Mail Thread Index

Date Index

OpenServer 5.0.6 OpenServer 5.0.7 : Xsco contains a buffer overflow that could be exploited to gain root privileges., please_reply_to_security
Re: CVS woes: .cvspass, Delian Krustev
- <Possible follow-ups>
- Re: CVS woes: .cvspass, Greg A. Woods
  - Re: CVS woes: .cvspass, Delian Krustev
    - Re: CVS woes: .cvspass, Greg A. Woods
      - Re: CVS woes: .cvspass, Delian Krustev
        
        Re: CVS woes: .cvspass, Greg A. Woods
      - Re: CVS woes: .cvspass, Tilman Schmidt
    - Re: CVS woes: .cvspass, Andy Dustman
  - Re: CVS woes: .cvspass, Robin Rosenberg
  - Re: CVS woes: .cvspass, Robin Rosenberg
[VSA0402] OpenFTPD format string vulnerability, VOID.AT Security
- EXPLOIT for Re: [VSA0402] OpenFTPD format string vulnerability, infamous41md
Re: New possible scam method : forged websites using XUL (Firefox), Marc
- Re: New possible scam method : forged websites using XUL (Firefox), Peter J. Holzer
  - Re: New possible scam method : forged websites using XUL (Firefox), Peter J. Holzer
    - Re: New possible scam method : forged websites using XUL (Firefox), Kim Scarborough
    - Re: New possible scam method : forged websites using XUL (Firefox), Michael Reilly
- RE: New possible scam method : forged websites using XUL (Firefox), Thomas T. Evans, III
- Re: New possible scam method : forged websites using XUL (Firefox), Nicholas Knight
  - Re: New possible scam method : forged websites using XUL (Firefox), Marc
Re: [Full-Disclosure] Re: Mozilla Firefox Certificate Spoofing, Juan Carlos Navea
Sonicwall diag tool includes VPN credentlials, Milton Lopez
- RE: Sonicwall diag tool includes VPN credentlials, Stephan Sachweh
  - RE: Sonicwall diag tool includes VPN credentlials, Jody McCluggage
- <Possible follow-ups>
- RE: Sonicwall diag tool includes VPN credentlials, Eric McCarty
- Re: Sonicwall diag tool includes VPN credentlials, neil gardner
[EXPL] (MS04-022) Microsoft Windows XP Task Scheduler (.job) Universal Exploit, houseofdabus HOD
Re: Citadel/UX Remote DoS Vulnerability, IO ERROR
[ GLSA 200408-01 ] MPlayer: GUI filename handling overflow, Thierry Carrez
Re: Fwd: New possible scam method : forged websites using XUL (Firefox), Justin Polazzo
- Message not available
  - Re: Fwd: New possible scam method : forged websites using XUL (Firefox), Barry Fitzgerald
- Re: Fwd: New possible scam method : forged websites using XUL (Firefox), Peter J. Holzer
SoX Exploiter by Rosiello Security, Angelo Rosiello
SideFind, aborg
- <Possible follow-ups>
- RE: SideFind, Polazzo Justin
Comersus 5.098 XSS Vulnerable, Abdul Azis
Re[2]: Aladdin response regarding eSafe, 3APA3A
Security contact for RSA Security, Amit Klein
7a69Adv#13 - USRobotics AP Wireless Denial of Service, Albert Puigsech Galicia
SA-20040802 GnuTLS certificate chain verification bug, Patrik Hornik
DOS@MEHTTPS, CoolICE
- RE: [Full-Disclosure] DOS@MEHTTPS, Peter Fregon
OPEN3S - Local Privilege Elevation through Oracle products (Unix Platform), Juan Manuel Pascual
DoS in Webbsyte Chat 0.9.0, Donato Ferrante
[SECURITY] [DSA 535-1] New squirrelmail packages fix multiple vulnerabilities, Matt Zimmerman
CDE libDtHelp and dtlogin vulnerabilities on IRIX, SGI Security Coordinator
CESA-2004-001: libpng, chris
Clear text password exposure in Datakey's tokens and smartcards, vuln
- Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards, Lionel Ferette
  - Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards, Toomas Soome
    - Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards, Kevin Sheldrake
      - Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards, Seth Breidbart
    - Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards, Lee Dilkie
      - Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards, Kevin Sheldrake
vulnerabilities in JetboxOne CMS, ahmad muammar
Multiple vulnerabilities in eNdonesia CMS, ahmad muammar
SUSE Security Announcement: libpng (SUSE-SA:2004:023), Thomas Biege
Linux kernel file offset pointer races, Paul Starzetz
[ GLSA 200408-02 ] Courier: Cross-site scripting vulnerability in SqWebMail, Thierry Carrez
[OpenPKG-SA-2004.035] OpenPKG Security Advisory (png), OpenPKG
Bug@thttpd, CoolICE
New MyDoom variant, albatross
- Re: New MyDoom variant, Paul Kurczaba
  - Re: New MyDoom variant, Bryan Burns
    - Re: New MyDoom variant, James C. Slora Jr.
