Mail Thread Index

Date Index

[vulnwatch] WFTPD Pro Server 3.21 MLST Command Denial of Service Vulnerability, lion
[vulnwatch] Titan FTP Server Long Command Heap Overflow Vulnerability, lion
D-Link DCS-900 IP camera remote exploit that change the IP, Jérôme
Linux OpenExchange - cleartext rootpw in swap, Rene
- Re: Linux OpenExchange - cleartext rootpw in swap, Rainer Duffner
  - Re: Linux OpenExchange - cleartext rootpw in swap, Valdis . Kletnieks
  - Re: Linux OpenExchange - cleartext rootpw in swap, Joshua Goodall
Security Center and Windows XP clients in domain, albatross
- Re: Security Center and Windows XP clients in domain, Thor
- <Possible follow-ups>
- RE: Security Center and Windows XP clients in domain, David Webster
DOS@TFS, CoolICE
[SECURITY] [DSA 458-2] New python2.2 packages really fix buffer overflow, Martin Schulze
UPDATED OpenServer 5.0.6 OpenServer 5.0.7 : OpenSSL Multiple Vulnerabilities, please_reply_to_security
OpenServer 5.0.6 OpenServer 5.0.7 : squid %-encoded characters in a URL, please_reply_to_security
[SECURITY] [DSA 543-1] New krb5 packages fix several vulnerabilities, Martin Schulze
Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Jérôme
- <Possible follow-ups>
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Ryan_Ward
  - Re: Diebold Global Election Management System (GEMS) Backdoor Account, Brian Kirkbride
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, gandalf
  - RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Jason T. Miller
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Bruce Barnett
OpenServer 5.0.6 OpenServer 5.0.7 : apache mod_digest Incorrect Client Response Verification Vulnerability, please_reply_to_security
Samba FindNextPrintChangeNotify() Error Lets Remote Authenticated Users Crash smbd, Jérôme
Multiple Vulnerabilities in phpScheduleIt, Joxean Koret
- <Possible follow-ups>
- Re: Multiple Vulnerabilities in phpScheduleIt, Nick Korbel
MITKRB5-SA-2004-003: ASN.1 decoder denial-of-service, Tom Yu
Cisco Security Advisory: Vulnerabilities in Kerberos 5 Implementation, Cisco Systems Product Security Incident Response Team
SUSE Security Announcement: kernel (SUSE-SA:2004:028), Thomas Biege
- Re: SUSE Security Announcement: kernel (SUSE-SA:2004:028), Paul Starzetz
New security tools and papers released, shadown
RE: Security Center and Windows XP clients in domain, 20040831062712.31317.qmail@www.securityfocus.com, Sym Security
[nisr@nextgenss.com: Patch available for multiple critical flaws in Oracle], David Ahmad
Cross-Site Scripting Vulnerability in Newtelligence DasBlog, Dominick Baier
- <Possible follow-ups>
- Cross-Site Scripting Vulnerability in Newtelligence DasBlog, Dominick Baier
ADVISORY: http response splitting hole in Comersus shopping cart, Maestro De-Seguridad
[ GLSA 200409-02 ] MySQL: Insecure temporary file creation in mysqlhotcopy, Thierry Carrez
Multiple Vulnerabilities In phpWebsite, GulfTech Security
SSHD / AnonCVS Nastyness, Dragos Ruiu
MSInfo Buffer Overflow, E.Kellinis
Opera DOS, Stevo
MDKSA-2004:088 - Updated krb5 packages fix multiple vulnerabilities, Mandrake Linux Security Team
Exploit: AIM Exploit (Ignore Previous Post), John Bissell
[ GLSA 200409-01 ] vpopmail: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
Password Protect XSS and SQL-Injection vulnerabilities., Criolabs
[hackgen-2004-#001] - Non-critacal Cross-Site Scripting bug in CuteNews, Exoduks
TSL-2004-0045 - kerberos5, Trustix Security Advisor
MailWorks Professional - Authentication bypass, headpimp
- <Possible follow-ups>
- MailWorks Professional - Authentication Bypass, headpimp
WinZip Unspecified Buffer Overflows May Let Remote or Local Users Execute Arbitrary Code, Jérôme
[SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server, SHATTER (Application Security, Inc.)
