Bugtraq: by thread

• RSS Feed
• About List
• All Lists

Previous period

Next period

553 messages starting Feb 28 05 and ending Mar 31 05
Date index | Thread index | Author index

• Re: Office 10 applications & flashdrives can be used to browse restricted drives Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Feb 28)
  • Re: Office 10 applications & flashdrives can be used to browse restricted drives Jay D. Dyson (Feb 28)
• 7a69Adv#22 - UNIX unzip keep setuid and setgid files Albert Puigsech Galicia (Feb 28)
  • Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files John Simpson (Feb 28)
    • Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files Han Boetes (Mar 01)
      • Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files devnull (Mar 01)
      • Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files exon (Mar 01)
• Re: iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability Rainer Schöpf (Feb 28)
• WASC-Articles: 'The Insecure Indexing Vulnerability - Attacks Against Local Search Engines' By Amit Klein robert (Feb 28)
• iDEFENSE Security Advisory 02.28.05: KPPP Privileged File Descriptor Leak Vulnerability iDEFENSE Labs (Feb 28)
• iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error iDEFENSE Labs (Feb 28)
  • Re: iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error Miles Beck (Feb 28)
  • <Possible follow-ups>
  • Re: iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error dveditz (Mar 01)
• [Hat-Squad] GFI L.N.S.S 5.0 Insecure Credential Storage Hat-Squad Security Team (Feb 28)
• [SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=>x cXIb8O3.3 Maksymilian Arciemowicz (Feb 28)
• [SECURITYREASON.COM] PostNuke Critical XSS 0.760-RC2=>x cXIb8O3.2 Maksymilian Arciemowicz (Feb 28)
• [SECURITYREASON.COM] PostNuke Critical SQL Injection 0.760-RC2=>x cXIb8O3.1 Maksymilian Arciemowicz (Feb 28)
  • Re: [SECURITYREASON.COM] PostNuke Critical SQL Injection 0.760-RC2=>x cXIb8O3.1 Linux php (Mar 12)
• Firefox Software Update Kai Howells (Feb 28)
  • Re: Firefox Software Update Michael Hampton (Mar 01)
    • Re: Firefox Software Update Stan Bubrouski (Mar 01)
  • Re: Firefox Software Update Matt Venzke (Mar 01)
  • Re: Firefox Software Update Beau Henderson (Mar 01)
  • Re: Firefox Software Update Adam Kane (Mar 01)
    • Re: Firefox Software Update Kai Howells (Mar 01)
      • Re: Firefox Software Update Gilles DEMARTY (Mar 02)
  • Re: Firefox Software Update Kurt Seifried (Mar 01)
    • Re: Firefox Software Update Rainer Duffner (Mar 01)
• Badblue HTTP Server Exploit Miguel Tarascó Acuña (Feb 28)
• [ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ] JoCaNoR SeCuRiTy TeaM (Mar 01)
  • <Possible follow-ups>
  • Re: [ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ] Maksymilian Arciemowicz (Mar 01)
  • [ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ] Jose Pedro Andres (Mar 01)
• Re: BizMail 2.1 Spam Exploit Jason Frisvold (Mar 01)
• [SIG^2 G-TEC] RaidenHTTPD Server Buffer Overflow and CGI Source Disclosure Vulnerabilities chewkeong (Mar 01)
• Kernelpanik Labs Digest 2005-2 Kernelpanik Labs - Security Lists (Mar 01)
• IObjectSafety and Internet Explorer Shane Hird (Mar 01)
• phpBB <= 2.0.12 UID Exploit federico gonzales (Mar 01)
  • Re: phpBB <= 2.0.12 UID Exploit Nicob (Mar 02)
• OpenServer 5.0.6 OpenServer 5.0.7 : A vulnerability in TCP please_reply_to_security (Mar 01)
• 427BB profile.php XSS vulnerability. Raven (Mar 01)
  • <Possible follow-ups>
  • 427BB profile.php XSS vulnerability. Raven (Mar 01)
• [KDE Security Advisory] kppp Privileged fd Leak Vulnerability Dirk Mueller (Mar 01)
• Software PBLang 4.63 delpm.php authentication vulnerability Raven (Mar 01)
• Software PBLang 4.63 sendpm.php reply file read vulnerability Raven (Mar 01)
• Forumwa search.php xss vulnerability Raven (Mar 01)
• [ GLSA 200503-01 ] Qt: Untrusted library search path Sune Kloppenborg Jeppesen (Mar 01)
• iDEFENSE Security Advisory 03.01.05: RealNetworks RealPlayer .smil Buffer Overflow Vulnerability Michael Sutton (Mar 01)
• PHP News <= 1.2.4 - Remote File Inclusion (VXSfx) Filip Groszynski (Mar 01)
• [ GLSA 200503-03 ] Gaim: Multiple Denial of Service issues Sune Kloppenborg Jeppesen (Mar 01)
• [ GLSA 200503-04 ] phpWebSite: Arbitrary PHP execution and path disclosure Thierry Carrez (Mar 01)
• [ GLSA 200503-02 ] phpBB: Multiple vulnerabilities Thierry Carrez (Mar 01)
• [ GLSA 200502-33 ] MediaWiki: Multiple vulnerabilities Thierry Carrez (Mar 01)
• [USN-89-1] XML library vulnerabilities Martin Pitt (Mar 01)
• [USN-88-1] reportbug information disclosure Martin Pitt (Mar 01)
• [USN-86-1] cURL vulnerability Martin Pitt (Mar 01)
• [USN-87-1] Cyrus IMAP server vulnerability Martin Pitt (Mar 01)
• iDEFENSE Security Advisory 03.02.05: Computer Associates License Client/Server GCR Checksum Buffer Overflow iDEFENSE Labs (Mar 02)
• iDEFENSE Security Advisory 03.02.05: Computer Associates License Client/Server GCR Network Buffer Overflow iDEFENSE Labs (Mar 02)
• iDEFENSE Security Advisory 03.02.05: Computer Associates License Client/Server GETCONFIG Buffer Overflow iDEFENSE Labs (Mar 02)
• iDEFENSE Security Advisory 03.02.05: Computer Associates License Client PUTOLF Directory Traversal iDEFENSE Labs (Mar 02)
• iDEFENSE Security Advisory 03.02.05: Computer Associates License Client PUTOLF Buffer Overflow iDEFENSE Labs (Mar 02)
• iDEFENSE Security Advisory 03.02.05: Computer Associates License Client and Server Invalid Command Buffer Overflow iDEFENSE Labs (Mar 02)
• License Patches Are Now Available To Address Buffer Overflows Williams, James K (Mar 02)
• [CLA-2005:926] Conectiva Security Announcement - mod_python Conectiva Updates (Mar 02)
