Mail Index

• Thread Index

• MDKSA-2004:137-1 - Updated libxpm4 packages correct issues with previous update
  • From: Mandrake Linux Security Team
• Re: Privilege escalation flaw in MDaemon 7.2.
  • From: kf_lists
• CuteFTP 6.0 Professional Remote Buffer Overflow Vulnerability
  • From: Hongzhen Zhou
• Endless loops in the http-server and pna-proxy modules of Jana server 2.4.4
  • From: Luigi Auriemma
• Disclosure of file system information in Mozilla Firefox and Opera Browser:
  • From: Giovanni Delvecchio
• Re: Winamp - Buffer Overflow In IN_CDDA.dll
  • From: Black Dot
• SUSE Security Announcement: various kernel problems (SUSE-SA:2004:042)
  • From: Marcus Meissner
• Invision Power Board 'Allow auto login' setting override
  • From: Hillel Himovich
• Re: Pi3Web/2.0.0 File-Disclosure/Path Disclosure vuln
  • From: Holger Zimmermann
• [CLA-2004:904] Conectiva Security Announcement - cyrus-imapd
  • From: Conectiva Updates
• Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003.
  • From: Reed Arvin
• [SECURITY] [DSA 603-1] New openssl packages fix insecure temporary file creation
  • From: Martin Schulze
• [USN-36-1] NFS statd vulnerability
  • From: Martin Pitt
• [USN-35-1] imagemagick vulnerabilities
  • From: Martin Pitt
• [USN-33-1] libgd vulnerabilities
  • From: Martin Pitt
• [ GLSA 200411-37 ] Open DC Hub: Remote code execution
  • From: Luke Macken
• [CLA-2004:902] Conectiva Security Announcement - abiword
  • From: Conectiva Updates
• [USN-34-1] OpenSSH information leakage
  • From: Martin Pitt
• [KA Advisory 0411291] IPCop Cross Site Scripting Vulnerability in "proxylog.dat"
  • From: Kurczaba Associates advisories
• Cisco Security Advisory: Cisco CNS Network Registrar Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Blog Torrent preview 0.8 - arbitary file download
  • From: Steve Kemp
• [USN-37-1] cyrus21-imapd vulnerability
  • From: Martin Pitt
• Multiple vulnerabilities in Kreed 1.05
  • From: Luigi Auriemma
• Official IFRAME patch - make sure it installs correctly
  • From: Berend-Jan Wever
• rssh and scponly arbitrary command execution
  • From: Jason Wies
• Remote Mercury32 Imap exploit
  • From: JohnH
• [CLA-2004:905] Conectiva Security Announcement - squirrelmail
  • From: Conectiva Updates
• Re: Disclosure of file system information in Mozilla Firefox and Opera Browser:
  • From: Liu Die Yu
• FreeBSD Security Advisory FreeBSD-SA-04:17.procfs
  • From: FreeBSD Security Advisories
• Advanced Guestbook
  • From: Emile van Elen
• [SECURITY] [DSA 604-1] New hpsockd packages fix denial of service
  • From: Martin Schulze
• [ GLSA 200412-01 ] rssh, scponly: Unrestricted command execution
  • From: Thierry Carrez
• Opera 7.54 vulnerabilities again (still unfixed)
  • From: Marc Schoenefeld
• Winamp - Buffer Overflow In IN_CDDA.dll [ Patch Released ]
  • From: Brett Moore
• Hosting Controller
  • From: mouse small
• [SECURITY] [DSA 605-1] New viewcvs packages fix information leak
  • From: Martin Schulze
• Multiple vulnerabilities in w3who ISAPI DLL
  • From: Nicolas Gregoire
• [ GLSA 200412-02 ] PDFlib: Multiple overflows in the included TIFF library
  • From: Luke Macken
• Re: Advanced Guestbook
  • From: Spy Hat
• DoS leading to crash of client in Remote Execute 2.30
  • From: headpimp
• Web Application Security Consortium 'Guest Articles' Call for Papers
  • From: robert