    - Re: New MyDoom variant, Thor
    - Re: New MyDoom variant, Mary Landesman
  - Re: New MyDoom variant, "Elliott C. Bäck"
    - Re: New MyDoom variant, Marc Hultquist
    - Re: New MyDoom variant, Purple Pony
  - RE: New MyDoom variant, Security Guy
GoScript Remote Command Execution, Francisco Alisson
Multiple Vulnerabilities in Free Web Chat, Donato Ferrante
MDKSA-2004:079 - Updated libpng packages fix multiple vulnerabilities, Mandrake Linux Security Team
CORE-2004-0705: Vulnerabilities in PuTTY and PSCP, CORE Security Technologies Advisories
[SECURITY] [DSA 536-1] New libpng, libpng3 packages fix multiple vulnerabilities, Matt Zimmerman
[ GLSA 200408-03 ] libpng: Numerous vulnerabilities, Sune Kloppenborg Jeppesen
[ GLSA 200408-04 ] PuTTY: Pre-authentication arbitrary code execution, Sune Kloppenborg Jeppesen
Opera: Location, Location, Location, GreyMagic Software
TSLSA-2004-0040 - libpng, Trustix Security Advisor
MS04-025 - Ignorance is truly bliss...., hellNbak
International DNS compromise?, Zhen Shi
- Re: International DNS compromise?, john
- Re: International DNS compromise?, John Kinsella
- <Possible follow-ups>
- Re: International DNS compromise?, Troy
  - Re: International DNS compromise?, Rio Martin.
  - Re: International DNS compromise?, Danny
  - Re: International DNS compromise?, John F. Waymouth
- RE: International DNS compromise?, travis . alexander
  - RE: International DNS compromise?, Troy Monaghen
- Re: International DNS compromise?, bill
- RE: International DNS compromise?, Mike Clark
- RE: International DNS compromise?, Johan Nilsson
- Re: International DNS compromise?, Troy
CVStrac Remote Arbitrary Code Execution exploit, Richard Ngo
- <Possible follow-ups>
- Re: CVStrac Remote Arbitrary Code Execution exploit, Richard Hipp
Microsoft Internet Explorer 6 Protocol Handler Vulnerability, Robillard, Nicolas
- Re: Microsoft Internet Explorer 6 Protocol Handler Vulnerability, Uday Moorjani
- <Possible follow-ups>
- Re: Microsoft Internet Explorer 6 Protocol Handler Vulnerability, Jouko Pynnonen
local denial of Service, Yellowdog linux to 3.0.1, pmoses
[ GLSA 200408-05 ] Opera: Multiple new vulnerabilities, Thierry Carrez
[CLA-2004:857] Conectiva Security Announcement - apache, Conectiva Updates
[CLA-2004:856] Conectiva Security Announcement - libpng, Conectiva Updates
Opera: Location, Location, Location (GM#008-OP), GreyMagic Software
[security bulletin] SSRT4782 rev. 1 HP-UX CIFS Server potential remote root access, Boren, Rich (SSRT)
GNU/Linux 'info Buffer Overflow, Josh Martin
- Re: GNU/Linux 'info Buffer Overflow, Valdis . Kletnieks
- Re: GNU/Linux 'info Buffer Overflow, Niels Bakker
  - Re: GNU/Linux 'info Buffer Overflow, Janusz A. Urbanowicz
- Re: GNU/Linux 'info Buffer Overflow, Roman Werpachowski
Remote Command Execution, Francisco Alisson
- <Possible follow-ups>
- Remote Command Execution, Francisco Alisson
[OpenPKG-SA-2004.036] OpenPKG Security Advisory (cvstrac), OpenPKG
RE: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards, Bart . Lansing
- RE: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards, Dana Hudes
SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability, Jordan Pilat
- Re: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability, Stefan Seifert
- Re: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability, Radoslav Dejanović
  - Re: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability, Matthias Leisi
Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards, Kevin Sheldrake
[security bulletin] SSRT4777 HP-UX Apache, PHP remote code execution, Denial of Service, Boren, Rich (SSRT)
[security bulletin] SSRTSSRT4778 Rev.0 Mozilla Application Suite for HP Tru64 UNIX libpng Potential Overflows, Boren, Rich (SSRT)
