Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
553 messages
starting Feb 28 05 and
ending Mar 31 05
Date index |
Thread index |
Author index
Monday, 28 February
Re: Office 10 applications & flashdrives can be used to browse restricted drives Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Re: Office 10 applications & flashdrives can be used to browse restricted drives Jay D. Dyson
7a69Adv#22 - UNIX unzip keep setuid and setgid files Albert Puigsech Galicia
Re: iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability Rainer Schöpf
WASC-Articles: 'The Insecure Indexing Vulnerability - Attacks Against Local Search Engines' By Amit Klein robert
iDEFENSE Security Advisory 02.28.05: KPPP Privileged File Descriptor Leak Vulnerability iDEFENSE Labs
iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error iDEFENSE Labs
[Hat-Squad] GFI L.N.S.S 5.0 Insecure Credential Storage Hat-Squad Security Team
[SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=>x cXIb8O3.3 Maksymilian Arciemowicz
[SECURITYREASON.COM] PostNuke Critical XSS 0.760-RC2=>x cXIb8O3.2 Maksymilian Arciemowicz
[SECURITYREASON.COM] PostNuke Critical SQL Injection 0.760-RC2=>x cXIb8O3.1 Maksymilian Arciemowicz
Re: iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error Miles Beck
Firefox Software Update Kai Howells
Badblue HTTP Server Exploit Miguel Tarascó Acuña
Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files John Simpson
Tuesday, 01 March
[ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ] JoCaNoR SeCuRiTy TeaM
Re: BizMail 2.1 Spam Exploit Jason Frisvold
Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files Han Boetes
Re: iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error dveditz
[SIG^2 G-TEC] RaidenHTTPD Server Buffer Overflow and CGI Source Disclosure Vulnerabilities chewkeong
Kernelpanik Labs Digest 2005-2 Kernelpanik Labs - Security Lists
IObjectSafety and Internet Explorer Shane Hird
phpBB <= 2.0.12 UID Exploit federico gonzales
OpenServer 5.0.6 OpenServer 5.0.7 : A vulnerability in TCP please_reply_to_security
Re: Firefox Software Update Michael Hampton
427BB profile.php XSS vulnerability. Raven
[KDE Security Advisory] kppp Privileged fd Leak Vulnerability Dirk Mueller
Re: Firefox Software Update Matt Venzke
Re: Firefox Software Update Beau Henderson
Software PBLang 4.63 delpm.php authentication vulnerability Raven
Re: Firefox Software Update Adam Kane
427BB profile.php XSS vulnerability. Raven
Software PBLang 4.63 sendpm.php reply file read vulnerability Raven
Forumwa search.php xss vulnerability Raven
Re: [ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ] Maksymilian Arciemowicz
[ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ] Jose Pedro Andres
[ GLSA 200503-01 ] Qt: Untrusted library search path Sune Kloppenborg Jeppesen
Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files devnull
iDEFENSE Security Advisory 03.01.05: RealNetworks RealPlayer .smil Buffer Overflow Vulnerability Michael Sutton
PHP News <= 1.2.4 - Remote File Inclusion (VXSfx) Filip Groszynski
Re: Firefox Software Update Rainer Duffner
Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files exon
Re: Firefox Software Update Stan Bubrouski
[ GLSA 200503-03 ] Gaim: Multiple Denial of Service issues Sune Kloppenborg Jeppesen
[ GLSA 200503-04 ] phpWebSite: Arbitrary PHP execution and path disclosure Thierry Carrez
[ GLSA 200503-02 ] phpBB: Multiple vulnerabilities Thierry Carrez
Re: Firefox Software Update Kai Howells
[ GLSA 200502-33 ] MediaWiki: Multiple vulnerabilities Thierry Carrez
[USN-89-1] XML library vulnerabilities Martin Pitt
[USN-88-1] reportbug information disclosure Martin Pitt
[USN-86-1] cURL vulnerability Martin Pitt
[USN-87-1] Cyrus IMAP server vulnerability Martin Pitt
Re: Firefox Software Update Kurt Seifried
Wednesday, 02 March
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client/Server GCR Checksum Buffer Overflow iDEFENSE Labs
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client/Server GCR Network Buffer Overflow iDEFENSE Labs
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client/Server GETCONFIG Buffer Overflow iDEFENSE Labs
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client PUTOLF Directory Traversal iDEFENSE Labs
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client PUTOLF Buffer Overflow iDEFENSE Labs
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client and Server Invalid Command Buffer Overflow iDEFENSE Labs
License Patches Are Now Available To Address Buffer Overflows Williams, James K
[CLA-2005:926] Conectiva Security Announcement - mod_python Conectiva Updates
RealOne Player / Real .WAV Heap Overflow File Format Vulnerability Mark Litchfield
Foxmail server "USER" command Multiple remote buffer overflow Xin Ouyang