• RealOne Player / Real .WAV Heap Overflow File Format Vulnerability Mark Litchfield (Mar 02)
• Foxmail server "USER" command Multiple remote buffer overflow Xin Ouyang (Mar 02)
• [FLSA-2005:2314] Updated XFree86 packages fix security flaws Dominic Hargreaves (Mar 02)
• Vulnerabilities in Aura CMS echo staff (Mar 02)
• [ GLSA 200503-05 ] xli, xloadimage: Multiple vulnerabilities Thierry Carrez (Mar 02)
• Golden Ftp server 1.29 Username remote Buffer Overflow Carlos Ulver (Mar 02)
• Security Advisory: Computalynx CProxy Server Multiple Remote Vulnerabilities Kristof Philipsen (Mar 02)
• iDEFENSE Labs Releases IDA Sync iDEFENSE Labs (Mar 02)
• EEYE: Computer Associates License Manager Remote Vulnerabilities Karl Lynn (Mar 02)
• [SECURITY BULLETIN] SSRT4866 rev.0 MUP HP OpenVMS V6.x and V7.x privileged file access Boren, Rich (SSRT) (Mar 02)
• Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php Paisterist (Mar 03)
  • Re: Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php vzmule (Mar 03)
  • <Possible follow-ups>
  • Re: Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php Some one (Mar 05)
• [USN-90-1] Imagemagick vulnerability Martin Pitt (Mar 03)
• Re: SHA-1 broken Pavel Machek (Mar 03)
• Microsoft AntiSpyware Beta and Windows Scripting Host Joe Stocker (Mar 03)
  • RE: Microsoft AntiSpyware Beta and Windows Scripting Host alex cottle (Mar 04)
• [XSS] paBox 1.6 Rift (Mar 03)
• [CLA-2005:928] Conectiva Security Announcement - clamav Conectiva Updates (Mar 03)
• TYPO3 SQL Injection vunerabilitie Fabian Becker (Mar 03)
  • Re: TYPO3 SQL Injection vunerabilitie Sebastian Wolfgarten (Mar 03)
    • RE: TYPO3 SQL Injection vunerabilitie GulfTech Security Research (Mar 04)
    • Re: TYPO3 SQL Injection vunerabilitie Michael Shigorin (Mar 04)
  • Re: TYPO3 3rd party extension (cmw_linklist) SQL Injection vunerability Michael Shigorin (Mar 04)
  • <Possible follow-ups>
  • Re: TYPO3 SQL Injection vunerabilitie Dennis Shewmaker (Mar 03)
  • Re: TYPO3 SQL Injection vunerabilitie Michael Stucki (Mar 04)
  • Re: TYPO3 SQL Injection vunerabilitie Karsten Dambekalns (Mar 04)
• Microsoft Antispyware Beta window docking issue Jeroen van Rijn (Mar 03)
  • Re: Microsoft Antispyware Beta window docking issue Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Mar 03)
• My-forum.org cookies vulnerability - data bug Black Angel (Mar 03)
• [ GLSA 200503-06 ] BidWatcher: Format string vulnerability Sune Kloppenborg Jeppesen (Mar 03)
• [ GLSA 200503-07 ] phpMyAdmin: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Mar 03)
• PHP News <= 1.2.4 - Remote File Inclusion Exploit mozako (Mar 03)
• GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability Hongzhen Zhou (Mar 04)
  • Re: GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability Frank Denis (Jedi/Sector One) (Mar 04)
  • <Possible follow-ups>
  • Re: GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability Hongzhen Zhou (Mar 07)
• Download Center Lite (DCL) - Arbitrary File Inclusion (VXSfx) Filip Groszynski (Mar 04)
• PHP Form Mail Script (2.3) - Arbitrary File Inclusion (VXSfx) Filip Groszynski (Mar 04)
• -==phpBB 2.0.13 Full path disclosure==- HaCkZaTaN (Mar 04)
• [ GLSA 200503-08 ] OpenMotif, LessTif: New libXpm buffer overflows Thierry Carrez (Mar 04)
• [ GLSA 200503-09 ] xv: Filename handling vulnerability Thierry Carrez (Mar 04)
• [ GLSA 200503-10 ] Mozilla Firefox: Various vulnerabilities Thierry Carrez (Mar 04)
• Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2 Andrey Bayora (Mar 04)
  • Re: [Full-Disclosure] Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2 Trog (Mar 07)
    • Re: [Full-Disclosure] Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2 Andrey Bayora (Mar 08)
• phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED- Wesley aka PPC (Mar 04)
  • Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED- Matthias (Mar 07)
• LOOKNMEET HTML INJECT EXPLOIT Wesley aka PPC (Mar 04)
• PaX privilege elevation security bug pageexec (Mar 05)
• MDKSA-2005:048 - Updated curl packages fix vulnerability Mandrakelinux Security Team (Mar 05)
• MDKSA-2005:049 - Updated gaim packages fix multiple vulnerabilities Mandrakelinux Security Team (Mar 05)
• MDKSA-2005:051 - Updated cyrus-imapd packages fix vulnerabilities Mandrakelinux Security Team (Mar 05)
• MDKSA-2005:052 - Updated kdegraphics packages fix vulnerabilities Mandrakelinux Security Team (Mar 05)
• MDKSA-2005:050 - Updated gftp packages fix vulnerability Mandrakelinux Security Team (Mar 05)
• Windows Server 2003 and XP SP2 LAND attack vulnerability Dejan Levaja (Mar 05)
  • <Possible follow-ups>
  • Re: Windows Server 2003 and XP SP2 LAND attack vulnerability paul14075 (Mar 08)
  • Re: Windows Server 2003 and XP SP2 LAND attack vulnerability Grndahl (Mar 08)
  • Re: Windows Server 2003 and XP SP2 LAND attack vulnerability caldcv (Mar 08)
  • RE: Windows Server 2003 and XP SP2 LAND attack vulnerability Detection Services - IS Security (Mar 10)
    • RE: Windows Server 2003 and XP SP2 LAND attack vulnerability Miguel Angel Rodríguez Jódar (Mar 12)
  • RE: Windows Server 2003 and XP SP2 LAND attack vulnerability Evans, Arian (Mar 10)
  • RE: Windows Server 2003 and XP SP2 LAND attack vulnerability Daniel Cross (Mar 12)
• [ GLSA 200503-13 ] mlterm: Integer overflow vulnerability Luke Macken (Mar 07)
• [SECURITY] [DSA 691-1] New abuse packages fix local root exploit Martin Schulze (Mar 07)
• Remote Command Execution Francisco Alisson (Mar 07)
  • Re: Remote Command Execution BoI base (Mar 08)
  • Re: Remote Command Execution BoI base (Mar 08)
• [ GLSA 200503-11 ] ImageMagick: Filename handling vulnerability Thierry Carrez (Mar 07)