Anyone know IBM's security address?, Michael Scheidell
- Re: Anyone know IBM's security address?, Jedi/Sector One
xss in moodle (post.php), Javier Ubilla Brenni
Re: Remote crash in tcpdump from OpenBSD, Balaram Amgoth
- Re: Remote crash in tcpdump from OpenBSD, Otto Moerbeek
Winmx Software making calls to Port 25, Retro Granny
- Re: Winmx Software making calls to Port 25, Radoslav Dejanović
- <Possible follow-ups>
- Re: Winmx Software making calls to Port 25, Retro Granny
[PHP Bug] How to hide a HTTP request in the apache logs, Anthony Debhian
- Re: [PHP Bug] How to hide a HTTP request in the apache logs, Steve Brown
- Re: [PHP Bug] How to hide a HTTP request in the apache logs, Max Valdez
EXPLOIT Re: Pavuk Digest Authentication Buffer Overflow, infamous41md
Airpwn & libpng holes, Matt Venzke
Type xxs, root
SUSE Security Announcement: kernel (SUSE-SA:2004:024), Thomas Biege
Java XSLT security advisory addendum, Marc Schoenefeld
TSLSA-2004-0041 - kernel, Trustix Security Advisor
Windows doesn't verify digital signature of CRL files, Faro Poplar
- Re: Windows doesn't verify digital signature of CRL files, Thomas Walpuski
  - Re: Windows doesn't verify digital signature of CRL files, Neil Gierman
    - Re: Windows doesn't verify digital signature of CRL files, Jack Lloyd
      - Re: Windows doesn't verify digital signature of CRL files, Thomas Walpuski
    - Re: Windows doesn't verify digital signature of CRL files, Thomas Walpuski
  - Re: Windows doesn't verify digital signature of CRL files, Valdis . Kletnieks
- <Possible follow-ups>
- Windows doesn't verify digital signature of CRL files, Michael Howard
[ GLSA 200408-06 ] SpamAssassin: Denial of Service vulnerability, Sune Kloppenborg Jeppesen
CORE-2004-0714: Cfengine RSA Authentication Heap Corruption, CORE Security Technologies Advisories
First symbian OS trojan discovered in the wild, kers0r
MDKSA-2004:080 - Updated shorewall packages fix temporary file vulnerabilities, Mandrake Linux Security Team
[ GLSA 200408-07 ] Horde-IMP: Input validation vulnerability for Internet Explorer users, Kurt Lieber
[security bulletin] SSRT4788 rev. 0 HP-UX Apache Remote arbitrary code execution, Boren, Rich (SSRT)
[security bulletin] SSRT4785 rev. 0 HP-UX Process Resource Manager (PRM) potential data corruption, Boren, Rich (SSRT)
spamcop.net allows everyone to grab mail addresses and reset passwords, Henning Schmiedehausen
Corsaire Security Advisory - Sygate Secure Enterprise replay issue, advisories
Corsaire Security Advisory - Sygate Enforcer unauthenticated broadcast issue, advisories
Corsaire Security Advisory - Sygate Enforcer discovery packet DoS issue, advisories
Corsaire Security Advisory - Port80 Software ServerMask inconsistencies, advisories
AOL Instant Messenger "Away" Message Buffer Overflow Vulnerability, homicidal
- <Possible follow-ups>
- RE: AOL Instant Messenger "Away" Message Buffer Overflow Vulnerability, Thor Larholm
  - Re: AOL Instant Messenger "Away" Message Buffer Overflow Vulnerability, High Pressure
Driver for display goes to a infinite loop by viewing a html!, Bipin Gautam
- Re: Driver for display goes to a infinite loop by viewing a html!, Conor Byrne
- Re: Driver for display goes to a infinite loop by viewing a html!, Jack C
  - Re: Driver for display goes to a infinite loop by viewing a html!, Christopher X. Candreva
    - Re: Driver for display goes to a infinite loop by viewing a html!, Mike Pumford
- Re: Driver for display goes to a infinite loop by viewing a html!, Anthony Petito
- Re: Driver for display goes to a infinite loop by viewing a html!, Steven Leikeim
- Re: Driver for display goes to a infinite loop by viewing a html!, Eddie Block