• Tool Announcement: AIRT -- the Advanced Incident Response Tool (linux)
  • From: madsys
• Local root exploit on Mac OS X with Adobe Version Cue
  • From: fintler
• MaxDB WebTools <= 7.5.00.18 buffer overflow and Denial of Service
  • From: Evgeny Demidov
• [ GLSA 200412-05 ] mirrorselect: Insecure temporary file creation
  • From: Luke Macken
• Broadcast client crash in Battlefield 1942 1.6.19 and Vietnam 1.2
  • From: Luigi Auriemma
• MDKSA-2004:142 - Updated gzip packages fix temporary file vulnerability
  • From: Mandrake Linux Security Team
• RE: Disclosure of file system information in Mozilla Firefox and Opera Browser:
  • From: Thor Larholm
• Multiple Vulnerabilities in paFileDB 3.1
  • From: Ahmad Muammar
• Remote Web Server Text File Viewing Vulnerability in WebLibs 1.0
  • From: John Bissell
• MD5 To Be Considered Harmful Someday
  • From: Dan Kaminsky
• Re: Local root exploit on Mac OS X with Adobe Version Cue
  • From: Chet Ramey
• Bypass personal firewall application protection . Again.
  • From: offtopic
• Cleartext SMB passwords in Novell Desktop Linux using KDE
  • From: Mike DeMaria
• Online Script Decoder
  • From: GreyMagic Security
• 7a69Adv#16 - Konqueror FTP command injection
  • From: Albert Puigsech Galicia
• zone transfers, a spammer's dream?
  • From: Lode Vermeiren
• MDKSA-2004:143 - Updated ImageMagick packages fix vulnerability
  • From: Mandrake Linux Security Team
• Re: Online Script Decoder
  • From: Stefan Paletta
• Re: [Advisory] Mozilla Products Remote Crash Vulnerability
  • From: Berend-Jan Wever
• Re: MD5 To Be Considered Harmful Someday
  • From: Gandalf The White
• IE6 Vulnerability - Local File Detection
  • From: ViPeR
• MDKSA-2004:147 - Updated openssl packages fix temporary file vulnerability
  • From: Mandrake Linux Security Team
• [ GLSA 200412-04 ] Perl: Insecure temporary file creation
  • From: Luke Macken
• MDKSA-2004:146 - Updated nfs-utils packages fix remote DoS vulnerability
  • From: Mandrake Linux Security Team
• MDKSA-2004:145 - Updated rp-pppoe packages fix vulnerability
  • From: Mandrake Linux Security Team
• MDKSA-2004:144 - Updated lvm1 packages fix temporary file vulnerability
  • From: Mandrake Linux Security Team
• [Advisory] Mozilla Products Remote Crash Vulnerability
  • From: Niek van der Maas
• [ GLSA 200412-03 ] imlib: Buffer overflows in image decoding
  • From: Thierry Carrez
• Re: [Full-Disclosure] Multiple vulnerabilities in w3who ISAPI DLL
  • From: Nicolas Gregoire
• MD5 To Be Considered Harmful Today
  • From: Pavel Machek
• [SECURITY] [DSA 606-1] New nfs-utils packages fix denial of service
  • From: Martin Schulze
• Re: MDKSA-2004:145 - Updated rp-pppoe packages fix vulnerability
  • From: David F. Skoll
• Re: MD5 To Be Considered Harmful Someday
  • From: Tim
• Re: 7a69Adv#16 - Konqueror FTP command injection
  • From: Albert Puigsech Galicia
• Address Bar Spoophing for the Pheeshies: IntotheNet Explorer 6
  • From: http-equiv@xxxxxxxxxx
• Re: MD5 To Be Considered Harmful Someday
  • From: Joel Maslak
• RE: MD5 To Be Considered Harmful Someday
  • From: Rager, Anton (Anton)
• Re: MD5 To Be Considered Harmful Someday
  • From: Joel Maslak
• 7a69Adv#15 - Internet Explorer FTP command injection
  • From: Albert Puigsech Galicia
• Re: MD5 To Be Considered Harmful Someday
  • From: Gandalf The White
• Re: Bypass personal firewall application protection . Again.