[ GLSA 200409-03 ] Python 2.2: Buffer overflow in getaddrinfo(), Thierry Carrez
[security bulletin] SSRT3657 rev.3 HP-UX CDE libDtHelp buffer overflow, Boren, Rich (SSRT)
[ GLSA 200409-06 ] eGroupWare: Multiple XSS vulnerabilities, Sune Kloppenborg Jeppesen
Patch available for IBM DB2 Universal Database flaws, NGSSoftware Insight Security Research
[ GLSA 200409-05 ] Gallery: Arbitrary command execution, Sune Kloppenborg Jeppesen
SUSE Security Announcement: zlib (SUSE-SA:2004:029), Thomas Biege
[ GLSA 200409-04 ] Squid: Denial of service when using NTLM authentication, Thierry Carrez
RE: CuteNews News.txt writable to world, Albert Puigsech Galicia
UPDATE: [ GLSA 200408-22 ] Mozilla, Firefox, Thunderbird, Galeon, Epiphany: New releases fix vulnerabilities, Sune Kloppenborg Jeppesen
[XSS] PHP-Nuke 7.4 Remote Privilege Escalation, Pierquinto Manco
Dynalink routers backdoor?, fabio
[ GLSA 200409-07 ] xv: Buffer overflows in image handling, Sune Kloppenborg Jeppesen
Kerio Personal Firewall's Application Launch Protection Can Be Disabled by Direct Service Table Restoration, Jérôme
MITKRB5-SA-2004-002: double-free vulnerabilities, Tom Yu
FW: [Unpatched] Shell and Drag'n'Drop vulnerabilities, Thor Larholm
- <Possible follow-ups>
- Re: FW: [Unpatched] Shell and Drag'n'Drop vulnerabilities, http-equiv@xxxxxxxxxx
Engenio/LSI Logic controllers denial of service/data corruption, Jedi/Sector One
- Denial of service in Brocade switches (was: Engenio/LSI Logic controllers denial of service/data corruption), Jedi/Sector One
[XSS] PHP-Nuke 7.4 ViewAdmin Bug, Pierquinto Manco
- Re: [XSS] PHP-Nuke 7.4 Bugs, Blaine Elzey
  - Re: [XSS] PHP-Nuke 7.4 Bugs, Peter Lowe
[XSS] PHP-Nuke 7.4 DelAdmin Bug, Pierquinto Manco
[ GLSA 200409-08 ] Ruby: CGI::Session creates files insecurely, Sune Kloppenborg Jeppesen
FUll Path Disclosure in YABBSE, Ahmad Muammar
Patch available for multiple critical flaws in Oracle, NGSSoftware Insight Security Research
OpenCA Security Advisory: Cross Site Scripting vulnerability, Martin Bartosch
SUSE Security Announcement: apache2 (SUSE-SA:2004:030), Sebastian Krahmer
[ GLSA 200409-10 ] multi-gnome-terminal: Information leak, Thierry Carrez
[ GLSA 200409-09 ] MIT krb5: Multiple vulnerabilities, Thierry Carrez
[RLSA_01-2004] QNX PPPoEd local root vulnerabilities, Julio Cesar Fort
cdrdao local root exploit, Jérôme
- Re: cdrdao local root exploit, 3APA3A
Apple, Apple Remote Desktop client, Adam Shostack
Broadcast shutdown in Call of Duty 1.4, Luigi Auriemma
serverview 3.0 - insecure file permissions, Rene
Site News Authentication Error May Let Local Users Add Messages, Jérôme
mpg123 buffer overflow vulnerability, Davide Del Vecchio
[SNS Advisory No.77] Usermin Remote Arbitrary Shell Command Execution Vulnerability, snsadv
[XSS] PHP-Nuke 7.4 Newsletter Injection Bug, Pierquinto Manco
Good Patch to Multiple [XSS] Vulnerabilities in PHP-Nuke 7.4, Pierquinto Manco
[XSS] PHP-Nuke 7.4 AddMsg Bug, Pierquinto Manco
PHP-Nuke 7.4 Multiple XSS Vulnerabilities Patch, Pierquinto Manco
Bug XSS in PsNews 1.1, Michal Blaszczak
- <Possible follow-ups>
- Bug XSS in PsNews 1.1, Michal Blaszczak
MDKSA-2004:090 - Updated zlib packages fix DoS vulnerability, Mandrake Linux Security Team
[ GLSA 200409-11 ] star: Suid root vulnerability, Kurt Lieber
Cerulean Studios Trillian 0.74i Buffer Overflow in MSN module exploit, Jérôme