• [ GLSA 200503-12 ] Hashcash: Format string vulnerability Thierry Carrez (Mar 07)
  • <Possible follow-ups>
  • Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability Hubert Chan (Mar 07)
• [FLSA-2005:1748] Updated subversion packages fix security issues Marc Deslauriers (Mar 07)
• [FLSA-2005:2344] Updated php packages fix security issues Marc Deslauriers (Mar 07)
• [Hat-Squad] Computer-Associates, License Manager POC Exploit Hat-Squad Security Team (Mar 07)
• Real Realplayer 10 .smil local buffer overflow POC nolimit bugtraq (Mar 07)
• CIRT.DK Advisory - SafeNet Inc Sentinel License Manager 7.2.0.2 Buffer Overflow CIRT Advisory (Mar 07)
• [USN-91-1] EXIF library vulnerability Martin Pitt (Mar 07)
• phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit thephuket (Mar 07)
  • Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit comsatcat (Mar 07)
  • Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit comsatcat (Mar 07)
• thoughts and a possible solution on homograph attacks Michael Roitzsch (Mar 07)
  • Re: thoughts and a possible solution on homograph attacks Michael Silk (Mar 07)
  • Re: thoughts and a possible solution on homograph attacks Kevin Day (Mar 07)
    • Re: thoughts and a possible solution on homograph attacks Dmitry Yu. Bolkhovityanov (Mar 08)
      • Re: thoughts and a possible solution on homograph attacks Michael Roitzsch (Mar 08)
    • Re: thoughts and a possible solution on homograph attacks Denis Jedig (Mar 08)
  • Re: thoughts and a possible solution on homograph attacks James Youngman (Mar 07)
  • Re: thoughts and a possible solution on homograph attacks Thomas Wana (Mar 07)
  • Re: thoughts and a possible solution on homograph attacks Benjamin Franz (Mar 07)
  • Re: thoughts and a possible solution on homograph attacks Dmitry Yu. Bolkhovityanov (Mar 08)
  • <Possible follow-ups>
  • RE: thoughts and a possible solution on homograph attacks Scovetta, Michael V (Mar 07)
    • Re: thoughts and a possible solution on homograph attacks Mike Nice (Mar 08)
    • Re: houghts and a possible solution on homograph attacks Sven Putteneers (Mar 08)
      • Re: houghts and a possible solution on homograph attacks Nick FitzGerald (Mar 10)
      • Re: Thoughts and a possible solution on homograph attacks Paul Smith (Mar 12)
      • Re: Thoughts and a possible solution on homograph attacks Riccardo Murri (Mar 15)
      • Re: Thoughts and a possible solution on homograph attacks Valdis . Kletnieks (Mar 15)
      • Re: Thoughts and a possible solution on homograph attacks khockenb (Mar 16)
      • Re: Thoughts and a possible solution on homograph attacks Riccardo Murri (Mar 16)
  • Re: Thoughts and a possible solution on homograph attacks Duncan Simpson (Mar 21)
    • Re: Thoughts and a possible solution on homograph attacks Nick FitzGerald (Mar 22)
• Gene6 FTP Server Local Privilege Escalation Vulnerability Sowhat (Mar 07)
  • <Possible follow-ups>
  • Re: Gene6 FTP Server Local Privilege Escalation Vulnerability Matthieu (Mar 07)
• Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Atom Smasher (Mar 07)
  • Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Atom Smasher (Mar 08)
  • Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Atom Smasher (Mar 10)
    • Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Ryan Cummings (Mar 11)
      • Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability Atom Smasher (Mar 11)
• Remote Testing SocialMPN Remote File Inclusion by y3dips echo staff (Mar 07)
• PHP Form Mail Script <= 2.3 arbitrary file inclusion exploit exploit mozako (Mar 07)
• vBulletin Worm - perl.Santy variant The Prohacker (Mar 07)
• phpBB 2.0.13 - user level exploit Some one (Mar 07)
• PHP-FUSION 5.* XSS VULNERABILITY FireSt0rm (Mar 07)
• drone armies C&C report - Feb/2005 Gadi Evron (Mar 07)
• Re: phpGiftReq SQL Injection Ryan Walberg (Mar 07)
• See-security advisory: Trillian Basic 3.0 PNG Processing Buffer overflow tal zeltzer (Mar 07)
• - Argeniss - Oracle Database Server Directory transversal Cesar (Mar 07)
• [CLA-2005:930] Conectiva Security Announcement - kernel Conectiva Updates (Mar 07)
• PHP mcNews <= 1.3 arbitrary file inclusion (VXSfx) Filip Groszynski (Mar 07)
• phpWebLog <= 0.5.3 arbitrary file inclusion (VXSfx) Filip Groszynski (Mar 07)
• [USN-92-1] LessTif vulnerabilities Martin Pitt (Mar 07)
• [ GLSA 200503-14 ] KDE dcopidlng: Insecure temporary file creation Sune Kloppenborg Jeppesen (Mar 07)
• UnixWare 7.1.4 : Samba multiple security issues please_reply_to_security (Mar 07)
• Hosting Controller Multiple Unauthenticated information disclose small mouse (Mar 07)
• UnixWare 7.1.4 : squid updated package fixes several security issues please_reply_to_security (Mar 07)
• iDEFENSE Labs Releases IDA RPC Enumerator iDEFENSE Labs (Mar 07)
• Multiples Vulnerabilities Francisco Alisson (Mar 08)
• PE Multiple Remote Access Validation Vulnerabilities (Participate Systems Inc. / Outstart Inc.) Altrus Wollesen (Mar 08)
• RE: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability Walton, John Michael (John) (Mar 08)
• [SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file extension validation pokley (Mar 08)
• [CLA-2005:931] Conectiva Security Announcement - squid Conectiva Updates (Mar 08)
• Multiple vulnerabilities in paFileDB sp3x (Mar 08)
• ArGoSoft FTP Server 1.4.2.8 Buffer Overflow CorryL (Mar 08)
• failles dans ProjectBB v0.4.5.1 benji (Mar 08)
• [SECURITY] [DSA 692-1] New kppp packages fix privileged file descriptor leak Martin Schulze (Mar 08)
• Ethereal remote buffer overflow LSS Security (Mar 08)
  • Re: Ethereal remote buffer overflow Gerald Combs (Mar 09)