  • From: Chris Paget
• RE: MD5 To Be Considered Harmful Someday
  • From: David Schwartz
• Re: MD5 To Be Considered Harmful Someday
  • From: Keith Oxenrider
• Re: MD5 To Be Considered Harmful Someday
  • From: Jack Lloyd
• Re: MD5 To Be Considered Harmful Someday
  • From: Dragos Ruiu
• Re: MD5 To Be Considered Harmful Someday
  • From: Jack Lloyd
• Re: MD5 To Be Considered Harmful Someday
  • From: Dan Kaminsky
• Re: MD5 To Be Considered Harmful Someday
  • From: Ruth A. Kramer
• Re: MD5 To Be Considered Harmful Someday
  • From: Dan Kaminsky
• Re: MD5 To Be Considered Harmful Someday
  • From: George Georgalis
• Re: MD5 To Be Considered Harmful Someday
  • From: Paul Wouters
• Re: MD5 To Be Considered Harmful Someday
  • From: Solar Designer
• Re: MD5 To Be Considered Harmful Someday
  • From: Paul Wouters
• Re: MD5 To Be Considered Harmful Someday
  • From: Dan Kaminsky
• Re: MD5 To Be Considered Harmful Someday
  • From: Steve Friedl
• Re: IE6 Vulnerability - Local File Detection
  • From: RSnake
• Re: MD5 To Be Considered Harmful Someday
  • From: David F. Skoll
• Re: MD5 To Be Considered Harmful Today
  • From: Dan Kaminsky
• Re: MD5 To Be Considered Harmful Today
  • From: Pavel Machek
• Re: MD5 To Be Considered Harmful Today
  • From: Dan Kaminsky
• TSLSA-2004-0064 - nfs-utils
  • From: Trustix Security Advisor
• KDE Security Advisory: plain text password exposure
  • From: Dirk Mueller
• KDE Security Advisory: kfax libtiff vulnerabilities
  • From: Dirk Mueller
• Re: MD5 To Be Considered Harmful Someday
  • From: Adam Shostack
• Re: MD5 To Be Considered Harmful Someday
  • From: Pavel Kankovsky
• F-Secure Policy Manager - physical path disclosure
  • From: oliver
• Re: Multiple Vulnerabilities in paFileDB 3.1
  • From: Rafael San Miguel Carrasco
• wget: Arbitrary file overwriting/appending/creating and other vulnerabilities
  • From: Jan Minar
• CodeCon CFP deadline nearing
  • From: Len Sassaman
• In-game buffer-overflow in the Gamespy cd-key validation SDK
  • From: Luigi Auriemma
• [SECURITY] [DSA 607-1] New libxpm packages fix several vulnerabilities
  • From: Martin Schulze
• HOW TO BREAK XP SP2 POPUP BLOCKER: kick it in the nut !
  • From: http-equiv@xxxxxxxxxx
• Local off-by-one in mtr versions 0.55 to 0.65 clamav-milter version 0.80j on mailhost.freebsd.lublin.pl
  • From: venglin
• Re: MD5 To Be Considered Harmful Someday
  • From: Solar Designer
• SugarSales Multiple Vulnerabilities
  • From: Daniel Fabian
• Citadel/UX <= v6.27 Remote Format String Vulnerability
  • From: CoKi
• Gadu-Gadu several vulnerabilities
  • From: Jaroslaw Sajko
• Multiple vulnerabilities in phpMyAdmin
  • From: Nicolas Gregoire
• MS IE User's Authentication Details (userid/password) Sharing Issue
  • From: Debasis Mohanty
• KDE Security Advisory: Konqueror Window Injection Vulnerability
  • From: Waldo Bastian
• iDEFENSE Security Advisory 12.13.04 - Multiple Vendor xzgv PRF Parsing Integer Overflow Vulnerability
  • From: customer service mailbox
• [ZH2004-19SA] Possible execution of remote shell commands in Opera with kfmclien
  • From: Giovanni Delvecchio
• Winamp 5.07 (latest version) Remote Crash + other stupid shizle
  • From: b0f www.b0f.net
• Socket unreacheable in the Lithtech engine (new protocol)
  • From: Luigi Auriemma
• RE: zone transfers, a spammer's dream?