Re: Apple, Apple Remote Desktop client [Multiple vulnerabilities], Jérôme
Insecure Temporary File Creation Vulnerability in Net-Acct, Jérôme
[XSS]/SQL Injection PHP-Nuke Delete Message(s) Bug, bima tampan
MDKSA-2004:089 - Updated imlib/imlib2 packages fix BMP crash vulnerability, Mandrake Linux Security Team
[ GLSA 200409-13 ] LHa: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
MDKSA-2004:091 - Updated cdrecord packages fix local root vulnerability, Mandrake Linux Security Team
[ GLSA 200409-12 ] ImageMagick, imlib, imlib2: BMP decoding buffer overflows, Thierry Carrez
Multiple vulnerabilities 1n BBS E-Market Professional, Ahmad Muammar
[ GLSA 200409-14 ] Samba: Remote printing vulnerability, Sune Kloppenborg Jeppesen
Off-by-one bug in Halo 1.04, Luigi Auriemma
OpenOffice World-Readable Temporary Files Disclose Files to Local Users, Jérôme
[CLA-2004:863] Conectiva Security Announcement - wv, Conectiva Updates
BlackJumboDog FTP Server version 3.6.1 Buffer Overflow [Exploit included], Jérôme
[CLA-2004:860] Conectiva Security Announcement - krb5, Conectiva Updates
ERRATA: [ GLSA 200409-14 ] Samba: Remote printing non-vulnerability, Sune Kloppenborg Jeppesen
Multiple vulnerabilities in Icewarp Web Mail 5.2.7, ShineShadow
New Data Wipe Tools, Thomas C. Greene
- Re: New Data Wipe Tools, Jake Appelbaum
- Re: New Data Wipe Tools, Brendan Murray
- <Possible follow-ups>
- Re: New Data Wipe Tools, Thomas C. Greene
  - Re: New Data Wipe Tools, Derek Martin
- RE: New Data Wipe Tools, Altheide, Cory B. (IARC)
Axis Network Camera and Video Server Security Advisory, product-security
cdrecord local root exploit, newbug Tseng
- Re: cdrecord local root exploit, Sean Davis
  - Message not available
    - Re: cdrecord local root exploit, Sean Davis
  - Re: cdrecord local root exploit, Volker Kuhlmann
    - Re: cdrecord local root exploit, Marcus Meissner
    - Message not available
      - Re: cdrecord local root exploit, Jason T. Miller
        
        Re: cdrecord local root exploit, Dr Andrew C Aitchison
CAU-EX-2004-0002: cdrecord-suidshell.sh, I)ruid
Remote buffer overflow in Apache mod_ssl when reverse proxying SSL, Jérôme
- Re: Remote buffer overflow in Apache mod_ssl when reverse proxying SSL, 3APA3A
Serv-U up to 5.2 Denial of Service, Patrick
SQL-Injection in Subjects 2.0 for Postnuke, Criolabs
F-Secure Internet Gatekeeper Content Scanning Server Denial of Service [iDEFENSE], Jérôme
Gadu-Gadu (all versions with image-send feature) Heap Overflow, Sec-Labs Team
RE: Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denial of Service, Wolfpaw - Dale Corse
- Re: Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denial of Service, David S. Miller
- RE: Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denial of Service, Ron DuFresne
- <Possible follow-ups>
- Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denial of Service, Wolfpaw - Dale Corse
  - Re: Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denial of Service, David S. Miller
[ GLSA 200409-15 ] Webmin, Usermin: Multiple vulnerabilities in Usermin, Dan Margolis
Directory Traversal Vulnerability in TwinFTP Server allows overwriting, Jérôme
Samba 3.0 DoS Vulberabilities (CAN-2004-0807 & CAN-2004-0808), Gerald (Jerry) Carter
Posible Inclusion File in Perl Desk, Nikyt0x Argentina
Samba nmbd Invalid Length Denial of Service Vulnerability [iDEFENSE], Jérôme
problem in voip environment, Pasquiet Loic (M.)