  • Re: Ethereal remote buffer overflow Diego Giagio (Mar 09)
• [FLSA-2005:2404] Updated less package fixes security issue Marc Deslauriers (Mar 08)
• [USN-93-1] Squid vulnerability Martin Pitt (Mar 08)
• RE: Ethereal remote buffer overflow - addon LSS Security (Mar 09)
• [USN-94-1] Perl vulnerability Martin Pitt (Mar 09)
• [Security Bulletin] SSRT4891 rev.0 HP Tru64 UNIX message queue local denial of service (DoS) Boren, Rich (SSRT) (Mar 09)
• Update: MS05-011 EEYE: Windows SMB Client Transaction Response Handling Vulnerability Marc Maiffret (Mar 09)
• [Updated][FLSA-2005:2344] Updated php packages fix security issues Marc Deslauriers (Mar 10)
• Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability. Bipin Gautam (Mar 10)
  • <Possible follow-ups>
  • Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability. secure (Mar 11)
• XCode 1.5 and distcc 2.x Exploit Ray Slakinski (Mar 10)
• iDEFENSE Security Advisory 03.10.05: Ipswitch Collaboration Suite IMAP EXAMINE Buffer Overflow Vulnerability iDEFENSE Labs (Mar 10)
• Wfsection 1.07 vulnerabilities kreon (Mar 10)
• iDownload/iSearch responds to Spyware Critics Paul Laudanski (Mar 10)
  • Re: iDownload/iSearch responds to Spyware Critics bkfsec (Mar 12)
• UBB.threads 6 SQL Injection kre0n (Mar 11)
• Security Masters Dojo Dragos Ruiu (Mar 11)
• [SECURITYREASON.COM][phpBB 2.0.13 SQL error in session cXIb8O3.8] Maksymilian Arciemowicz (Mar 11)
• [ GLSA 200503-16 ] Ethereal: Multiple vulnerabilities Luke Macken (Mar 12)
• [SECURITYREASON.COM] SQL injection and XSS in paFileDB SecurityReason (Mar 12)
• PhotoPost PHP 5.0 RC3, and later, multiple vulnerabilities Igor Franchuk (Mar 12)
• [badroot.org] The Includer remote commands execution exploit Federico Ozak (Mar 12)
  • <Possible follow-ups>
  • [badroot.org] The Includer remote commands execution exploit mozako (Mar 12)
• Mysql CREATE FUNCTION mysql.func table arbitrary library injection Stefano Di Paola (Mar 12)
• summercon looking for speakers louis (Mar 12)
• [ GLSA 200503-15 ] X.org: libXpm vulnerability Matthias Geerdsen (Mar 12)
• Mysql CREATE FUNCTION libc arbitrary code execution. Stefano Di Paola (Mar 12)
• PlatinumFTP 1.0.18 remote DoS ports (Mar 12)
• [SECURITYREASON.COM] Mass Full Path Disclosure in paFileDB SecurityReason (Mar 12)
• Virginity Security Advisory 2005-001 : Hola CMS - File destruction and System access Virginity Security (Mar 12)
• aeNovo Database Content Disclosure Vulnerability farhad koosha (Mar 12)
• KnowledgeBase Francisco Alisson (Mar 12)
• Av issues Bipin Gautam (Mar 12)
  • <Possible follow-ups>
  • RE: Av issues David Webster (Mar 14)
    • Re: Av issues Thierry Zoller (Mar 14)
      • Re: Av issues Yves Belle-Isle (Mar 15)
  • Re: Av issues bipin gautam (Mar 16)
• Ethereal remote buffer overflow #2 LSS Security (Mar 12)
• [ GLSA 200503-17 ] libexif: Buffer overflow vulnerability Luke Macken (Mar 12)
• [SECURITY] [DSA 662-2] New squirrelmail package fixes regression Martin Schulze (Mar 14)
• [CLA-2005:933] Conectiva Security Announcement - gaim Conectiva Updates (Mar 14)
• SUSE Security Announcement: openslp (SUSE-SA:2005:015) Sebastian Krahmer (Mar 14)
• [SECURITY] [DSA 693-1] New luxman packages fix local root exploit Martin Schulze (Mar 14)
• [HAT-SQUAD] SafeNet Sentinel LM, UDP License Manager Exploit class 101 (Mar 14)
• LimeWire Gnutella client two vulnerabilities Kevin Walsh (Mar 14)
• New Version of WinBlox is Available Liu Die Yu (Mar 14)
• [ZH2005-02SA] Insecure tmp file creation in Wine Giovanni Delvecchio (Mar 14)
• Master RPC program number data base (/etc/rpc) Eilon Gishri (Mar 14)
• SimpGB SQL Injection Vulnerability Alexander Müller (Mar 14)
• [XSS] paBox 2.0 Rift (Mar 14)
• ...::: hotforum.nl XSS exploit :::... Rebyte Security (Mar 14)
• Ethereal 0.10.9 and below remote root exploit Diego Giagio (Mar 14)
• 3 XSS Vulnerabilities in Phorum <= 5.0.14 Jon Oberheide (Mar 14)
• Not SQL injection and XSS in paFileDB? saudi linux (Mar 14)
• [SECURITYREASON.COM] phpAdsNew 2.0.4-pr1 Multiple vulnerabilities cXIb8O3.9 Maksymilian Arciemowicz (Mar 14)
• YaBB2 rc1 XSS alireza hassani (Mar 14)
• "Drop to STARTUP Folder II" published on 2005/02/08 Liu Die Yu (Mar 14)
• DMA[2005-0310a] - 'Frank McIngvale LuxMan buffer overflow' Kevin Finisterre (Mar 14)
• iDEFENSE Security Advisory 03.14.05: MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities iDEFENSE Labs (Mar 14)
• html code include in phpnuke news crash IE 6 WoRmZ Web (Mar 14)
  • Re: html code include in phpnuke news crash IE 6 Berend-Jan Wever (Mar 14)
• Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Dr. Peter Bieringer (Mar 14)
  • Message not available
    • Re: Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Dr. Peter Bieringer (Mar 15)
  • <Possible follow-ups>
  • Re: Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Thierry Zoller (Mar 15)
• PlantinumFTP server <= 1.0.18 Remote DOS exploit Exoduks (Mar 14)
  • Re: PlantinumFTP server <= 1.0.18 Remote DOS exploit Gary H. Jones II (Mar 15)
• phpbb <= 2.0.12 uid vuln + admin_styles.php php code injection exploit bad boy (Mar 14)
• phpbb cookie admin access pureone (Mar 14)
• SAV9 Functionality Hole - misses virus files me3 (Mar 15)
  • Re: SAV9 Functionality Hole - misses virus files Harry Hoffman (Mar 15)
  • Re: SAV9 Functionality Hole - misses virus files Ben Blakely (Mar 15)
  • RE: SAV9 Functionality Hole - misses virus files batchelornpe (Mar 16)
  • <Possible follow-ups>
  • RE: SAV9 Functionality Hole - misses virus files Polazzo Justin (Mar 15)
  • RE: SAV9 Functionality Hole - misses virus files Dewyngaert Brian Contr ANG/C4 (Mar 15)