[FLSA-2005:2314] Updated XFree86 packages fix security flaws Dominic Hargreaves
Vulnerabilities in Aura CMS echo staff
[ GLSA 200503-05 ] xli, xloadimage: Multiple vulnerabilities Thierry Carrez
Re: Firefox Software Update Gilles DEMARTY
Golden Ftp server 1.29 Username remote Buffer Overflow Carlos Ulver
Security Advisory: Computalynx CProxy Server Multiple Remote Vulnerabilities Kristof Philipsen
iDEFENSE Labs Releases IDA Sync iDEFENSE Labs
Re: phpBB <= 2.0.12 UID Exploit Nicob
EEYE: Computer Associates License Manager Remote Vulnerabilities Karl Lynn
[SECURITY BULLETIN] SSRT4866 rev.0 MUP HP OpenVMS V6.x and V7.x privileged file access Boren, Rich (SSRT)
Thursday, 03 March
Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php Paisterist
[USN-90-1] Imagemagick vulnerability Martin Pitt
Re: SHA-1 broken Pavel Machek
Microsoft AntiSpyware Beta and Windows Scripting Host Joe Stocker
[XSS] paBox 1.6 Rift
[CLA-2005:928] Conectiva Security Announcement - clamav Conectiva Updates
TYPO3 SQL Injection vunerabilitie Fabian Becker
Microsoft Antispyware Beta window docking issue Jeroen van Rijn
My-forum.org cookies vulnerability - data bug Black Angel
Re: Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php vzmule
[ GLSA 200503-06 ] BidWatcher: Format string vulnerability Sune Kloppenborg Jeppesen
Re: TYPO3 SQL Injection vunerabilitie Dennis Shewmaker
[ GLSA 200503-07 ] phpMyAdmin: Multiple vulnerabilities Sune Kloppenborg Jeppesen
Re: Microsoft Antispyware Beta window docking issue Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
PHP News <= 1.2.4 - Remote File Inclusion Exploit mozako
Re: TYPO3 SQL Injection vunerabilitie Sebastian Wolfgarten
Friday, 04 March
RE: TYPO3 SQL Injection vunerabilitie GulfTech Security Research
GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability Hongzhen Zhou
Download Center Lite (DCL) - Arbitrary File Inclusion (VXSfx) Filip Groszynski
Re: GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability Frank Denis (Jedi/Sector One)
Re: TYPO3 SQL Injection vunerabilitie Michael Stucki
RE: Microsoft AntiSpyware Beta and Windows Scripting Host alex cottle
Re: TYPO3 3rd party extension (cmw_linklist) SQL Injection vunerability Michael Shigorin
Re: TYPO3 SQL Injection vunerabilitie Michael Shigorin
PHP Form Mail Script (2.3) - Arbitrary File Inclusion (VXSfx) Filip Groszynski
Re: TYPO3 SQL Injection vunerabilitie Karsten Dambekalns
-==phpBB 2.0.13 Full path disclosure==- HaCkZaTaN
[ GLSA 200503-08 ] OpenMotif, LessTif: New libXpm buffer overflows Thierry Carrez
[ GLSA 200503-09 ] xv: Filename handling vulnerability Thierry Carrez
[ GLSA 200503-10 ] Mozilla Firefox: Various vulnerabilities Thierry Carrez
Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2 Andrey Bayora
phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED- Wesley aka PPC
LOOKNMEET HTML INJECT EXPLOIT Wesley aka PPC
Saturday, 05 March
PaX privilege elevation security bug pageexec
MDKSA-2005:048 - Updated curl packages fix vulnerability Mandrakelinux Security Team
MDKSA-2005:049 - Updated gaim packages fix multiple vulnerabilities Mandrakelinux Security Team
MDKSA-2005:051 - Updated cyrus-imapd packages fix vulnerabilities Mandrakelinux Security Team
MDKSA-2005:052 - Updated kdegraphics packages fix vulnerabilities Mandrakelinux Security Team
MDKSA-2005:050 - Updated gftp packages fix vulnerability Mandrakelinux Security Team
Windows Server 2003 and XP SP2 LAND attack vulnerability Dejan Levaja
Re: Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php Some one
Monday, 07 March
[ GLSA 200503-13 ] mlterm: Integer overflow vulnerability Luke Macken
[SECURITY] [DSA 691-1] New abuse packages fix local root exploit Martin Schulze
Remote Command Execution Francisco Alisson
[ GLSA 200503-11 ] ImageMagick: Filename handling vulnerability Thierry Carrez
[ GLSA 200503-12 ] Hashcash: Format string vulnerability Thierry Carrez
[FLSA-2005:1748] Updated subversion packages fix security issues Marc Deslauriers
[FLSA-2005:2344] Updated php packages fix security issues Marc Deslauriers
[Hat-Squad] Computer-Associates, License Manager POC Exploit Hat-Squad Security Team
Real Realplayer 10 .smil local buffer overflow POC nolimit bugtraq
CIRT.DK Advisory - SafeNet Inc Sentinel License Manager 7.2.0.2 Buffer Overflow CIRT Advisory
Re: [Full-Disclosure] Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2 Trog
[USN-91-1] EXIF library vulnerability Martin Pitt
phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit thephuket
thoughts and a possible solution on homograph attacks Michael Roitzsch
Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED- Matthias
Gene6 FTP Server Local Privilege Escalation Vulnerability Sowhat
Re: GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability Hongzhen Zhou
Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Atom Smasher