[CLA-2004:864] Conectiva Security Announcement - kde, Conectiva Updates
[OpenPKG-SA-2004.039] OpenPKG Security Advisory (kerberos), OpenPKG
@stake advisory: Pingtel Xpressa Denial of Service, Advisories
[CLA-2004:865] Conectiva Security Announcement - zlib, Conectiva Updates
MDKSA-2004:092 - Updated samba packages fix multiple vulnerabilities, Mandrake Linux Security Team
[ GLSA 200409-16 ] Samba: Denial of Service vulnerabilities, Sune Kloppenborg Jeppesen
@stake advisory: Lexar JumpDrive Secure Password Extraction, Chris Wysopal
The ArpSucker is b0rn! Be yourself, be the net., Alpt
TSL-2004-0046 - multi, Trustix Security Advisor
Insecure file permissions in the Firefox browser for Linux >= v0.9, Max
Zyxel Prestige 681 SDSL router information leak, Przemyslaw Frasunek
Corsaire Security Advisory - Multiple vendor MIME RFC822 comment issue, advisories
QNX crrtrap possible race condition vulnerability, Jérôme
[SECURITY] [DSA 544-1] New webmin packages fix insecure temporary directory, Martin Schulze
Corsaire Security Advisory - Multiple vendor MIME separator issue, advisories
SUS 2.0.2 local root vulnerability, LSS Security
[XSS]/SQL Injection PHP-Nuke Edit/Save Message(s) Bug, bima tampan
[RLSA_03-2004] QNX ftp client format string bug, Julio Cesar Fort
Corsaire Security Advisory - Multiple vendor MIME field multiple occurrence issue, advisories
Inkra 1504GX DoS vulnerability in conducting IP protocol, felix zhou
Corsaire Security Advisory - Multiple vendor MIME Content-Transfer-Encoding mechanism issue, advisories
Rainbow tables for LM/NTLMv1 authentication, Hidenobu Seki
[ GLSA 200409-17 ] SUS: Local root vulnerability, Sune Kloppenborg Jeppesen
[RLSA_02-2004] QNX Photon multiple buffer overflows, Julio Cesar Fort
Microsoft Office WordPerfect Converter Buffer Overflow Vulnerability, Jérôme
Correction to latest Colsaire advisories, 3APA3A
- Re: Correction to latest Colsaire advisories, Andreas Marx
- <Possible follow-ups>
- RE: Correction to latest Colsaire advisories, David Litchfield
- RE: Correction to latest Colsaire advisories, advisories
- RE: Correction to latest Colsaire advisories, advisories
Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, advisories
- Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, David F. Skoll
  - Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, David Covin
    - Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, Borja Marcos
      - Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, Greg A. Woods
    - Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, David F. Skoll
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution [MS04-028], Jérôme
Corsaire Security Advisory - Multiple vendor MIME field quoting issue, advisories
[ GLSA 200409-18 ] cdrtools: Local root vulnerability in cdrecord if set SUID root, Sune Kloppenborg Jeppesen
ADVISORY: http response splitting in snipsnap, Maestro De-Seguridad
[RLSA_04-2004] QNX crrtrap possible race condition vulnerability, Julio Cesar Fort
SMC7004VWBR / SMC7008ABR "spoofing" vulnerability., Jimmy Scott
New Mozilla, Firefox and Thunderbird releases fix critical security issues, Gaël Delalleau
Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow, Nick D.
- <Possible follow-ups>
- RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow, Polazzo Justin
  - Re: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow, sheep explode
  - Re: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow, Gary Warner
- RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow, Polazzo Justin
- RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow, Angelidis, Fotis(NSASOUDABAY)
- RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow, Parks, Matt
[OpenPKG-SA-2004.040] OpenPKG Security Advisory (samba), OpenPKG
[OpenPKG-SA-2004.042] OpenPKG Security Advisory (aspell), OpenPKG
McAfee VirusScan Privilege Escalation Vulnerability [iDEFENSE], Jérôme
MDKSA-2004:093 - Updated squid packages fix DoS vulnerability, Mandrake Linux Security Team
SA04-002 - Apache config file env variable buffer overflow, jonas . thambert
SUSE Security Announcement: apache2 (SUSE-SA:2004:032), Ludwig Nussel
MDKSA-2004:094 - Updated printer-drivers packages fix vulnerability in foomatic, Mandrake Linux Security Team