  • SAV9 Functionality Hole - misses virus files secure (Mar 16)
  • Re: SAV9 Functionality Hole - misses virus files patrickwm71 (Mar 18)
  • Re: SAV9 Functionality Hole - misses virus files secure (Mar 18)
• Few remote bugs in zPanel Mik- (Mar 15)
  • <Possible follow-ups>
  • Re: Few remote bugs in zPanel Kris Anderson (Mar 21)
• Virginity Security Advisory 2005-002 : Hola CMS - Another File destruction and System access Virginity Security (Mar 15)
• [ISR] - Novell iChain Mini FTP Server Valid User Disclosure Vulnerability Francisco Amato (Mar 15)
• [ISR] - Novell iChain Mini FTP Server Unauthorized Remote Path Disclosure Vulnerability Francisco Amato (Mar 15)
• [ISR] Insecure communication and Reproduce the Session authentication Francisco Amato (Mar 15)
• Denial of Service Vulnerability in MySQL Server for Windows Luca Ercoli (Mar 15)
  • <Possible follow-ups>
  • RE: Denial of Service Vulnerability in MySQL Server for Windows BugTrap (Mar 16)
• [ GLSA 200503-18 ] Ringtone Tools: Buffer overflow vulnerability Luke Macken (Mar 15)
• [USN-95-1] Linux kernel vulnerabilities Martin Pitt (Mar 15)
• UPDATE: [ GLSA 200501-38 ] Perl: rmtree and DBI tmpfile vulnerabilities Thierry Carrez (Mar 15)
• [ISR] - Novell iChain Mini FTP Server Bruteforce Problem Francisco Amato (Mar 15)
• Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Dr. Peter Bieringer (Mar 15)
  • Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Rodrigo Barbosa (Mar 15)
    • Message not available
      • Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Rodrigo Barbosa (Mar 16)
      • Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning Tomasz Papszun (Mar 17)
  • <Possible follow-ups>
  • Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning bipin gautam (Mar 15)
• GoodTech Telnet Server Buffer Overflow Vulnerability Komrade (Mar 15)
• MDKSA-2005:053 - Updated ethereal packages fix multiple vulnerabilities Mandrakelinux Security Team (Mar 16)
• MDKSA-2005:054 - Updated cyrus-sasl packages fix vulnerability Mandrakelinux Security Team (Mar 16)
• MDKSA-2005:055 - Updated openslp packages fix multiple vulnerabilities Mandrakelinux Security Team (Mar 16)
• ADVISORY: DataRescue Interactive Disassembler Pro Debugger Format String Vulnerability Piotr Bania (Mar 16)
• Multiple KDE Security Advisories (2005-03-16) Waldo Bastian (Mar 16)
• PlatinumFTPserver format string vulnerability ( IHSTeam ) c0d3r (Mar 16)
  • Re: PlatinumFTPserver format string vulnerability ( IHSTeam ) Gary H. Jones II (Mar 17)
• MDKSA-2005:056 - Updated koffice packages fix vulnerabilities on 64 bit platforms Mandrakelinux Security Team (Mar 16)
• SUSE Security Announcement: multiple Mozilla Firefox vulnerabilities (SUSE-SA:2005:016) Marcus Meissner (Mar 16)
• MDKSA-2005:057 - Updated gnupg packages fix vulnerability Mandrakelinux Security Team (Mar 16)
• [CLA-2005:934] Conectiva Security Announcement - kdenetwork Conectiva Updates (Mar 16)
• [USN-97-1] libxpm vulnerability Martin Pitt (Mar 16)
• Servers Alive: Local Privilege Escalation Michael Starks (Mar 16)
• ASPjar Tell-a-Friend farhad koosha (Mar 16)
• [ GLSA 200503-20 ] curl: NTLM response buffer overflow Sune Kloppenborg Jeppesen (Mar 16)
• [ GLSA 200503-19 ] MySQL: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Mar 16)
• [USN-96-1] mySQL vulnerabilities Martin Pitt (Mar 16)
• Re: GoodTech Telnet Server Buffer Overflow Vulnerability [EXPLOIT] cybertronic (Mar 16)
• LLSSRV Clarifications <Immunity> Dave Aitel (Mar 17)
• MDKSA-2005:059 - Updated evolution packages fix crasher Mandrakelinux Security Team (Mar 17)
• [ GLSA 200503-21 ] Grip: CDDB response overflow Luke Macken (Mar 17)
• See-security Advisory: Format string vulnerability in MailEnable 1.8 a a (Mar 17)
• [CLA-2005:937] Conectiva Security Announcement - cyrus-imapd Conectiva Updates (Mar 17)
• Windows 2000 GDI32.DLL GetEnhMetaFilePaletteEntries() API specially crafted EMF file DOS vulnerability Hongzhen Zhou (Mar 17)
• XSS in ACS blog farhad koosha (Mar 17)
• PHP mcNews arbitrary file inclusion Jonathan Whiteley (Mar 17)
• MDKSA-2005:058 - Updated kdelibs packages fix multiple vulnerabilities Mandrakelinux Security Team (Mar 17)
• Another includer.cgi problem? cout (Mar 17)
• [USN-98-1] OpenSLP vulnerabilities Martin Pitt (Mar 17)
• LLSSRV Redux Dave Aitel (Mar 17)
• Kevin Walsh: LimeWire Gnutella client two vulnerabilities Ill will (Mar 17)
• Linux ISO9660 handling flaws Michal Zalewski (Mar 17)
  • Re: Linux ISO9660 handling flaws Dan Yefimov (Mar 18)
• Cain & Abel PSK Sniffer Heap overflow Gary O'leary-Steele (Mar 18)
• Re: Windows Security Checklists - 10 Parts Paul Laudanski (Mar 18)
• Security Contact at RSA? Gary O'leary-Steele (Mar 18)
• [PersianHacker.NET 200503-09]PHPOpenChat v3.x XSS Multiple Vulnerability PersianHacker Team (Mar 18)
• myPHP Forum v1, 2 & 3 Terencentanio Enache (Mar 18)
• Social Engineering: You Have Been A Victim Paul Laudanski (Mar 18)
  • Re: [Full-disclosure] Social Engineering: You Have Been A Victim Ron DuFresne (Mar 18)
• possible SQL injection in Subdreamer GHC team (Mar 18)
• [USN-99-1] PHP4 vulnerabilities Martin Pitt (Mar 18)
• runcms installation path Majid NT (Mar 18)
• runcms highlight.php hole Majid NT (Mar 18)
• PHP-Post Exploit Terencentanio Enache (Mar 18)
• Java Web Start argument injection vulnerability Jouko Pynnonen (Mar 18)
  • RE: Java Web Start argument injection vulnerability James C Slora Jr (Mar 23)
• [phpbb <= 2.0.13 full path disclosure & directory listing] JoCaNoR SeCuRiTy TeaM (Mar 18)
  • RE: [phpbb <= 2.0.13 full path disclosure & directory listing] Paul S. Owen (Mar 18)
• IceCast up to v2.20 multiple vulnerabilities Patrick (Mar 18)