  • From: Marcin Pacyna
• [ GLSA 200412-07 ] file: Arbitrary code execution
  • From: Matthias Geerdsen
• NetWare Screensaver Authentication Bypass From The Local Console
  • From: Adam Gray
• [ GLSA 200412-06 ] PHProjekt: setup.php vulnerability
  • From: Thierry Carrez
• Secure Network Operations SNOsoft Research Team [SRT2004-12-14-0322] Symantec LiveUpdate Advisory
  • From: Secure Network Operations, Inc.
• What's "may have exploitable buffer overflows" mean in tcpdump?
  • From: Dragos Ruiu
• Linux kernel IGMP vulnerabilities
  • From: Paul Starzetz
• Re: Secure Network Operations SNOsoft Research Team [SRT2004-12-14-0322] Symantec LiveUpdate Advisory
  • From: secure
• Linux kernel scm_send local DoS
  • From: Paul Starzetz
• Re: [Full-Disclosure] [HV-LOW] Symantec LiveUpdate issues may cause DoS
  • From: Dan Margolis
• phpBB Attachment Mod Directory Traversal HTTP POST Injection
  • From: Paul Laudanski
• [ZH2004-18SA] Content-Type spoofing in Mozilla Firefox and Opera could allow users to bypass security restrictions
  • From: Giovanni Delvecchio
• iDEFENSE Security Advisory 12.14.04 - Adobe Acrobat Reader 5.0.9 mailListIsPdf() Buffer Overflow Vulnerability
  • From: customer service mailbox
• MDKSA-2004:148 - Updated iproute2 packages fix temporary file vulnerability
  • From: Mandrake Linux Security Team
• [SECURITY] [DSA 609-1] New atari800 packages fix local root exploit
  • From: Martin Schulze
• ASP Calendar Vulnerability <www.ashiyane.com>
  • From: ali reza AcTiOnSpIdEr
• [CAN-2004-1022] Insecure Credential Storage on Kerio Software
  • From: Secure Computer Group
• Re: Citadel/UX <= v6.27 Remote Format String Vulnerability
  • From: Michael Hampton
• RICOH Aficio 450/455 PCL 5e Printer ICMP DOS vulnerability
  • From: Hongzhen Zhou
• Possible local root vulnerability in Roxio Toast on Mac OS X
  • From: fintler
• STG Security Advisory: [SSA-20041209-13] UseModWiki XSS vulnerability
  • From: advisory
• [SECURITY] [DSA 608-1] New zgv packages fix arbitrary code execution
  • From: Martin Schulze
• [CAN-2004-1023] Insecure default file system permissions on Microsoft versions of Kerio Software
  • From: Secure Computer Group
• MDKSA-2004:149 - Updated postgresql packages fix temporary file vulnerability
  • From: Mandrake Linux Security Team
• [ GLSA 200412-08 ] nfs-utils: Multiple remote vulnerabilities
  • From: Luke Macken
• iDEFENSE Security Advisory 12.13.04: Adobe Reader 6.0 .ETD File Format String Vulnerability
  • From: customer service mailbox
• Re: NetWare Screensaver Authentication Bypass From The Local Console
  • From: Brad Bendily
• Re: Linux kernel IGMP vulnerabilities
  • From: Pekka Savola
• [Correction For]: Secure Network Operations SNOsoft Research Team [SRT2004-12-14-0322] Symantec LiveUpdate Advisory
  • From: Secure Network Operations, Inc.