- Re: Driver for display goes to a infinite loop by viewing a html!, 3APA3A
- <Possible follow-ups>
- RE: Driver for display goes to a infinite loop by viewing a html!, Eggers, Bill A [LTD]
- Re: Driver for display goes to a infinite loop by viewing a html!, Frank Nospam
- RE: Driver for display goes to a infinite loop by viewing a html!, Christopher Wagner
BlackICE unprivileged local user attack, Paul Craig - Pimp Industries
ptl-2004-03: WIDCOMM Bluetooth Connectivity Software Buffer Overflows, Pentest Security Advisories
HTTP Response Splitting vulnerability in Microsoft Outlook Web Access for Exchange 5.5, Amit Klein
Clearswift Mimesweeper Path Traversal Vulnerability, Kroma Pierre
- <Possible follow-ups>
- Re: Clearswift Mimesweeper Path Traversal Vulnerability, Pete Simpson
EXPLOIT libpng, infamous41md
NGSEC's response to Idefense overflow protections whitepaper., lists@NGSEC
- <Possible follow-ups>
- RE: NGSEC's response to Idefense overflow protections whitepaper., Richard Johnson
KDE Security Advisories: Temporary File and Konqueror Frame Injection Vulnerabilities, Waldo Bastian
[ GLSA 200408-09 ] Roundup filesystem access vulnerability, Kurt Lieber
SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest), Secure Science Corporation Advisory Notice
- Re: SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest), Joe Eversole
  - Re: SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest), Lance James
- Re: SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest), Brad Herbert
ISS BlackIce Server Protect Unprivileged User Attack, Thomas Ryan
[ GLSA 200408-11 ] Nessus: "adduser" race condition vulnerability, Sune Kloppenborg Jeppesen
[ GLSA 200408-10 ] gv: Exploitable Buffer Overflow, Sune Kloppenborg Jeppesen
- Re: [ GLSA 200408-10 ] gv: Exploitable Buffer Overflow, infamous41md
- Re: [ GLSA 200408-10 ] gv: Exploitable Buffer Overflow, Dan Margolis
[CLA-2004:858] Conectiva Security Announcement - squirrelmail, Conectiva Updates
Metasploit Framework v2.2, H D Moore
SUSE Security Announcement: gaim (SUSE-SA:2004:025), Thomas Biege
JS/Zerolin, T.H. Haymore
- Re: JS/Zerolin, Nicolas Gregoire
  - Re: JS/Zerolin, T.H. Haymore
- <Possible follow-ups>
- Re: JS/Zerolin, K-OTiK Security
- RE: JS/Zerolin, Thor Larholm
NETGEAR DG834G SPECIAL FEATURES, thanasonic
- Re: NETGEAR DG834G SPECIAL FEATURES, Uday Moorjani
- <Possible follow-ups>
- RE: NETGEAR DG834G SPECIAL FEATURES, Andre Lorbach
- Re: NETGEAR DG834G SPECIAL FEATURES, thanasonic
  - Re: NETGEAR DG834G SPECIAL FEATURES, Dave Paris
- Re: NETGEAR DG834G SPECIAL FEATURES, Paul James
  - Re: NETGEAR DG834G SPECIAL FEATURES, Rodrigo Barbosa
    - RE: NETGEAR DG834G SPECIAL FEATURES, prj
  - Re: NETGEAR DG834G SPECIAL FEATURES, Luca Berra
[ GLSA 200408-13 ] kdebase, kdelibs: Multiple security issues, Sune Kloppenborg Jeppesen
[ GLSA 200408-12 ] Gaim: MSN protocol parsing function buffer overflow, Sune Kloppenborg Jeppesen
New Paper: Microsoft Windows, a lower Total Cost of Ownership, Dave Aitel
recent gaim advisory, infamous41md
NGSEC's response to Idefense overflow protections whitepaper. (PART II), lists@NGSEC
Advanced usage of system() function., Adam Zabrocki
MDKSA-2004:081 - Updated gaim packages fix remotely exploitable vulnerabilities, Mandrake Linux Security Team
MDKSA-2004:082 - Updated mozilla packages fix multiple vulnerabilities, Mandrake Linux Security Team
Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues, advisories
SGI Advanced Linux Environment 3 Security Update #9, SGI Security Coordinator
QuiXplorer directory traversal, Cyrille Barthelemy
SGI Advanced Linux Environment 2.4 security update #24, SGI Security Coordinator
SpecificMAIL Technical Brief, Nick D.
