze
High risk flaw in HP OpenView Radia Management Agent NGSSoftware Insight Security Research
Re: Vulnerability kali's tagboard security curmudgeon
phpBB Notes Mod SQL Injection Vulnerability GulfTech Security Research
Re: tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop DOS. Romain Francoise
Re: tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits. Romain Francoise
OT: Two Factor Authentication on Linux / Mac / Windows Mohit Muthanna
Netflix Site may assist Phishing Sara Togian
[SECURITY] [DSA 719-1] New prozilla packages fix arbitrary code execution Martin Schulze
Borland Security Contact Dave Armstrong
Webcache Client Requests Bypass OHS mod_access Restrictions Alexander Kornbrust
insecure user account lam-runtime-7.0.6-2mdk rpm Scott Grayban
File appending vulnerability in Oracle Webcache 9i Alexander Kornbrust
Cross Site Scripting in Oracle Webcache 9i Adminstrator Application Alexander Kornbrust
[Security Bulletin] SSRT5958 rev.0 - HP OpenView Radia Mgmt. Portal (RMP) Radia Mgmt. Agent Remote unauthorized Privileged Access and (DoS) Boren, Rich (SSRT)
[HSC Security Group] Ocean12 Mailing List Manager Pro SQL injection Zinho
Cross Site Scripting in BEA Admin Console Alexander Kornbrust
Re: Security contact at sourceforge? Scott Grayban
Re: Vulnerability kali's tagboard Jesus
Re: Borland Security Contact KF (lists)
RE: Netflix Site may assist Phishing pak_ml
Re: New auto download / install / exploit URL? Nicob
DHS Security Contact Jason Coombs
Multiple Sql injections in phpCoin v1.2.2 and below dcrab
Safari HTTPS Overflow Gilbert Verdian
NY sues Spyware Intermix, funded by Tiaa-Cref Paul Laudanski
Friday, 29 April
Golden FTP Server Pro remote stack BOF exploit (IHSTeam) c0d3r
MDKSA-2005:080 - Updated libxpm4 packages fix libXpm vulnerabilities Mandriva Security Team
Multiples Full Path Disclosure in php-nuke 7.6 (and below) Luis Fernando
MDKSA-2005:079 - Updated perl packages to fix rmtree vulnerability Mandriva Security Team
MDKSA-2005:078 - Updated squid packages fix vulnerability Mandriva Security Team
[CAN-2005-1063] Administration protocol abuse leads to Service and System Denial of Service Secure Computer Group
[CAN-2005-1062] Administration protocol abuse allows local/remote password cracking Secure Computer Group
DEF CON - New CTF Organizers chosen! The Dark Tangent
Re: Safari HTTPS Overflow David Riley
Re: Safari HTTPS Overflow Braden Thomas
Re: [bugtraq] Re: Borland Security Contact Markus Stenzel
Mac OS X Cocktail 3.5.4 admin password disclosure sonderling
Snmppd SNMP proxy daemon format string exploit cybertronic
Apache hacks (./atac, d0s.txt) Andrew Y Ng