• ASP-rider is vulnerable to sql injection attack
  • From: shervin khaleghjou
• [USN-38-1] Linux kernel vulnerabilities
  • From: Martin Pitt
• iDEFENSE Security Advisory 12.14.04 - Microsoft Word 6.0/95 Document Converter Buffer Overflow Vulnerability
  • From: customer service mailbox
• HyperTerminal - Buffer Overflow In .ht File
  • From: Brett Moore
• Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ]
  • From: GulfTech Security
• Asante FM2008 10/100 Ethernet switch backdoor login
  • From: Joe Philipps
• Hotmail Cross-Site Scripting Vulnerability #1
  • From: Rafel Ivgi
• Hotmail Cross Site Scripting Vulnerability #2
  • From: Rafel Ivgi
• Yahoo! Mail Cross-Site Scripting Vulnerability
  • From: Rafel Ivgi
• *nix data wipe tools
  • From: Thomas C. Greene
• 3cdaemon tftp server DOS vulnerability
  • From: Wang Ning
• Re: rpcl_icmpdos.c
  • From: x90c
• [ GLSA 200412-09 ] ncpfs: Buffer overflow in ncplogin and ncpmap
  • From: Thierry Carrez
• Re: Linux kernel scm_send local DoS
  • From: even multiplexed
• Re: Linux kernel scm_send local DoS
  • From: Paul Starzetz
• MSIE DHTML Edit Control Cross Site Scripting Vulnerability
  • From: Paul
• [OpenPKG-SA-2004.052] OpenPKG Security Advisory (vim)
  • From: OpenPKG
• STG Security Advisory: [SSA-20041214-14] GNUBoard PHP injection vulnerability
  • From: advisory
• Security Advisory for CVS Slash
  • From: Jamie McCarthy
• Re: RICOH Aficio 450/455 PCL 5e Printer ICMP DOS vulnerability
  • From: Hongzhen Zhou
• [ GLSA 200412-10 ] Vim, gVim: Vulnerable options in modelines
  • From: Thierry Carrez
• Advisory 01/2004: Multiple vulnerabilities in PHP 4/5
  • From: Stefan Esser
• Re: Linux kernel IGMP vulnerabilities
  • From: Paul Starzetz
• iwebnegar is vulnerable to all kind of sql injections
  • From: shervin khaleghjou
• Cisco Security Advisory: Cisco Unity Integrated with Exchange Has Default Passwords
  • From: Cisco Systems Product Security Incident Response Team
• STG Security Advisory: [SSA-20041215-15] Vulnerability of uploading files with multiple extensions in MoniWiki
  • From: advisory
• CSS in phpBB 1.4.4
  • From: SandI]
• Cisco Security Advisory: Default Administrative Password in Cisco Guard and Traffic Anomaly Detector
  • From: Cisco Systems Product Security Incident Response Team
• Re: Linux kernel scm_send local DoS
  • From: even multiplexed
• Re: Linux kernel IGMP vulnerabilities
  • From: stephen joseph butler
• php unserialize
  • From: Martin Eiszner
• Re: Linux kernel scm_send local DoS
  • From: gadgeteer
• MDKSA-2004:150 - Updated kdelibs and kdebase packages fix vulnerability
  • From: Mandrake Linux Security Team
• RE: CSS in phpBB 1.4.4
  • From: Paul Owen
• Re: Linux kernel IGMP vulnerabilities
  • From: matthew-bugtraq
• Re: php unserialize
  • From: Stefan Esser
• [SAMBA] CAN-2004-1154 : Integer overflow could lead to remote code execution in Samba 2.x, 3.0.x <= 3.0.9
  • From: Gerald Carter
• STG Security Advisory: [SSA-20041215-17] Vulnerability of uploading files with multiple extensions in JSBoard
  • From: advisory
• iDEFENSE Security Advisory 12.15.04: Computer Associates eTrust EZ Antivirus Insecure File Permission Vulnerability