• [ GLSA 200503-22 ] KDE: Local Denial of Service Sune Kloppenborg Jeppesen (Mar 19)
• Ciamos Installation path(IHS) Majid NT (Mar 19)
• Ciamos Highlight.php Security Hole(IHS) Majid NT (Mar 19)
• [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability PersianHacker Team (Mar 19)
  • <Possible follow-ups>
  • Fw: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability Sheldon King (Mar 21)
  • Fw: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability Sheldon King (Mar 21)
  • Re: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability Sheldon King (Mar 21)
• OllyDbg long process Module debug Vulnerability ATmaCA ATmaCA (Mar 19)
• [ GLSA 200503-23 ] rxvt-unicode: Buffer overflow Sune Kloppenborg Jeppesen (Mar 21)
• [ GLSA 200503-24 ] LTris: Buffer overflow Sune Kloppenborg Jeppesen (Mar 21)
• Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off Eitan Caspi (Mar 21)
  • <Possible follow-ups>
  • Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off BoneMachine (Mar 22)
  • Re: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off Eitan Caspi (Mar 22)
  • RE: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off Scrimsher, John P (Mar 23)
  • RE: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off Eitan Caspi (Mar 28)
• [ GLSA 200503-26 ] Sylpheed, Sylpheed-claws: Message reply overflow Luke Macken (Mar 21)
• -==CoolForum Path Disclosure & Possible SQL Injection==- HaCkZaTaN (Mar 21)
• [CLA-2005:940] Conectiva Security Announcement - curl Conectiva Updates (Mar 21)
• 2 vulnerabilities in BetaParticle farhad koosha (Mar 21)
• TSL-2005-0009 - multi Trustix Security Advisor (Mar 21)
• [SECURITY] [DSA 695-1] New xli packages fix several vulnerabilities Martin Schulze (Mar 21)
• -==PVDasm Long Name Debug Vulnerability==- HaCkZaTaN (Mar 21)
• phpMyFamily 1.4.0 SQL vulnerabilities kreon (Mar 21)
  • <Possible follow-ups>
  • phpMyFamily 1.4.0 SQL vulnerabilities kre0n (Mar 21)
• [ GLSA 200503-25 ] OpenSLP: Multiple buffer overflows Thierry Carrez (Mar 21)
• [ GLSA 200503-27 ] Xzabite dyndnsupdate: Multiple vulnerabilities Thierry Carrez (Mar 21)
• Details of Sybase ASE bugs withheld NGSSoftware Insight Security Research (Mar 21)
  • Re: [VulnWatch] Details of Sybase ASE bugs withheld Halvar Flake (Mar 21)
    • Re: [VulnWatch] Details of Sybase ASE bugs withheld David Litchfield (Mar 21)
      • Re: [VulnWatch] Details of Sybase ASE bugs withheld sean (Mar 21)
  • <Possible follow-ups>
  • RE: Details of Sybase ASE bugs withheld Evans, Arian (Mar 23)
• New Whitepaper: Anti Brute Force Resource Metering Gunter Ollmann (NGS) (Mar 21)
  • Re: New Whitepaper: Anti Brute Force Resource Metering Amit Klein (AKsecurity) (Mar 22)
    • Re: New Whitepaper: Anti Brute Force Resource Metering Gunter Ollmann (Mar 23)
      • Re: New Whitepaper: Anti Brute Force Resource Metering Amit Klein (AKsecurity) (Mar 25)
  • Re: New Whitepaper: Anti Brute Force Resource Metering Peter J. Holzer (Mar 23)
  • <Possible follow-ups>
  • Re: New Whitepaper: Anti Brute Force Resource Metering Jason W (Mar 24)
    • Re: New Whitepaper: Anti Brute Force Resource Metering Joachim Schipper (Mar 25)
    • Re: New Whitepaper: Anti Brute Force Resource Metering Luca Berra (Mar 26)
• iDEFENSE Security Advisory 03.21.05: Mac OS X CF_CHARSET_PATH Buffer Overflow Vulnerability iDefense Customer Service (Mar 21)
• SecurityForest Exploitation Framework Beta has been released! Alon Swartz (Mar 21)
• Re: [ISN] How To Save The Internet Jason Coombs (Mar 21)
  • RE: [ISN] How To Save The Internet David Gillett (Mar 22)
  • <Possible follow-ups>
  • Re: [ISN] How To Save The Internet Jason Coombs (Mar 22)
    • Re: [ISN] How To Save The Internet Thor (Hammer of God) (Mar 23)
  • RE: [ISN] How To Save The Internet Arndt . WA (Mar 23)
    • Re: [ISN] How To Save The Internet Derek Martin (Mar 23)
• MDKSA-2005:060 - Updated MySQL packages fix multiple vulnerabilities Mandrakelinux Security Team (Mar 22)
• Kayako eSupport Cross Site Scripting GulfTech Security Research (Mar 22)
• Mac OSX[CF_CHARSET_PATH]: local root exploit. Vade 79 (Mar 22)
• Nortel VPN Client Issue: Clear-text password stored in memory Roy Hills (Mar 22)
• RUXCON 2005 Call for Papers RUXCON Call for Papers (Mar 22)
• [SECURITY] [DSA 696-1] New perl packages fix privilege escalation Martin Schulze (Mar 22)
• Possible windows+python bug liquid (Mar 22)
  • Re: Possible windows+python bug Neil Schemenauer (Mar 22)
  • <Possible follow-ups>
  • Re: Possible windows+python bug azurIt (Mar 22)
    • Re: Possible windows+python bug Kinnell (Mar 23)
    • RE: Possible windows+python bug Peter Oswald (Mar 23)
  • Re: Possible windows+python bug liquid (Mar 23)
• [ Positive Technologies #SA] Phorum "location" HTTP Response Splitting Vulnerability Alexander Anisimov (Mar 22)
• Black Hat Briefings & Trainings: Registration now open! Jeff Moss (Mar 22)
  • <Possible follow-ups>
  • Black Hat Briefings & Trainings: Registration now open! Jeff Moss (Mar 24)
• osCommerce File Manager Directory Traversal Vulnerability Megasky (Mar 22)
  • Re: osCommerce File Manager Directory Traversal Vulnerability Aikanáro Calaelen (Mar 23)
• RE: [VulnWatch] Details of Sybase ASE bugs withheld Marchand, Tom (Mar 22)
  • Re: [VulnWatch] Details of Sybase ASE bugs withheld sean (Mar 22)
    • Re: [VulnWatch] Details of Sybase ASE bugs withheld Peter J. Holzer (Mar 23)
  • RE: [VulnWatch] Details of Sybase ASE bugs withheld Chris Wysopal (Mar 22)
  • <Possible follow-ups>
  • RE: [VulnWatch] Details of Sybase ASE bugs withheld Marchand, Tom (Mar 22)
    • Re: [VulnWatch] Details of Sybase ASE bugs withheld Simple Nomad (Mar 23)