PHP Vulnerability N. 1, Stefano Di Paola
MDKSA-2004:095 - Updated gdk-pixbuf packages fix image loading vulnerabilities, Mandrake Linux Security Team
[SECURITY] [DSA 545-1] New cupsys packages fix denial of service, Martin Schulze
[ANNOUNCE] Apache HTTP Server 2.0.51 Released, Sander Striker
CESA-2004-005: gtk+ XPM decoder, chris
SUSE Security Announcement: cups (SUSE-SA:2004:031), Sebastian Krahmer
Corsaire Security Advisory - Multiple vendor MIME RFC2231 encoding issue, advisories
Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, Michael Scheidell
- Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, Chris Norton
  - RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, Michael Wilson, Contractor
iDEFENSE Security Advisory 09.15.04: GNU Radius SNMP String Length Integer Overflow Denial of Service Vulnerability, customer service mailbox
Corsaire Security Advisory - Multiple vendor MIME field whitespace issue, advisories
Re: [Bugtraq] McAfee VirusScan Privilege Escalation Vulnerability [iDEFENSE], bashis
[SECURITY] [DSA 547-1] New Imagemagic packages fix buffer overflows, Martin Schulze
MDKSA-2004:096 - Updated apache2 packages fix multiple vulnerabilities, Mandrake Linux Security Team
[SECURITY] [DSA 546-1] New gdk-pixbuf packages fix several vulnerabilities, Martin Schulze
[SECURITY] [DSA 548-1] New imlib packages fix arbitrary code execution, Martin Schulze
TSLSA-2004-0047 - multi, Trustix Security Advisor
www.proboards.com / YaBB XSS Vuln, admin
- RE: www.proboards.com / YaBB XSS Vuln, GulfTech Security
- <Possible follow-ups>
- Re: www.proboards.com / YaBB XSS Vuln, Patrick Clinger
Fwd: Theo's presentation on exploit prevention, Bas Alberts
JPEG Processing BOF Proof Of Concept, GulfTech Security
- <Possible follow-ups>
- RE: JPEG Processing BOF Proof Of Concept, Cassidy Macfarlane
MDKSA-2004:098 - Updated libxpm4 packages fix libXpm overflow vulnerabilities, Mandrake Linux Security Team
CESA-2004-004: libXpm, chris
wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities, Paul Johnston
- <Possible follow-ups>
- wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities, Paul Johnston
ADVISORY: security hole (http response splitting) in snitz forums 2000, Maestro De-Seguridad
Microsoft WordPerfect 5.x Converter Heap Overflow, NGSSoftware Insight Security Research
- <Possible follow-ups>
- Microsoft WordPerfect 5.x Converter Heap Overflow, NGSSoftware Insight Security Research Advisory
XSA-2004-5: heap overflow in DVD subpicture decoder, Michael Roitzsch
XSA-2004-4: multiple string overflows, Michael Roitzsch
[sudo-announce] Sudo version 1.6.8p1 now available (fwd), je
[ GLSA 200409-19 ] Heimdal: ftpd root escalation, Sune Kloppenborg Jeppesen
iDEFENSE Security Advisory 09.16.04: Ipswitch WhatsUp Gold Remote Denial of Service Vulnerability, customer service mailbox
FreeBSD kernel buffer overflow, gerarra
- Re: FreeBSD kernel buffer overflow, Wesley Shields
- Re: FreeBSD kernel buffer overflow, Tim Newsham
RsyncX vulnerabilities, Matt Johnston
Freeze in Pigeon Server 3.02.0143, Luigi Auriemma
[exploitwatch.org] ALERT: Windows XP JPEG Buffer Overflow POC Exploit, admin
MDKSA-2004:095-1 - Updated gdk-pixbuf and gtk+2 packages fix image loading vulnerabilities, Mandrake Linux Security Team
RhinoSoft DNS4ME HTTP Server Vulnerabilities, GulfTech Security
Mambo Portal lasted version 4.5.1 (1.09) and lower vesion : SQL injection Vulnerability., khoaimi
- Re: Mambo Portal lasted version 4.5.1 (1.09) and lower vesion : SQL injection Vulnerability., Tim Broeker
Sudo Exploit by Rosiello Security, Angelo Rosiello
Virus exploits workaround in Windows Mobile/Pocket PC architecture (Includes Source Code), kers0r
Php Vulnerability N. 2, Stefano Di Paola
MDKSA-2004:097 - Updated cups packages fix DoS vulnerability, Mandrake Linux Security Team
Important message to Bugtraq Subscribers!, Daniel Bertrand
GoogleToolbar:About -- Allows Script Injection, ViPeR
- Re: GoogleToolbar:About -- Allows Script Injection, Rafel Ivgi, The-Insider
Re:[2] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, advisories
- Re:[2] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, David F. Skoll
AOL Groups/AIM Information Disclosure, Link Linkovich