  • From: customer service mailbox
• STG Security Advisory: [SSA-20041215-18] Vulnerability of uploading files with multiple extensions in phpBB Attachment Mod
  • From: advisory
• [MaxPatrol] SQL-injection in Ikonboard 3.1.x
  • From: Alexander Anisimov
• STG Security Advisory: [SSA-20041215-19] Vulnerability of uploading files with multiple extensions in MediaWiki
  • From: advisory
• Multiple XSS Vulnerabilities in Wordpress 1.2.1
  • From: Thomas Waldegger
• DJB's students release 44 *nix software vulnerability advisories
  • From: Thor Larholm
• PHP Input Validation Vulnerabilities
  • From: Daniel Fabian
• Re: [ GLSA 200412-10 ] Vim, gVim: Vulnerable options in modelines
  • From: Alexey I. Froloff
• iDEFENSE Security Advisory 12.16.04: Samba smbd Security Descriptor Integer Overflow Vulnerability
  • From: iDEFENSE Security Advisory
• iDEFENSE Security Advisory 12.16.04: Veritas Backup Exec Agent Browser Registration Request Buffer Overflow Vulnerability
  • From: iDEFENSE Security Advisory
• iDEFENSE Security Advisory 12.16.04: MPlayer Remote RTSP HeapOverflow Vulnerability
  • From: iDEFENSE Security Advisory
• [USN-39-1] Linux amd64 kernel vulnerability
  • From: Martin Pitt
• [USN-40-1] PHP vulnerabilities
  • From: Martin Pitt
• iDEFENSE Security Advisory 12.16.04: MPlayer MMST Streaming Stack Overflow Vulnerability
  • From: iDEFENSE Security Advisory
• Yahoo! Mail Cross-Site Scripting Vulnerability
  • From: Rafel Ivgi, The-Insider
• iDEFENSE Security Advisory 12.16.04: MPlayer Bitmap Parsing Remote Heap Overflow Vulnerability
  • From: iDEFENSE Security Advisory
• Hotmail Cross-Site Scripting Vulnerability #2
  • From: Rafel Ivgi, The-Insider
• Hotmail Cross-Site Scripting Vulnerability #1
  • From: Rafel Ivgi, The-Insider
• Discussion: Microsoft(R) PowerPoint Action Settings feature allows invocation of default browser pointed at arbitrary URL.
  • From: Monte Ratzlaff
• [OpenPKG-SA-2004.053] OpenPKG Security Advisory (php)
  • From: OpenPKG
• [ GLSA 200412-11 ] Cscope: Insecure creation of temporary files
  • From: Luke Macken
• [SIG^2 G-TEC] singapore Image Gallery Web Application v0.9.10 Multiple Vulnerabilities
  • From: chewkeong
• Re: *nix data wipe tools
  • From: David Cannings
• RE: STG Security Advisory: [SSA-20041215-17] Vulnerability of uploading files with multiple extensions in JSBoard
  • From: Richard Stanway
• Unchecked returns from kernel_read() in linux-2.6.10-rc2 kernel
  • From: Katrina Tsipenyuk
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Crispin Cowan
• RE: Linux kernel IGMP vulnerabilities
  • From: Jirka Kosina
• [OpenPKG-SA-2004.054] OpenPKG Security Advisory (samba)
  • From: OpenPKG
• Gadu-Gadu, another two bugs
  • From: Jaroslaw Sajko
• NetBSD Security Advisory 2004-010: Insufficient argument validation in compat code
  • From: NetBSD Security-Officer
• [ GLSA 200412-12 ] Adobe Acrobat Reader: Buffer overflow vulnerability
  • From: Luke Macken
• phphpbb2 + php version < 4.3.10 unserialize() memory dump sql password from config.php exploit
  • From: bad boy
• Re: *nix data wipe tools
  • From: Wietse Venema