- Re: SpecificMAIL Technical Brief, Skip Carter
Posible security bug in phpMyWebhosting, Matias Neiff
- <Possible follow-ups>
- Re: Posible security bug in phpMyWebhosting, M�ller
  - Re: Posible security bug in phpMyWebhosting, Daniel Souza
    - Re: Posible security bug in phpMyWebhosting, Udo Mueller
- Re: Fwd: Re: Posible security bug in phpMyWebhosting, Matias Neiff
[SECURITY] [DSA 537-1] New Ruby packages fix insecure CGI session management, Martin Schulze
gv buffer overflows: here, there, and everywhere, infamous41md
SUSE Security Announcement: rsync (SUSE-SA:2004:026), Thomas Biege
[ GLSA 200408-15 ] Tomcat: Insecure Installation, Sune Kloppenborg Jeppesen
TSSA-2004-020-ES - rsync, tinysofa Security Team
NullyFake - Site Spoofing in MSIE, Liu Die Yu
IpSwitch IMail Server <= ver 8.1 User Password Decryption, Adik
- Re: IpSwitch IMail Server <= ver 8.1 User Password Decryption, Dave Warren
- Re: IpSwitch IMail Server <= ver 8.1 User Password Decryption, David E. Smith
- <Possible follow-ups>
- Re: IpSwitch IMail Server <= ver 8.1 User Password Decryption, J�r�me
[ GLSA 200408-14 ] acroread: UUDecode filename buffer overflow, Sune Kloppenborg Jeppesen
pscript.de PFORUM XSS Vulnerability, Christoph Jeschke
First vulnerabilities in the SP2 - XP ?..., J�r�me
- Re: First vulnerabilities in the SP2 - XP ?..., Oliver Schneider
  - RE: First vulnerabilities in the SP2 - XP ?..., Larry Seltzer
- Re: First vulnerabilities in the SP2 - XP ?..., Colin Alston
- Re: First vulnerabilities in the SP2 - XP ?..., Radoslav Dejanović
- Re: First vulnerabilities in the SP2 - XP ?..., Robert Decker
- <Possible follow-ups>
- RE: First vulnerabilities in the SP2 - XP ?..., Thor Larholm
- Re: First vulnerabilities in the SP2 - XP ?..., Matthew Roberts
  - RE: First vulnerabilities in the SP2 - XP ?..., Larry Seltzer
SQL Injection in CACTI, Fernando Quintero
- Re: SQL Injection in CACTI, Thomas Chiverton
  - Re: SQL Injection in CACTI, Cedric Blancher
- Re: SQL Injection in CACTI, Andy Markert
[SECURITY] [DSA 538-1] New rsync packages fix unauthorised directory traversal and file access, Martin Schulze
LNSA-#2004-0017: rsync (Aug, 17 2004), Vincenzo Ciaglia
[SECURITY] [DSA 539-1] New kdelibs packages fix denial of service, Martin Schulze
TSLSA-2004-0042 - rsync, Trustix Security Advisor
vpopmail <= 5.4.2 (sybase vulnerability), J�r�me
- [2Cents on] vpopmail <= 5.4.2 (sybase vulnerability), bugtraq
[ GLSA 200408-17 ] rsync: Potential information leakage, Kurt Lieber
[ GLSA 200408-18 ] xine-lib: VCD MRL buffer overflow, Kurt Lieber
Opera Local File/Directory Detection (GM#009-OP), GreyMagic Software
[NGSEC-2004-6] IPD, local system denial of service., labs@NGSEC
RE: [Full-Disclosure] IpSwitch IMail Server <= ver 8.1 User Password Decryption, Bill Roemhild
Cross-Site Scripting (XSS) in Php-Nuke 7.1.0, Abu Lafy
- Re: Cross-Site Scripting (XSS) in Php-Nuke 7.1.0, Anthony Petito
[SECURITY] [DSA 540-1] New mysql packages fix insecure temporary file creation, Martin Schulze
Open Security Group Advisory #6, c0ntex
Vulnerabilities in Merak Webmail Server., Criolabs
MDKSA-2004:083 - Updated rsync packages fix remotely-exploitable vulnerability, Mandrake Linux Security Team
[ GLSA 200408-16 ] glibc: Information leak with LD_DEBUG, Kurt Lieber
- Re: [ GLSA 200408-16 ] glibc: Information leak with LD_DEBUG, Jim Paris
  - Re: [ GLSA 200408-16 ] glibc: Information leak with LD_DEBUG, Solar Designer