Remote Testing SocialMPN Remote File Inclusion by y3dips echo staff
PHP Form Mail Script <= 2.3 arbitrary file inclusion exploit exploit mozako
vBulletin Worm - perl.Santy variant The Prohacker
phpBB 2.0.13 - user level exploit Some one
PHP-FUSION 5.* XSS VULNERABILITY FireSt0rm
drone armies C&C report - Feb/2005 Gadi Evron
Re: phpGiftReq SQL Injection Ryan Walberg
See-security advisory: Trillian Basic 3.0 PNG Processing Buffer overflow tal zeltzer
- Argeniss - Oracle Database Server Directory transversal Cesar
[CLA-2005:930] Conectiva Security Announcement - kernel Conectiva Updates
PHP mcNews <= 1.3 arbitrary file inclusion (VXSfx) Filip Groszynski
phpWebLog <= 0.5.3 arbitrary file inclusion (VXSfx) Filip Groszynski
[USN-92-1] LessTif vulnerabilities Martin Pitt
[ GLSA 200503-14 ] KDE dcopidlng: Insecure temporary file creation Sune Kloppenborg Jeppesen
Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability Hubert Chan
UnixWare 7.1.4 : Samba multiple security issues please_reply_to_security
Hosting Controller Multiple Unauthenticated information disclose small mouse
Re: thoughts and a possible solution on homograph attacks Michael Silk
Re: thoughts and a possible solution on homograph attacks Kevin Day
Re: thoughts and a possible solution on homograph attacks James Youngman
Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit comsatcat
Re: thoughts and a possible solution on homograph attacks Thomas Wana
UnixWare 7.1.4 : squid updated package fixes several security issues please_reply_to_security
Re: thoughts and a possible solution on homograph attacks Benjamin Franz
RE: thoughts and a possible solution on homograph attacks Scovetta, Michael V
iDEFENSE Labs Releases IDA RPC Enumerator iDEFENSE Labs
Re: Gene6 FTP Server Local Privilege Escalation Vulnerability Matthieu
Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit comsatcat
Tuesday, 08 March
Multiples Vulnerabilities Francisco Alisson
Re: [Full-Disclosure] Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2 Andrey Bayora
PE Multiple Remote Access Validation Vulnerabilities (Participate Systems Inc. / Outstart Inc.) Altrus Wollesen
Re: Remote Command Execution BoI base
RE: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability Walton, John Michael (John)
[SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file extension validation pokley
Re: thoughts and a possible solution on homograph attacks Dmitry Yu. Bolkhovityanov
Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Atom Smasher
Re: thoughts and a possible solution on homograph attacks Dmitry Yu. Bolkhovityanov
Re: Remote Command Execution BoI base
Re: Windows Server 2003 and XP SP2 LAND attack vulnerability Patrick Chipman
Re: Windows Server 2003 and XP SP2 LAND attack vulnerability paul14075
Re: Windows Server 2003 and XP SP2 LAND attack vulnerability Grndahl
Re: Windows Server 2003 and XP SP2 LAND attack vulnerability Miroslav Kubik
Re: thoughts and a possible solution on homograph attacks Denis Jedig
Re: thoughts and a possible solution on homograph attacks Michael Roitzsch
Re: thoughts and a possible solution on homograph attacks Mike Nice
[CLA-2005:931] Conectiva Security Announcement - squid Conectiva Updates
Multiple vulnerabilities in paFileDB sp3x
ArGoSoft FTP Server 1.4.2.8 Buffer Overflow CorryL
failles dans ProjectBB v0.4.5.1 benji
[SECURITY] [DSA 692-1] New kppp packages fix privileged file descriptor leak Martin Schulze
Re: Windows Server 2003 and XP SP2 LAND attack vulnerability caldcv
Re: houghts and a possible solution on homograph attacks Sven Putteneers
Re: Windows Server 2003 and XP SP2 LAND attack vulnerability killer_loop () mail com
Ethereal remote buffer overflow LSS Security
[FLSA-2005:2404] Updated less package fixes security issue Marc Deslauriers
[USN-93-1] Squid vulnerability Martin Pitt
Wednesday, 09 March
RE: Ethereal remote buffer overflow - addon LSS Security
Re: Ethereal remote buffer overflow Gerald Combs
Re: Ethereal remote buffer overflow Diego Giagio
[USN-94-1] Perl vulnerability Martin Pitt
[Security Bulletin] SSRT4891 rev.0 HP Tru64 UNIX message queue local denial of service (DoS) Boren, Rich (SSRT)
Update: MS05-011 EEYE: Windows SMB Client Transaction Response Handling Vulnerability Marc Maiffret
Thursday, 10 March
[Updated][FLSA-2005:2344] Updated php packages fix security issues Marc Deslauriers
Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability. Bipin Gautam
XCode 1.5 and distcc 2.x Exploit Ray Slakinski
iDEFENSE Security Advisory 03.10.05: Ipswitch Collaboration Suite IMAP EXAMINE Buffer Overflow Vulnerability iDEFENSE Labs
Wfsection 1.07 vulnerabilities kreon
RE: Windows Server 2003 and XP SP2 LAND attack vulnerability Detection Services - IS Security
RE: Windows Server 2003 and XP SP2 LAND attack vulnerability Evans, Arian