Tool announcement: fakebust, Michal Zalewski
Debian netkit telnetd vulnerability, Michal Zalewski
- Re: Debian netkit telnetd vulnerability, Solar Designer
  - Re: Debian netkit telnetd vulnerability, Matt Zimmerman
glFTPd local stack buffer overflow, CoKi
- <Possible follow-ups>
- Re: glFTPd local stack buffer overflow, Bloody_A
[ GLSA 200409-25 ] CUPS: Denial of service vulnerability, Thierry Carrez
CoD United Offensive boom boom, Luigi Auriemma
Serious Security Issue in Windows XP SP2's Firewall, Andreas Marx
[ GLSA 200409-26 ] Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities, Thierry Carrez
Vulnerabilities in TUTOS, Joxean Koret
- <Possible follow-ups>
- Vulnerabilities in TUTOS, Joxean Koret
Default username/password pairs in ON Command CCM 5.x database backend, Jonas Olsson
FreeBSD Security Advisory FreeBSD-SA-04:14.cvs, FreeBSD Security Advisories
Multiple Full Disclosure Path in postnuke 0.750 phoenix, Jérôme
- <Possible follow-ups>
- Multiple Full Disclosure Path in postnuke 0.750 phoenix, FAiN182
[SECURITY] [DSA 550-1] New wv packages fix arbitrary command execution, Martin Schulze
Local root compromise possible with getmail, David Watson
Re: Posible security bug in phpMyWebhosting, Udo Mueller
[ GLSA 200409-24 ] Foomatic: Arbitrary command execution in foomatic-rip filter, Joshua J. Berry
Multiple Vulnerabilities In EmuLive Server4, GulfTech Security
CA UniCenter Management Portal Username Enumeration Vulnerability, thomas adams
[SECURITY] [DSA 551-1] New lukemftpd packages fix arbitrary code execution, Martin Schulze
Broadcast crash in Popmessenger 1.60 (before 20 Sep 2004), Luigi Auriemma
ICMP spoofed source tunneling, Max Tulyev
- Re: ICMP spoofed source tunneling, fenfire
  - Re: ICMP spoofed source tunneling, Tim Newsham
    - Re: ICMP spoofed source tunneling, fenfire
  - Re: ICMP spoofed source tunneling, Calum
- Re: ICMP spoofed source tunneling, sin
- <Possible follow-ups>
- Re: ICMP spoofed source tunneling, Dave Paris
- Re: ICMP spoofed source tunneling, raiblehugo
Netscape NSS Library Vulnerability Affects Sun Java Enterprise System, Jérôme
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, pressinfo
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Jaeson Schultz
  - RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Lorne J. Leitman
    - RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Jaeson Schultz
    - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Heikki Korpela
  - RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, David Querin
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Jay Hennigan
  - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Jacob Appelbaum
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Craig Paterson
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Homer
  - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Hollis Johnson
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Rainer Duffner
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Mike Ely
  - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Claudius Li
    - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Seth Breidbart
      - RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, David Schwartz
        
        Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Adam Shostack
        
        RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, David Schwartz
        
        Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Seth Breidbart
    - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Enrique A. Chaparro
      - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Dana Hudes
    - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Patrick J. Kobly
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Marvin Bellamy
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Atom 'Smasher'
- <Possible follow-ups>
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Polazzo Justin
  - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Gene Cronk
  - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, steve menard
  - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Barry Fitzgerald
  - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Jose Rey
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Polazzo Justin
  - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Gene Cronk
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Polazzo Justin
  - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, ERACC
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Polazzo Justin
[ GLSA 200409-28 ] GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities, Thierry Carrez
[ GLSA 200409-27 ] glFTPd: Local buffer overflow vulnerability, Thierry Carrez
Possible DoS attack against jabberd 1.4.3 and jadc2s 0.9.0, Matthias Wimmer
And More Advanced SQL Injection..., Stefano Di Paola
New whitepaper "The Phishing Guide", Gunter Ollmann (NGS)
- Re: New whitepaper "The Phishing Guide", Aleksandar Milivojevic
  - Re: New whitepaper "The Phishing Guide", Seth Arnold
    - Re: New whitepaper "The Phishing Guide", Greg A. Woods
      - Re: New whitepaper "The Phishing Guide", Crispin Cowan
  - Re: New whitepaper "The Phishing Guide", Daniel Veditz
    - Re: New whitepaper "The Phishing Guide", Chip Andrews
      - Re: New whitepaper "The Phishing Guide", Philip Stoev
    - Re: New whitepaper "The Phishing Guide", Juraj Bednar
    - Re: New whitepaper "The Phishing Guide", Brian Dessent
  - Re[2]: New whitepaper "The Phishing Guide", Karsten Heidrich
[SECURITY] [DSA 552-1] New imlib2 packages fix potential arbitrary code execution, Martin Schulze
iDEFENSE Security Advisory 09.22.04 - Sophos Small Business Suite Reserved Device Name Handling Vulnerability, customer service mailbox
[CLA-2004:867] Conectiva Security Announcement - spamassassin, Conectiva Updates
Pinnacle ShowCenter 1.51 possible DoS, Jérôme
Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products, Mike Sues
[CLA-2004:866] Conectiva Security Announcement - qt3, Conectiva Updates
[ GLSA 200409-30 ] xine-lib: Multiple vulnerabilities, Thierry Carrez
MDKSA-2004:100 - Updated mpg123 packages fix vulnerabilities, Mandrake Linux Security Team
Pinnacle ShowCenter Skin Denial of Service, Marc Ruef
Symantec Enterprise Firewall/VPN and Gateway Security 300 Series Appliances Multiple Issues, Sym Security
MDKSA-2004:102 - Updated ImageMagick packages fix arbitray code execution vulnerabilities, Mandrake Linux Security Team
[CLA-2004:868] Conectiva Security Announcement - apache, Conectiva Updates
Macromedia Products Not Affected by MS JPEG/GDIPlus Issue, Macromedia Security Zone
Remote buffer overflow in MDaemon IMAP and SMTP server, pigrelax
MDKSA-2004:101 - Updated webmin packages fix vulnerabilities, Mandrake Linux Security Team
Multiple vulnerabilities in ActivePost Standard 3.1, Luigi Auriemma
Example of JPG Exploit & Shellcode, javier falbo
[ GLSA 200409-29 ] FreeRADIUS: Multiple Denial of Service vulnerabilities, Sune Kloppenborg Jeppesen
Promiscuous email printing in Canon imageRunner, Andrew Daviel
- Re: Promiscuous email printing in Canon imageRunner, Chip Mefford
- RE: Promiscuous email printing in Canon imageRunner, Matthew E. Lauterbach
- <Possible follow-ups>
- RE: Promiscuous email printing in Canon imageRunner, Eric McCarty
[ GLSA 200409-32 ] getmail: Filesystem overwrite vulnerability, Sune Kloppenborg Jeppesen
Re: Microsoft's GDI Detetection Tool faults, John Bissell
- Re: Microsoft's GDI Detetection Tool faults, Gadi Evron
  - Re: Microsoft's GDI Detetection Tool faults, Andreas Marx
- <Possible follow-ups>
- Microsoft's GDI Detetection Tool faults, albatross
- RE: Microsoft's GDI Detetection Tool faults, Dowling, Gabrielle
  - RE: Microsoft's GDI Detetection Tool faults, mgotts
- Re: Microsoft's GDI Detetection Tool faults, albatross
  - Re: Microsoft's GDI Detetection Tool faults, the rxmr
  - RE: Microsoft's GDI Detetection Tool faults, Scott Jacobson
aspWebCalendar /aspWebAlbum: SQL injection, Pedro Sanches
- Re: aspWebCalendar /aspWebAlbum: SQL injection, Steven
TSLSA-2004-0049 - apache, Trustix Security Advisor
Buffer overflow in Zinf 2.2.1 for Win32, Luigi Auriemma
- Re: Buffer overflow in Zinf 2.2.1 for Win32+exploit, iggy popal
NEW GDI+ JPEG Remote Exploit, John Bissell
[ GLSA 200409-31 ] jabberd 1.x: Denial of Service vulnerability, Sune Kloppenborg Jeppesen
New Macromedia Security Zone Bulletins Postede, Macromedia Security Zone
RE: New whitepaper "The Phishing Guide", Dehner, Benjamin T.