Multiple vulnerabilities in PHP-FUSION, Ahmad Muammar
SHA-0 Broken, MD5 Rumored Broken, J�r�me
- Re: SHA-0 Broken, MD5 Rumored Broken, Anthony Nemmer
  - Re: SHA-0 Broken, MD5 Rumored Broken, stanislav shalunov
MDKSA-2004:084 - Updated spamassassin packages fixes possible malformed message vulnerability, Mandrake Linux Security Team
- Re: MDKSA-2004:084 - Updated spamassassin packages fixes possible malformed message vulnerability (OpenBSD 3.5 too??), Joel D. Kinard
  - Re: MDKSA-2004:084 - Updated spamassassin packages fixes possible malformed message vulnerability (OpenBSD 3.5 too??), Gabriel Kihlman
CESA-2004-004: qt, chris
Cisco Security Advisory: Cisco IOS Malformed OSPF Packet Causes Reload, Cisco Systems Product Security Incident Response Team
MDKSA-2004:085 - Updated qt3 packages fix multiple vulnerabilities, Mandrake Linux Security Team
Immunity, Inc. Release: libdisassemble, dave
Security aspects of time synchronization infrastructure, 3APA3A
- RE: [Full-Disclosure] Security aspects of time synchronization infrastructure, joe
  - Re[2]: [Full-Disclosure] Security aspects of time synchronization infrastructure, 3APA3A
    - RE: Re[2]: [Full-Disclosure] Security aspects of time synchronization infrastructure, joe
Breaking windows LM hashes using the Time-Memory Trade-Off : Optimization & new tool, J�r�me
recent iDefense advisories not being posted to bugtraq includes CVS information disclosure bug (CAN-2004-0778), Marc Bejarano
SUSE Security Announcement: qt3 (SUSE-SA:2004:027), Thomas Biege
[security bulletin] SSRT3460 rev.3 HP-UX Network traffic can cause programs to fail, Boren, Rich (SSRT)
Third party cookie handling in Opera can lead to potential compromises in Servers relying on redirection, Rohit Dube
- Re: Third party cookie handling in Opera can lead to potential compromises in Servers relying on redirection, George Capehart
  - RE: Third party cookie handling in Opera can lead to potential compromises in Servers relying on redirection, Rohit Dube
Microsoft Windows XP SP2, http-equiv@xxxxxxxxxx
Xines_Mine.c Open Security Group Advisory, c0ntex
[ GLSA 200408-19 ] courier-imap: Remote Format String Vulnerability, Joshua J. Berry
- Re: [ GLSA 200408-19 ] courier-imap: Remote Format String Vulnerability, infamous41md
- <Possible follow-ups>
- Re: [ GLSA 200408-19 ] courier-imap: Remote Format String Vulnerability, ktha
XV multiple buffer overflows, exploit included, infamous41md
Unsecure file permission of ZoneAlarm pro., Bipin Gautam
- <Possible follow-ups>
- Re: Unsecure file permission of ZoneAlarm pro., Bipin Gautam
- RE: Unsecure file permission of ZoneAlarm pro., Simon Zuckerbraun
Cross-Site Scripting (XSS) in Nihuo Web Log Analyzer, Audun Larsen
What A Drag II XP SP2, http-equiv@xxxxxxxxxx
- <Possible follow-ups>
- What A Drag II XP SP2, http-equiv@xxxxxxxxxx
Buffer overflow in sarad, Matthias Bethke
NetBSD Security Advisory 2004-009: ftpd root escalation, NetBSD Security-Officer
[Fwd: Re: [vchkpw] vpopmail <= 5.4.2 (sybase vulnerability) (fwd)], Myron Davis
BadBlue Webserver v2.5 Denial Of Service Vulnerability, GulfTech Security
MDKSA-2004:086 - Updated kdelibs and kdebase packages fix multiple vulnerabilities, Mandrake Linux Security Team
EXPLOIT: Qt bmp heap overflow, infamous41md
Multiple Vulnerabilities in Mantis Bugtracker, Jose Antonio
Cross Site Scripting Vulnerability in Sympa, Jose Antonio
Mantis Bugtracker Remote PHP Code Execution Vulnerability, Jose Antonio