iDownload/iSearch responds to Spyware Critics Paul Laudanski
Re: houghts and a possible solution on homograph attacks Nick FitzGerald
Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Atom Smasher
Friday, 11 March
UBB.threads 6 SQL Injection kre0n
Security Masters Dojo Dragos Ruiu
Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Ryan Cummings
Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Atom Smasher
[SECURITYREASON.COM][phpBB 2.0.13 SQL error in session cXIb8O3.8] Maksymilian Arciemowicz
Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability. secure
Saturday, 12 March
[ GLSA 200503-16 ] Ethereal: Multiple vulnerabilities Luke Macken
[SECURITYREASON.COM] SQL injection and XSS in paFileDB SecurityReason
PhotoPost PHP 5.0 RC3, and later, multiple vulnerabilities Igor Franchuk
[badroot.org] The Includer remote commands execution exploit Federico Ozak
[badroot.org] The Includer remote commands execution exploit mozako
Mysql CREATE FUNCTION mysql.func table arbitrary library injection Stefano Di Paola
summercon looking for speakers louis
Re: Thoughts and a possible solution on homograph attacks Paul Smith
[ GLSA 200503-15 ] X.org: libXpm vulnerability Matthias Geerdsen
Mysql CREATE FUNCTION libc arbitrary code execution. Stefano Di Paola
RE: Windows Server 2003 and XP SP2 LAND attack vulnerability Daniel Cross
PlatinumFTP 1.0.18 remote DoS ports
[SECURITYREASON.COM] Mass Full Path Disclosure in paFileDB SecurityReason
Virginity Security Advisory 2005-001 : Hola CMS - File destruction and System access Virginity Security
RE: Windows Server 2003 and XP SP2 LAND attack vulnerability Miguel Angel Rodríguez Jódar
aeNovo Database Content Disclosure Vulnerability farhad koosha
KnowledgeBase Francisco Alisson
Av issues Bipin Gautam
Re: [SECURITYREASON.COM] PostNuke Critical SQL Injection 0.760-RC2=>x cXIb8O3.1 Linux php
Ethereal remote buffer overflow #2 LSS Security
Re: Windows Server 2003 and XP SP2 LAND attack vulnerability exon
Re: iDownload/iSearch responds to Spyware Critics bkfsec
[ GLSA 200503-17 ] libexif: Buffer overflow vulnerability Luke Macken
Monday, 14 March
[SECURITY] [DSA 662-2] New squirrelmail package fixes regression Martin Schulze
[CLA-2005:933] Conectiva Security Announcement - gaim Conectiva Updates
SUSE Security Announcement: openslp (SUSE-SA:2005:015) Sebastian Krahmer
[SECURITY] [DSA 693-1] New luxman packages fix local root exploit Martin Schulze
[HAT-SQUAD] SafeNet Sentinel LM, UDP License Manager Exploit class 101
LimeWire Gnutella client two vulnerabilities Kevin Walsh
New Version of WinBlox is Available Liu Die Yu
[ZH2005-02SA] Insecure tmp file creation in Wine Giovanni Delvecchio
Master RPC program number data base (/etc/rpc) Eilon Gishri
SimpGB SQL Injection Vulnerability Alexander Müller
[XSS] paBox 2.0 Rift
...::: hotforum.nl XSS exploit :::... Rebyte Security
Ethereal 0.10.9 and below remote root exploit Diego Giagio
3 XSS Vulnerabilities in Phorum <= 5.0.14 Jon Oberheide
Not SQL injection and XSS in paFileDB? saudi linux
[SECURITYREASON.COM] phpAdsNew 2.0.4-pr1 Multiple vulnerabilities cXIb8O3.9 Maksymilian Arciemowicz
YaBB2 rc1 XSS alireza hassani
"Drop to STARTUP Folder II" published on 2005/02/08 Liu Die Yu
DMA[2005-0310a] - 'Frank McIngvale LuxMan buffer overflow' Kevin Finisterre
iDEFENSE Security Advisory 03.14.05: MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities iDEFENSE Labs
RE: Av issues David Webster
html code include in phpnuke news crash IE 6 WoRmZ Web
Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Dr. Peter Bieringer
PlantinumFTP server <= 1.0.18 Remote DOS exploit Exoduks
phpbb <= 2.0.12 uid vuln + admin_styles.php php code injection exploit bad boy
phpbb cookie admin access pureone
Re: html code include in phpnuke news crash IE 6 Berend-Jan Wever
Re: Av issues Thierry Zoller
Tuesday, 15 March
SAV9 Functionality Hole - misses virus files me3
Re: PlantinumFTP server <= 1.0.18 Remote DOS exploit Gary H. Jones II
Few remote bugs in zPanel Mik-
Virginity Security Advisory 2005-002 : Hola CMS - Another File destruction and System access Virginity Security
[ISR] - Novell iChain Mini FTP Server Valid User Disclosure Vulnerability Francisco Amato
[ISR] - Novell iChain Mini FTP Server Unauthorized Remote Path Disclosure Vulnerability Francisco Amato
[ISR] Insecure communication and Reproduce the Session authentication Francisco Amato
Re: SAV9 Functionality Hole - misses virus files Harry Hoffman
Denial of Service Vulnerability in MySQL Server for Windows Luca Ercoli
Re: Av issues Yves Belle-Isle
[ GLSA 200503-18 ] Ringtone Tools: Buffer overflow vulnerability Luke Macken
[USN-95-1] Linux kernel vulnerabilities Martin Pitt
UPDATE: [ GLSA 200501-38 ] Perl: rmtree and DBI tmpfile vulnerabilities Thierry Carrez