      • Re: Details of Sybase ASE bugs withheld Jay Libove (Mar 23)
  • RE: [VulnWatch] Details of Sybase ASE bugs withheld http-equiv () excite com (Mar 23)
• root-equivalent groups psz (Mar 22)
• Security Development Lifecycle Whitepaper Available Michael Howard (Mar 22)
• [SIG^2 G-TEC] SurgeMail Webmail Attachment Upload and XSS Vulnerabilities chewkeong (Mar 23)
• Backdoors in AS/400 emulations allow the server to attack connected PC workstations Shalom Carmel (Mar 23)
• SUSE Security Announcement: ImageMagick problems (SUSE-SA:2005:017) Marcus Meissner (Mar 23)
• Notacon: Apr. 8-10, 2005 in Cleveland, OH Froggy (Mar 23)
• Interspire ArticleLive 2005 (php version) is vulnerable to XSS mircia mircia (Mar 23)
• Vortex Portal Francisco Alisson (Mar 23)
• [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities cXIb8O3.11 Maksymilian Arciemowicz (Mar 23)
• Multiple vulnerabilities in Topic Calendar 1.0.1 for phpBB Alberto Trivero (Mar 24)
• Hashcash in mail (was: New Whitepaper: Anti Brute Force Resource Metering) Peter J. Holzer (Mar 24)
• Oracle Reports Server 10g Vulnerable to XSS Paolo Paolo (Mar 24)
• Firescrolling 2 [Firefox 1.0.1] mikx (Mar 24)
  • Re: Firescrolling 2 [Firefox 1.0.1] John Madden (Mar 24)
• SUSE Security Announcement: several kernel security problems (SUSE-SA:2005:018) Marcus Meissner (Mar 24)
• SUSE Security Announcement: MySQL vulnerabilities (SUSE-SA:2005:019) Marcus Meissner (Mar 24)
• [USN-100-1] cdrecord vulnerability Martin Pitt (Mar 24)
• [USN-99-2] Fixed php4 packages for USN-99-1 Martin Pitt (Mar 24)
• Secure Science issues preview of their upcoming block cipher BugTraq (Mar 24)
  • Re: Secure Science issues preview of their upcoming block cipher Adam Shostack (Mar 25)
    • Re: Secure Science issues preview of their upcoming block cipher Jerrold Leichter (Mar 25)
      • Re: Secure Science issues preview of their upcoming block cipher Ralf-Philipp Weinmann (Mar 25)
    • Re: Secure Science issues preview of their upcoming block cipher David Covin (Mar 25)
    • Re: Secure Science issues preview of their upcoming block cipher devnull (Mar 26)
• [ GLSA 200503-29 ] GnuPG: OpenPGP protocol attack Thierry Carrez (Mar 24)
• [ GLSA 200503-28 ] Sun Java: Web Start argument injection vulnerability Thierry Carrez (Mar 24)
• LogicLibrary BugScan VSR,Trillian 2.0, 3.0 and 3.1 Matt Hargett (Mar 24)
• Which anti-spyware cleaner is the best? Paul Laudanski (Mar 24)
• Security Flaw with Digital signatures in Microsoft Outlook Roberto Franceschetti (Mar 25)
  • RE: Security Flaw with Digital signatures in Microsoft Outlook Adrian Floarea (Mar 25)
  • Re: [bugtraq] Security Flaw with Digital signatures in Microsoft Outlook Erwann ABALEA (Mar 25)
    • RE: [bugtraq] Security Flaw with Digital signatures in Microsoft Outlook Lyal Collins (Mar 26)
  • Re: Security Flaw with Digital signatures in Microsoft Outlook Anthony G. Atkielski (Mar 26)
  • <Possible follow-ups>
  • Re: Security Flaw with Digital signatures in Microsoft Outlook dori (Mar 29)
• phpMyDirectory 10.1.3-rel Cross site scripting mircia mircia (Mar 25)
• RX250305 - OpenMosixView : Multiple Race conditions - advisory and exploit rexolab (Mar 25)
• smail remote and local root holes sean (Mar 25)
• Netcomm 1300NB DSL Modem Denial of Service Chris Rock (Mar 25)
• [FLSA-2005:2155] Updated sharutils package fixes security issues Marc Deslauriers (Mar 25)
• [FLSA-2005:2129] Updated mysql packages fix security issues Marc Deslauriers (Mar 25)
  • Re: [FLSA-2005:2129] Updated mysql packages fix security issues Ventsislav Genchev (Mar 25)
  • Re: [FLSA-2005:2129] Updated mysql packages fix security issues Ventsislav Genchev (Mar 25)
• [FLSA-2005:2268] Updated spamassassin package fixes security issues Marc Deslauriers (Mar 25)
• [ GLSA 200503-30 ] Mozilla Suite: Multiple vulnerabilities Thierry Carrez (Mar 25)
• [ GLSA 200503-33 ] IPsec-Tools: racoon Denial of Service Matthias Geerdsen (Mar 25)
• TCP timestamp & advanced fingerprinting Erwan Arzur (Mar 25)
  • <Possible follow-ups>
  • RE: TCP timestamp & advanced fingerprinting Bruce Klein (Mar 26)
    • Re: TCP timestamp & advanced fingerprinting Erwan Arzur (Mar 29)
• phpbb 2.0.13 Exploit (bug) tOnk3r (Mar 25)
• ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6 Gerardo Astharot Di Giacomo (Mar 26)
  • Re: ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6 Paul Laudanski (Mar 28)
• AS/400 LDAP user accounts disclosure Shalom Carmel (Mar 26)
• QuickTime malformed JPEG buffer overflow liquid (Mar 26)
• File inclusion and XSS vulnerability in E-Store Kit-2 PayPal Edition dcrab (Mar 26)
• Re: smail remote and local root holes (no, not really ;-) Greg A. Woods (Mar 26)
  • Re: smail remote and local root holes (no, really ;-) sean (Mar 26)
  • Re: smail remote and local root holes (really, it is exploitable) sean (Mar 28)
• Brute-Force scanning the entire 32-bit IP space using Javascript. cyber_flash (Mar 26)
• FreeBSD Security Advisory FreeBSD-SA-05:01.telnet FreeBSD Security Advisories (Mar 28)
• iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client env_opt_add() Buffer Overflow Vulnerability iDEFENSE Labs (Mar 28)
• iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability iDEFENSE Labs (Mar 28)
  • Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability Solar Designer (Mar 28)
    • Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability Tavis Ormandy (Mar 29)
    • Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability Gaël Delalleau (Mar 29)
• [CLA-2005:942] Conectiva Security Announcement - ethereal Conectiva Updates (Mar 28)
• [ GLSA 200503-34 ] mpg321: Format string vulnerability Sune Kloppenborg Jeppesen (Mar 28)