Multiple vulnerabilities in MyDMS, Jose Antonio
[ GLSA 200408-20 ] Qt: Image loader overflows, Joshua J. Berry
JShop Input Validation Hole in 'page.php' Permits Cross-Site Scripting Attacks, Dr Ponidi
KDE Security Advisory: Konqueror Cross-Domain Cookie Injection, Waldo Bastian
ERRATA: [ GLSA 200408-21 ] Cacti: SQL injection vulnerability, Sune Kloppenborg Jeppesen
ERRATA: [ GLSA 200406-14 ] aspell: Buffer overflow in word-list-compress, Kurt Lieber
[ GLSA 200408-22 ] Mozilla, Firefox, Thunderbird: New releases fix vulnerabilities, Kurt Lieber
Multiple Cross Site Scripting Vulnerabilities in eGroupWare, Joxean Koret
[ GLSA 200408-21 ] Cacti: SQL injection vulnerability, Kurt Lieber
DoS in Bird Chat 1.61, Donato Ferrante
Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability, Serkan Akpolat
- Re: Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability, Jan Minar
  - Re: Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability, Serkan Akpolat
- Re: Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability, Rodrigo Barbosa
  - Re: Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability, Serkan Akpolat
A word of caution on the use of suphp, Steven Van Acker
Running renamed executables with CMD.EXE, Geoff Vass
- <Possible follow-ups>
- RE: Running renamed executables with CMD.EXE, Michael Wojcik
Bugs fixed in Version 1.4.3, Joxean Koret
IE, Firefox, Opera DoS, exploits
- Re: IE, Firefox, Opera DoS, Dan Pixley
  - RE: IE, Firefox, Opera DoS, GulfTech Security
    - RE: IE, Firefox, Opera DoS (*not* a DoS, not even close), Steve R
[PoC] Nasty bug(s) found in Axis Network Camera/Video Servers, bashis
- Re: [Full-Disclosure] [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers, morning_wood
- Re: [Full-Disclosure] [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers, bashis
MusicDaemon <= 0.0.3 /etc/shadow Stealer / DoS Exploit, Tal0n
New google's top query?, J�r�me
- Re: New google's top query?, Luke Burton
- Re: New google's top query?, Alex Keller
  - Re: New google's top query?, Justin Wheeler
CAU-2004-0002 - imwheel Predictable PidFile Name Race Condition, I)ruid
Internet Explorer Local File/Directory Detection, Rynho Zeros Web
What A Drag! -revisited-, mikx
WebAPP directory traversal and ability to retrieve the DES encrypted password hash, J�r�me
Yahoo! E-mail Service Vulnerability, Dror Shalev
Hastymail security update, Jason Munro
Window Washer 5.5: False Sense of Security, First Last
Microsoft updates documentation on Windows time synchronization, 3APA3A
PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities, Nikyt0x Argentina
Possible Security Issues In LiveWorld Products, GulfTech Security
[ GLSA 200408-23 ] kdelibs: Cross-domain cookie injection vulnerability, Joshua J. Berry
Limited buffer overflow in Painkiller 1.31, Luigi Auriemma
[SECURITY] [DSA 541-1] New icecast-server packages fix cross site scripting, Martin Schulze
Easy File Sharing Webserver v1.25 Vulnerabilities, GulfTech Security
bug found, Mathieu Lacroix
A new website to search & submit win exploits, Dav1d
IRM 010: Top Layer Attack Mitigator IPS 5500 Denial of Service, Advisories
Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow, Steve
- Re: Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow, Kyle Maxwell
- RE: Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow, Andreas Freyvogel
- Re: Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow, Jay D. Dyson