[ISR] - Novell iChain Mini FTP Server Bruteforce Problem Francisco Amato
RE: SAV9 Functionality Hole - misses virus files Polazzo Justin
Re: SAV9 Functionality Hole - misses virus files Ben Blakely
Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Rodrigo Barbosa
Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Dr. Peter Bieringer
Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning bipin gautam
Re: Thoughts and a possible solution on homograph attacks Riccardo Murri
GoodTech Telnet Server Buffer Overflow Vulnerability Komrade
RE: SAV9 Functionality Hole - misses virus files Dewyngaert Brian Contr ANG/C4
Re: Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Dr. Peter Bieringer
Re: Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Thierry Zoller
Re: Thoughts and a possible solution on homograph attacks Valdis . Kletnieks
Wednesday, 16 March
MDKSA-2005:053 - Updated ethereal packages fix multiple vulnerabilities Mandrakelinux Security Team
MDKSA-2005:054 - Updated cyrus-sasl packages fix vulnerability Mandrakelinux Security Team
MDKSA-2005:055 - Updated openslp packages fix multiple vulnerabilities Mandrakelinux Security Team
ADVISORY: DataRescue Interactive Disassembler Pro Debugger Format String Vulnerability Piotr Bania
Multiple KDE Security Advisories (2005-03-16) Waldo Bastian
PlatinumFTPserver format string vulnerability ( IHSTeam ) c0d3r
MDKSA-2005:056 - Updated koffice packages fix vulnerabilities on 64 bit platforms Mandrakelinux Security Team
SUSE Security Announcement: multiple Mozilla Firefox vulnerabilities (SUSE-SA:2005:016) Marcus Meissner
Re: Thoughts and a possible solution on homograph attacks Riccardo Murri
MDKSA-2005:057 - Updated gnupg packages fix vulnerability Mandrakelinux Security Team
Re: Thoughts and a possible solution on homograph attacks khockenb
[CLA-2005:934] Conectiva Security Announcement - kdenetwork Conectiva Updates
[USN-97-1] libxpm vulnerability Martin Pitt
Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Rodrigo Barbosa
Servers Alive: Local Privilege Escalation Michael Starks
SAV9 Functionality Hole - misses virus files secure
RE: SAV9 Functionality Hole - misses virus files batchelornpe
ASPjar Tell-a-Friend farhad koosha
[ GLSA 200503-20 ] curl: NTLM response buffer overflow Sune Kloppenborg Jeppesen
[ GLSA 200503-19 ] MySQL: Multiple vulnerabilities Sune Kloppenborg Jeppesen
[USN-96-1] mySQL vulnerabilities Martin Pitt
RE: Denial of Service Vulnerability in MySQL Server for Windows BugTrap
Re: Av issues bipin gautam
Re: GoodTech Telnet Server Buffer Overflow Vulnerability [EXPLOIT] cybertronic
Thursday, 17 March
LLSSRV Clarifications <Immunity> Dave Aitel
MDKSA-2005:059 - Updated evolution packages fix crasher Mandrakelinux Security Team
[ GLSA 200503-21 ] Grip: CDDB response overflow Luke Macken
See-security Advisory: Format string vulnerability in MailEnable 1.8 a a
[CLA-2005:937] Conectiva Security Announcement - cyrus-imapd Conectiva Updates
Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Tomasz Papszun
Windows 2000 GDI32.DLL GetEnhMetaFilePaletteEntries() API specially crafted EMF file DOS vulnerability Hongzhen Zhou
XSS in ACS blog farhad koosha
PHP mcNews arbitrary file inclusion Jonathan Whiteley
MDKSA-2005:058 - Updated kdelibs packages fix multiple vulnerabilities Mandrakelinux Security Team
Re: PlatinumFTPserver format string vulnerability ( IHSTeam ) Gary H. Jones II
Another includer.cgi problem? cout
[USN-98-1] OpenSLP vulnerabilities Martin Pitt
LLSSRV Redux Dave Aitel
Kevin Walsh: LimeWire Gnutella client two vulnerabilities Ill will
Linux ISO9660 handling flaws Michal Zalewski
Friday, 18 March
Cain & Abel PSK Sniffer Heap overflow Gary O'leary-Steele
Re: Windows Security Checklists - 10 Parts Paul Laudanski
Re: [Full-disclosure] Social Engineering: You Have Been A Victim Ron DuFresne
Security Contact at RSA? Gary O'leary-Steele
[PersianHacker.NET 200503-09]PHPOpenChat v3.x XSS Multiple Vulnerability PersianHacker Team
myPHP Forum v1, 2 & 3 Terencentanio Enache
Social Engineering: You Have Been A Victim Paul Laudanski
possible SQL injection in Subdreamer GHC team
Re: Linux ISO9660 handling flaws Dan Yefimov
Re: SAV9 Functionality Hole - misses virus files patrickwm71
[USN-99-1] PHP4 vulnerabilities Martin Pitt
runcms installation path Majid NT
runcms highlight.php hole Majid NT
PHP-Post Exploit Terencentanio Enache
Java Web Start argument injection vulnerability Jouko Pynnonen
[phpbb <= 2.0.13 full path disclosure & directory listing] JoCaNoR SeCuRiTy TeaM
Re: SAV9 Functionality Hole - misses virus files secure
IceCast up to v2.20 multiple vulnerabilities Patrick
RE: [phpbb <= 2.0.13 full path disclosure & directory listing] Paul S. Owen
Saturday, 19 March
[ GLSA 200503-22 ] KDE: Local Denial of Service Sune Kloppenborg Jeppesen