Motorola Wireless Router WR850G Authentication Circumvention, Daniel Fabian
- <Possible follow-ups>
- Motorola Wireless Router WR850G Authentication Circumvention, Daniel Fabian
New XSS vulnerabilities in paFileDB 3.1 final, alireza hassani
Re:[3] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, advisories
- Re:[3] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, David F. Skoll
  - Re: Re:[3] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, David Wilson
    - Re: Re:[3] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, David F. Skoll
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Jeremy Epstein
- RE: Diebold Global Election Management System (GEMS) Backdoor, Paul Wouters
  - Re: Diebold Global Election Management System (GEMS) Backdoor, Crispin Cowan
  - Re: Diebold Global Election Management System (GEMS) Backdoor, Adam Shostack
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Greg A. Woods
  - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Marco S Hyman
    - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Simon
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Nicholas Knight
  - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Matthew Keller
    - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Casper Dik
  - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Colm MacCarthaigh
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Mike Healan
  - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Tracy Bost
    - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Casper Dik
  - Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Coleman
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Bob Toxen
- Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Kurt Seifried
- <Possible follow-ups>
- RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Reed, Phillip C. (LNG-DAY)
New Macromedia Security Zone Bulletins Posted, Macromedia Security Zone
IPv4 fragmentation --> The Rose Attack, Gandalf The White
Re: HTTP Response Splitting and SQL injection in megabbs forum, PD9 Software
[Hat-Squad] Remote Buffer overflow Vulnerability in YahooPOPS, Hat-Squad Security Team
SQL injection in BroadBoard Instant ASP Message Board, pigrelax
[CLA-2004:869] Conectiva Security Announcement - kernel, Conectiva Updates
GDI Virus in the wild., Ben
- Re: GDI Virus in the wild., Gerry Eisenhaur
  - Re: GDI Virus in the wild., GuidoZ
[SECURITY] [DSA 554-1] New sendmail packages fix potential open relay, Martin Schulze
Broadcast crash in Chatman 1.5.1 RC1, Luigi Auriemma
iDEFENSE Security Advisory 09.27.04 - IBM AIX ctstrtcasd Local File Corruption Vulnerability, customer service mailbox
RE: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes, David Brodbeck
- Re: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes, Adam Jacob Muller
  - Re: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes, David F. Skoll
  - Re: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes, Craig Paterson
  - Re: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes, Aleksandar Milivojevic
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Nick Knouf
@lex Guestbook (PHP) Include file, Himeur Nourredine
Code execution in Icecast 2.0.1, Luigi Auriemma
Vignette Application Portal Unauthenticated Diagnostics, Advisories
MDKSA-2004:103 - Updated OpenOffice.org packages fix temporary file vulnerabilities, Mandrake Linux Security Team
Multiple XSS Vulnerabilities in Wordpress 1.2, Thomas Waldegger
MDKSA-2004:011-1 - Updated NetPBM packages fix a number of temporary file bugs., Mandrake Linux Security Team
Yahoo! Store Security Advisory, Stuart Moore
[ GLSA 200409-34 ] X.org, XFree86: Integer and stack overflows in libXpm, Thierry Carrez
Re: iDEFENSE Security Advisory 09.22.04 - Sophos Small Business Suite Reserved D, Lise Moorveld
directory traversal in ParaChat Server 5.5, Donato Ferrante
- <Possible follow-ups>
- directory traversal in ParaChat Server 5.5, Donato Ferrante
RE: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes, Jeremy Epstein
[security bulletin] SSRT4794 rev.0 HPStorageWorks Command View XP access restriction bypass, Boren, Rich (SSRT)
[CLA-2004:870] Conectiva Security Announcement - imlib, Conectiva Updates
Php RFC1867 Upload Vuln. POC Released, Stefano Di Paola
- <Possible follow-ups>
- Php RFC1867 Upload Vuln. POC Released, Stefano Di Paola
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to, Gareth Humphries
MyWebServer 1.0.3, nekd0
Possible GDI Exploit Vector, james_love
[FLSA-2004:1552] Updated cadaver packages that fix security vulnerabilities, Dominic Hargreaves
MSSQL 7.0 DoS, securma
Re: Default username/password pairs in ON Command CCM 5.x database backend, Sep 20 2004 2:24PM, Sym Security
Crash in Alpha Black Zero 1.04, Luigi Auriemma
[ GLSA 200409-35 ] Subversion: Metadata information leak, Sune Kloppenborg Jeppesen
[FLSA-2004:1468] Updated tcpdump packages that fix multiple security vulnerabilities, Dominic Hargreaves

Mail converted by MHonArc 2.6.8