ANNOUNCE: VulnDisco RADIUS protocol testsuite v1.0, Evgeny Demidov
Vulnerability: OpenBSD 3.5 Kernel Panic., Vafa Izadinia
[NGSEC-2004-7] NtRegmon, local system denial of service., labs@NGSEC
RealVNC 4.0 DoS, Allan Zhang
Anonymous Surfing Via Gmail Login Window - Poor Sanitization, Punabi MC
- Re: Anonymous Surfing Via Gmail Login Window - Poor Sanitization, Markus Ackermann
Squirrelmail chpasswd local root bruteforce exploit, J�r�me
Computer Network Defence Vulnerability Alert State, Andy Cuff
CDE libDtHelp LOGNAME Buffer Overflow Vulnerability, J�r�me
- <Possible follow-ups>
- RE: CDE libDtHelp LOGNAME Buffer Overflow Vulnerability, Thor Larholm
Ipswitch WhatsUp Gold Remote Buffer Overflow Vulnerability - [Full-Disclosure] iDEFENSE Security Advisory 08.25.04, J�r�me
Dynix Webpac Input Validation, Wil Allsopp
multiple vulnerabilities in lukemftpd/tnftpd on mailhost.freebsd.lublin.pl, venglin
Re: Images being pulled in Outlook 2003 even though don't download pictures is set?, Jason Coombs PivX Solutions
[ GLSA 200408-25 ] MoinMoin: Group ACL bypass, Joshua J. Berry
TSL-2004-0043 - multi, Trustix Security Advisor
[security bulletin] SSRT4779 - rev.0 HP-UX Netscape NSS Library Suite SSLv2 remote buffer overflow, Boren, Rich (SSRT)
MS XP SP2 Windows Security Center allows spoofing, J�r�me
Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State), john . courcoul
- Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State), Rishi Khan
- Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State), john . courcoul
[ GLSA 200408-24 ] Linux Kernel: Multiple information leaks, Tim Yamin
Re: [Full-Disclosure] [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers, bashis
[OpenPKG-SA-2004.038] OpenPKG Security Advisory (zlib), OpenPKG
Alpha Phising [IE 6 WinXP SP2], mikx
Broadcast forced exit in Ground Control II 1.0.0.7, Luigi Auriemma
Keene Digital Media Server Directory Traversal, GulfTech Security
0day critical vulnerability/exploit targets Winamp users in the wild, K-OTiK Security
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control Server, Cisco Systems Product Security Incident Response Team
Gaucho v1.4 Build 145 Buffer Overflow, J�r�me
MDKSA-2004:087 - Updated kernel packages fix multiple vulnerabilities, Mandrake Linux Security Team
SGI ProPack 3: Kernel Update #3 - Security and other fixes, SGI Security Coordinator
[ GLSA 200408-26 ] zlib: Denial of service vulnerability, Sune Kloppenborg Jeppesen
Cisco Security Advisory: Cisco Telnet Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
[ GLSA 200408-27 ] Gaim: New vulnerabilities, Sune Kloppenborg Jeppesen
Check Point - Zone Labs Division - Response to "Weak Default Permissions Vulnerability", Zone Labs Product Security
Re: Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow, J�r�me
Re: 0day critical vulnerability/exploit targets Winamp users in the wild, K-OTiK Security
[vulnwatch] WS_FTP Server Denial of Service Vulnerability, lion
CuteNews News.txt writable to world, e0r
DoS in Chat Anywhere 2.72a, Donato Ferrante
[SECURITY] [DSA 542-1] New Qt packages fix arbitrary code execution and denial of service, Martin Schulze
Multiple Vulnerabilities In Xedus Webserver, GulfTech Security
Cross Site Scripting in XOOPS Version 2.x Dictionary module, CyruxNET
Possible root compromose with bsdmainutils 6.0.x < 6.0.15 (Debian testing/unstable), Steven Van Acker

Mail converted by MHonArc 2.6.8