Ciamos Installation path(IHS) Majid NT
Ciamos Highlight.php Security Hole(IHS) Majid NT
[PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability PersianHacker Team
OllyDbg long process Module debug Vulnerability ATmaCA ATmaCA
Monday, 21 March
[ GLSA 200503-23 ] rxvt-unicode: Buffer overflow Sune Kloppenborg Jeppesen
[ GLSA 200503-24 ] LTris: Buffer overflow Sune Kloppenborg Jeppesen
Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off Eitan Caspi
Re: Few remote bugs in zPanel Kris Anderson
[ GLSA 200503-26 ] Sylpheed, Sylpheed-claws: Message reply overflow Luke Macken
-==CoolForum Path Disclosure & Possible SQL Injection==- HaCkZaTaN
[CLA-2005:940] Conectiva Security Announcement - curl Conectiva Updates
2 vulnerabilities in BetaParticle farhad koosha
TSL-2005-0009 - multi Trustix Security Advisor
[SECURITY] [DSA 695-1] New xli packages fix several vulnerabilities Martin Schulze
Fw: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability Sheldon King
Fw: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability Sheldon King
-==PVDasm Long Name Debug Vulnerability==- HaCkZaTaN
Re: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability Sheldon King
phpMyFamily 1.4.0 SQL vulnerabilities kreon
Re: Thoughts and a possible solution on homograph attacks Duncan Simpson
[ GLSA 200503-25 ] OpenSLP: Multiple buffer overflows Thierry Carrez
[ GLSA 200503-27 ] Xzabite dyndnsupdate: Multiple vulnerabilities Thierry Carrez
Details of Sybase ASE bugs withheld NGSSoftware Insight Security Research
phpMyFamily 1.4.0 SQL vulnerabilities kre0n
New Whitepaper: Anti Brute Force Resource Metering Gunter Ollmann (NGS)
Re: [VulnWatch] Details of Sybase ASE bugs withheld Halvar Flake
Re: [VulnWatch] Details of Sybase ASE bugs withheld David Litchfield
iDEFENSE Security Advisory 03.21.05: Mac OS X CF_CHARSET_PATH Buffer Overflow Vulnerability iDefense Customer Service
Re: [VulnWatch] Details of Sybase ASE bugs withheld sean
SecurityForest Exploitation Framework Beta has been released! Alon Swartz
Re: [ISN] How To Save The Internet Jason Coombs
Tuesday, 22 March
Re: Thoughts and a possible solution on homograph attacks Nick FitzGerald
MDKSA-2005:060 - Updated MySQL packages fix multiple vulnerabilities Mandrakelinux Security Team
Kayako eSupport Cross Site Scripting GulfTech Security Research
Mac OSX[CF_CHARSET_PATH]: local root exploit. Vade 79
Nortel VPN Client Issue: Clear-text password stored in memory Roy Hills
RUXCON 2005 Call for Papers RUXCON Call for Papers
[SECURITY] [DSA 696-1] New perl packages fix privilege escalation Martin Schulze
Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off BoneMachine
Possible windows+python bug liquid
[ Positive Technologies #SA] Phorum "location" HTTP Response Splitting Vulnerability Alexander Anisimov
Re: New Whitepaper: Anti Brute Force Resource Metering Amit Klein (AKsecurity)
Black Hat Briefings & Trainings: Registration now open! Jeff Moss
osCommerce File Manager Directory Traversal Vulnerability Megasky
RE: [VulnWatch] Details of Sybase ASE bugs withheld Marchand, Tom
RE: [ISN] How To Save The Internet David Gillett
Re: [VulnWatch] Details of Sybase ASE bugs withheld sean
RE: [VulnWatch] Details of Sybase ASE bugs withheld Chris Wysopal
Re: Possible windows+python bug Neil Schemenauer
RE: [VulnWatch] Details of Sybase ASE bugs withheld Marchand, Tom
Re: Possible windows+python bug azurIt
root-equivalent groups psz
Re: [ISN] How To Save The Internet Jason Coombs
Re: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off Eitan Caspi
Security Development Lifecycle Whitepaper Available Michael Howard
Wednesday, 23 March
[SIG^2 G-TEC] SurgeMail Webmail Attachment Upload and XSS Vulnerabilities chewkeong
Re: [VulnWatch] Details of Sybase ASE bugs withheld Simple Nomad
Re: New Whitepaper: Anti Brute Force Resource Metering Peter J. Holzer
RE: [VulnWatch] Details of Sybase ASE bugs withheld http-equiv () excite com
Re: [VulnWatch] Details of Sybase ASE bugs withheld Peter J. Holzer
Re: Possible windows+python bug liquid
Re: New Whitepaper: Anti Brute Force Resource Metering Gunter Ollmann
Backdoors in AS/400 emulations allow the server to attack connected PC workstations Shalom Carmel
Re: Details of Sybase ASE bugs withheld Jay Libove
SUSE Security Announcement: ImageMagick problems (SUSE-SA:2005:017) Marcus Meissner
Notacon: Apr. 8-10, 2005 in Cleveland, OH Froggy
Re: Possible windows+python bug Kinnell
Re: [ISN] How To Save The Internet Thor (Hammer of God)
Interspire ArticleLive 2005 (php version) is vulnerable to XSS mircia mircia
Re: osCommerce File Manager Directory Traversal Vulnerability Aikanáro Calaelen
Vortex Portal Francisco Alisson
RE: Possible windows+python bug Peter Oswald
RE: Java Web Start argument injection vulnerability James C Slora Jr
[SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities cXIb8O3.11 Maksymilian Arciemowicz
RE: [ISN] How To Save The Internet Arndt . WA
RE: Details of Sybase ASE bugs withheld Evans, Arian
Re: [ISN] How To Save The Internet Derek Martin
RE: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off Scrimsher, John P
Thursday, 24 March
Multiple vulnerabilities in Topic Calendar 1.0.1 for phpBB Alberto Trivero
Black Hat Briefings & Trainings: Registration now open! Jeff Moss
Hashcash in mail (was: New Whitepaper: Anti Brute Force Resource Metering) Peter J. Holzer
Oracle Reports Server 10g Vulnerable to XSS Paolo Paolo
Firescrolling 2 [Firefox 1.0.1] mikx
SUSE Security Announcement: several kernel security problems (SUSE-SA:2005:018) Marcus Meissner
SUSE Security Announcement: MySQL vulnerabilities (SUSE-SA:2005:019) Marcus Meissner
Re: New Whitepaper: Anti Brute Force Resource Metering Jason W
[USN-100-1] cdrecord vulnerability Martin Pitt
Re: Firescrolling 2 [Firefox 1.0.1] John Madden
[USN-99-2] Fixed php4 packages for USN-99-1 Martin Pitt
Secure Science issues preview of their upcoming block cipher BugTraq
[ GLSA 200503-29 ] GnuPG: OpenPGP protocol attack Thierry Carrez
[ GLSA 200503-28 ] Sun Java: Web Start argument injection vulnerability Thierry Carrez
LogicLibrary BugScan VSR,Trillian 2.0, 3.0 and 3.1 Matt Hargett
Which anti-spyware cleaner is the best? Paul Laudanski
Friday, 25 March
Security Flaw with Digital signatures in Microsoft Outlook Roberto Franceschetti
Re: New Whitepaper: Anti Brute Force Resource Metering Joachim Schipper
Re: Secure Science issues preview of their upcoming block cipher Adam Shostack
phpMyDirectory 10.1.3-rel Cross site scripting mircia mircia
RX250305 - OpenMosixView : Multiple Race conditions - advisory and exploit rexolab
Re: New Whitepaper: Anti Brute Force Resource Metering Amit Klein (AKsecurity)
smail remote and local root holes sean
Netcomm 1300NB DSL Modem Denial of Service Chris Rock
Re: Secure Science issues preview of their upcoming block cipher Jerrold Leichter
Re: Secure Science issues preview of their upcoming block cipher David Covin
RE: Security Flaw with Digital signatures in Microsoft Outlook Adrian Floarea
Re: [bugtraq] Security Flaw with Digital signatures in Microsoft Outlook Erwann ABALEA
[FLSA-2005:2155] Updated sharutils package fixes security issues Marc Deslauriers
[FLSA-2005:2129] Updated mysql packages fix security issues Marc Deslauriers
[FLSA-2005:2268] Updated spamassassin package fixes security issues Marc Deslauriers
Re: [FLSA-2005:2129] Updated mysql packages fix security issues Ventsislav Genchev
Re: [FLSA-2005:2129] Updated mysql packages fix security issues Ventsislav Genchev
[ GLSA 200503-30 ] Mozilla Suite: Multiple vulnerabilities Thierry Carrez
[ GLSA 200503-33 ] IPsec-Tools: racoon Denial of Service Matthias Geerdsen
TCP timestamp & advanced fingerprinting Erwan Arzur
Re: Secure Science issues preview of their upcoming block cipher Ralf-Philipp Weinmann
phpbb 2.0.13 Exploit (bug) tOnk3r
Saturday, 26 March
ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6 Gerardo Astharot Di Giacomo
AS/400 LDAP user accounts disclosure Shalom Carmel
QuickTime malformed JPEG buffer overflow liquid
RE: [bugtraq] Security Flaw with Digital signatures in Microsoft Outlook Lyal Collins
Re: New Whitepaper: Anti Brute Force Resource Metering Luca Berra
File inclusion and XSS vulnerability in E-Store Kit-2 PayPal Edition dcrab
Re: Security Flaw with Digital signatures in Microsoft Outlook Anthony G. Atkielski
Re: Secure Science issues preview of their upcoming block cipher devnull
Re: smail remote and local root holes (no, not really ;-) Greg A. Woods
RE: TCP timestamp & advanced fingerprinting Bruce Klein
Brute-Force scanning the entire 32-bit IP space using Javascript. cyber_flash
Re: smail remote and local root holes (no, really ;-) sean
Monday, 28 March
FreeBSD Security Advisory FreeBSD-SA-05:01.telnet FreeBSD Security Advisories
iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client env_opt_add() Buffer Overflow Vulnerability iDEFENSE Labs
iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability iDEFENSE Labs
[CLA-2005:942] Conectiva Security Announcement - ethereal Conectiva Updates
[ GLSA 200503-34 ] mpg321: Format string vulnerability Sune Kloppenborg Jeppesen
Buffer-overflow in Tincat 2 minor than 2.0.28 (Sacred, Settlers 5 and others) Luigi Auriemma
Re: ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6 Paul Laudanski
Multiple sql injection, and xss vulnerabilities in Vladersoft Shopping Cart v.3.0 dcrab
Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software. dcrab
local root security bug in linux >= 2.4.6 <= 2.4.30-rc1 and 2.6.x.y <= 2.6.11.5 advisories
Multiple Sql injection, and multiple XSS vulnerabilities in Easy Community Management System Forum (E-XOOPS) dcrab