• Buffer-overflow in Tincat 2 minor than 2.0.28 (Sacred, Settlers 5 and others) Luigi Auriemma (Mar 28)
• Multiple sql injection, and xss vulnerabilities in Vladersoft Shopping Cart v.3.0 dcrab (Mar 28)
• Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software. dcrab (Mar 28)
  • RE: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software. GulfTech Security Research (Mar 29)
  • <Possible follow-ups>
  • Re: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software. dcrab (Mar 30)
• local root security bug in linux >= 2.4.6 <= 2.4.30-rc1 and 2.6.x.y <= 2.6.11.5 advisories (Mar 28)
• Multiple Sql injection, and multiple XSS vulnerabilities in Easy Community Management System Forum (E-XOOPS) dcrab (Mar 28)
  • <Possible follow-ups>
  • Multiple Sql injection, and multiple XSS vulnerabilities in Easy Community Management System Forum (E-XOOPS) dcrab (Mar 29)
• [USN-101-1] telnet vulnerabilities Martin Pitt (Mar 28)
• Multiple XSS vulnerabilities in ACS Blog Dan Crowley (Mar 28)
  • <Possible follow-ups>
  • Multiple XSS vulnerabilities in ACS Blog Dan Crowley (Mar 29)
• Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software dcrab (Mar 28)
• Multiple XSS issues in Sun AnswerBook2 B00B00 (Mar 28)
• phishing sites report - March/2005 Gadi Evron (Mar 28)
  • Re: phishing sites report - March/2005 Paul Laudanski (Mar 29)
    • Re: phishing sites report - March/2005 Gadi Evron (Mar 29)
• DoS of LAN via D-Link switches Frank Bures (Mar 29)
  • RE: DoS of LAN via D-Link switches David Gillett (Mar 29)
    • Re: DoS of LAN via D-Link switches Tarmo Mamers (Mar 29)
      • Re: DoS of LAN via D-Link switches Neil Watson (Mar 30)
      • Re: DoS of LAN via D-Link switches Joel Maslak (Mar 31)
      • Re: DoS of LAN via D-Link switches Scott Nelson (Mar 31)
• [SECURITY] [DSA 698-1] New mc packages fix buffer overflow Martin Schulze (Mar 29)
• THai's Shoutbox XSS (Spoofing URL) BUG CorryL (Mar 29)
• [SECURITY] [DSA 699-1] New netkit-telnet-ssl packages fix arbitrary code execution Martin Schulze (Mar 29)
• [USN-102-1] shar vulnerabilities Martin Pitt (Mar 29)
• Multiple sql injection, and xss vulnerabilities in AspApp dcrab (Mar 29)
• MITKRB5-SA-2005-001: buffer overflows in telnet client Tom Yu (Mar 29)
• directory traversal in FastStone 4in1 Browser 1.2 Donato Ferrante (Mar 29)
• Invision Power Board v2.0.3 XSS vulnerabilities hoang yen (Mar 29)
  • RE: Invision Power Board v2.0.3 XSS vulnerabilities alex (Mar 31)
• Multiple sql injection, and xss vulnerabilities in PortalApp dcrab (Mar 29)
• Code insertion in Blogger comments Antone Roundy (Mar 29)
  • <Possible follow-ups>
  • Code insertion in Blogger comments Antone Roundy (Mar 29)
• [SECURITY] [DSA 697-1] New netkit-telnet packages fix arbitrary code execution Martin Schulze (Mar 29)
• [PersianHacker.NET 200503-12]Chatness 2.5.1 and prior XSS Vulnerabilities PersianHacker Team (Mar 29)
• abuse & security issues > Israel Gadi Evron (Mar 29)
• Multiple phpCoin Vulnerabilities GulfTech Security Research (Mar 29)
• [PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior Multiple Vulnerbilities PersianHacker Team (Mar 29)
• Portcullis Security Advisory 05-011 ACPI 1.6 BIOS Paul J Docherty (Mar 29)
  • Re: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS Kurt Seifried (Mar 30)
  • Re: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS Chris Paget (Mar 31)
  • <Possible follow-ups>
  • RE: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS Paul J Docherty (Mar 30)
  • RE: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS Paul J Docherty (Mar 31)
• MDKSA-2005:061 - Updated krb5 packages fix telnet client vulnerability Mandrakelinux Security Team (Mar 30)
• Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL Attack Cisco Systems Product Security Incident Response Team (Mar 30)
• [ GLSA 200503-35 ] Smarty: Template vulnerability Thierry Carrez (Mar 30)
• [SECURITY] [DSA 700-1] New mailreader packages fix cross-site scripting vulnerability Martin Schulze (Mar 30)
• Multiple sql injection, and xss vulnerabilities in Pay pal Storefront Diabolic Crab (Mar 30)
• PaFileDB Version 3.1 and below are exploitable via a XSS and a SQL injection vulnerability dcrab (Mar 30)
• [CLA-2005:945] Conectiva Security Announcement - kernel Conectiva Updates (Mar 31)
• [SECURITY] [DSA 701-1] New samba packages fix arbitrary code execution Martin Schulze (Mar 31)
• bzip2 TOCTOU file-permissions vulnerability Imran Ghory (Mar 31)
• cPanel/WHM demo account problems Richard Stanway (Mar 31)
  • Re: cPanel/WHM demo account problems Beau Henderson (Mar 31)
• Vendor Response to Portculis Advisory 05-002: Spectrum Cash Receipting System Paul J Docherty (Mar 31)
• [ GLSA 200503-36 ] netkit-telnetd: Buffer overflow Thierry Carrez (Mar 31)
• MDKSA-2005:064 - Updated libexif packages fix vulnerability Mandrakelinux Security Team (Mar 31)
• [ GLSA 200503-37 ] LimeWire: Disclosure of sensitive information Thierry Carrez (Mar 31)
• MX Shop 1.1.1 and MX Kart 1.1.2 are vulnerable to multiple SQL injection vulnerabilities dcrab (Mar 31)
• MDKSA-2005:062 - Updated ipsec-tools packages fix vulnerability Mandrakelinux Security Team (Mar 31)
• MDKSA-2005:063 - Updated htdig packages fix vulnerability Mandrakelinux Security Team (Mar 31)
• Bay Technical Associates telnet server logon bypass nolimit bugtraq (Mar 31)
  • Re: Bay Technical Associates telnet server logon bypass Michael Brennen (Mar 31)
• RE: eBay Account Phishing with eBay Redirect - Ebay fixed this + related XSS hole Rager, Anton (Anton) (Mar 31)
• WindowsXP malformed .wmf files DoS liquid (Mar 31)

Previous period

Next period