Re: smail remote and local root holes (really, it is exploitable) sean
[USN-101-1] telnet vulnerabilities Martin Pitt
Multiple XSS vulnerabilities in ACS Blog Dan Crowley
Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software dcrab
RE: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off Eitan Caspi
Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability Solar Designer
Multiple XSS issues in Sun AnswerBook2 B00B00
phishing sites report - March/2005 Gadi Evron
Tuesday, 29 March
Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability Tavis Ormandy
DoS of LAN via D-Link switches Frank Bures
Re: phishing sites report - March/2005 Gadi Evron
[SECURITY] [DSA 698-1] New mc packages fix buffer overflow Martin Schulze
Re: phishing sites report - March/2005 Paul Laudanski
THai's Shoutbox XSS (Spoofing URL) BUG CorryL
[SECURITY] [DSA 699-1] New netkit-telnet-ssl packages fix arbitrary code execution Martin Schulze
[USN-102-1] shar vulnerabilities Martin Pitt
Multiple Sql injection, and multiple XSS vulnerabilities in Easy Community Management System Forum (E-XOOPS) dcrab
Multiple sql injection, and xss vulnerabilities in AspApp dcrab
MITKRB5-SA-2005-001: buffer overflows in telnet client Tom Yu
RE: DoS of LAN via D-Link switches David Gillett
Re: TCP timestamp & advanced fingerprinting Erwan Arzur
directory traversal in FastStone 4in1 Browser 1.2 Donato Ferrante
Invision Power Board v2.0.3 XSS vulnerabilities hoang yen
Multiple sql injection, and xss vulnerabilities in PortalApp dcrab
Code insertion in Blogger comments Antone Roundy
[SECURITY] [DSA 697-1] New netkit-telnet packages fix arbitrary code execution Martin Schulze
Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability Gaël Delalleau
Re: Security Flaw with Digital signatures in Microsoft Outlook dori
[PersianHacker.NET 200503-12]Chatness 2.5.1 and prior XSS Vulnerabilities PersianHacker Team
RE: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software. GulfTech Security Research
Code insertion in Blogger comments Antone Roundy
abuse & security issues > Israel Gadi Evron
Multiple XSS vulnerabilities in ACS Blog Dan Crowley
Re: DoS of LAN via D-Link switches Tarmo Mamers
Multiple phpCoin Vulnerabilities GulfTech Security Research
[PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior Multiple Vulnerbilities PersianHacker Team
Portcullis Security Advisory 05-011 ACPI 1.6 BIOS Paul J Docherty
Wednesday, 30 March
MDKSA-2005:061 - Updated krb5 packages fix telnet client vulnerability Mandrakelinux Security Team
Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL Attack Cisco Systems Product Security Incident Response Team
[ GLSA 200503-35 ] Smarty: Template vulnerability Thierry Carrez
RE: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS Paul J Docherty
Re: DoS of LAN via D-Link switches Neil Watson
Re: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software. dcrab
[SECURITY] [DSA 700-1] New mailreader packages fix cross-site scripting vulnerability Martin Schulze
Re: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS Kurt Seifried
Multiple sql injection, and xss vulnerabilities in Pay pal Storefront Diabolic Crab
PaFileDB Version 3.1 and below are exploitable via a XSS and a SQL injection vulnerability dcrab
Thursday, 31 March
[CLA-2005:945] Conectiva Security Announcement - kernel Conectiva Updates
[SECURITY] [DSA 701-1] New samba packages fix arbitrary code execution Martin Schulze
bzip2 TOCTOU file-permissions vulnerability Imran Ghory
Re: DoS of LAN via D-Link switches Joel Maslak
cPanel/WHM demo account problems Richard Stanway
Vendor Response to Portculis Advisory 05-002: Spectrum Cash Receipting System Paul J Docherty
Re: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS Chris Paget
RE: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS Paul J Docherty
[ GLSA 200503-36 ] netkit-telnetd: Buffer overflow Thierry Carrez
MDKSA-2005:064 - Updated libexif packages fix vulnerability Mandrakelinux Security Team
[ GLSA 200503-37 ] LimeWire: Disclosure of sensitive information Thierry Carrez
MX Shop 1.1.1 and MX Kart 1.1.2 are vulnerable to multiple SQL injection vulnerabilities dcrab
MDKSA-2005:062 - Updated ipsec-tools packages fix vulnerability Mandrakelinux Security Team
MDKSA-2005:063 - Updated htdig packages fix vulnerability Mandrakelinux Security Team
Bay Technical Associates telnet server logon bypass nolimit bugtraq
Re: Bay Technical Associates telnet server logon bypass Michael Brennen
Re: DoS of LAN via D-Link switches Scott Nelson
RE: eBay Account Phishing with eBay Redirect - Ebay fixed this + related XSS hole Rager, Anton (Anton)
WindowsXP malformed .wmf files DoS liquid
RE: Invision Power Board v2.0.3 XSS vulnerabilities alex
Re: cPanel/WHM demo account problems Beau Henderson