• 4 Vulnerabilities in GamePort
  • From: amoXi Devilkin
• Re: *nix data wipe tools
  • From: Thomas C. Greene
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: cees-bart
• Re: iDEFENSE Security Advisory 12.16.04: MPlayer MMST Streaming Stack Overflow Vulnerability
  • From: Hideki Yamane
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: security curmudgeon
• NetBSD kernel local vulnerabilities
  • From: Evgeny Demidov
• 4 Vulnerabilities in GamePort
  • From: amoXi Devilkin
• [OpenPKG-SA-2004.056] OpenPKG Security Advisory (cvstrac)
  • From: OpenPKG
• Re: *nix data wipe tools
  • From: Casper . Dik
• Internet Explorer Code Execution Bypass Vulnerability
  • From: aikon none
• [SECURITY] [DSA 610-1] New cscope packages fix insecure temporary file creation
  • From: Martin Schulze
• Bug in Crypt::ECB perl module
  • From: Bennett R. Samowich
• Re: *nix data wipe tools
  • From: George Georgalis
• [ GLSA 200412-13 ] Samba: Integer overflow
  • From: Sune Kloppenborg Jeppesen
• Multiple Vulnerabilities In Kayako eSupport v2.x
  • From: GulfTech Security
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: D. J. Bernstein
• MS Windows Media Player 9 Vulns (2)
  • From: Arman Nayyeri
• MDKSA-2004:151 - Updated php packages fix multiple vulnerabilities
  • From: Mandrake Linux Security Team
• Re: Patch available for multiple critical flaws in Oracle
  • From: Marc Bejarano
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Julian T J Midgley
• [USN-41-1] Samba vulnerability
  • From: Martin Pitt
• [SECURITY] [DSA 611-1] New htget packages fix arbitrary code execution
  • From: Martin Schulze
• Security Bulletin SSRT4687 rev.0 HP-UX newgrp(1) local privilege elevation
  • From: Boren, Rich (SSRT)
• AIX 5.1/5.2/5.3 local root exploits
  • From: cees-bart
• [ GLSA 200412-14 ] PHP: Multiple vulnerabilities
  • From: Thierry Carrez
• PHP shmop.c module permits write of arbitrary memory.
  • From: Stefano Di Paola
• TSLSA-2004-0068 - kernel
  • From: Trustix Security Advisor
• [ GLSA 200412-15 ] Ethereal: Multiple vulnerabilities
  • From: Sune Kloppenborg Jeppesen
• Crystal FTP Pro Client Buffer Overflow
  • From: Luca Ercoli
• TSLSA-2004-0066 - multi
  • From: Trustix Security Advisor
• Windows Explorer TGA Crash
  • From: Bill
• KDE Security Advisory: Konqueror Java Vulnerability
  • From: Waldo Bastian
• Re: Internet Explorer Code Execution Bypass Vulnerability
  • From: cmthemc
• UPDATE: [ GLSA 200410-12 ] WordPress: HTTP response splitting and XSS vulnerabilities
  • From: Luke Macken
• Exploit for Ultrix 4.5 dxterm
  • From: Kristoffer Brånemyr
• [ GLSA 200412-16 ] kdelibs, kdebase: Multiple vulnerabilities
  • From: Sune Kloppenborg Jeppesen
• Internet Explorer Help ActiveX Control Local Zone Security Restriction Bypass Vulnerability (updated)
  • From: Paul
• [ GLSA 200412-17 ] kfax: Multiple overflows in the included TIFF library
  • From: Sune Kloppenborg Jeppesen
• [ GLSA 200412-20 ] NASM: Buffer overflow vulnerability
  • From: Luke Macken
• [ GLSA 200412-18 ] abcm2ps: Buffer overflow vulnerability
  • From: Luke Macken
• [USN-42-1] Xine library vulnerabilities
  • From: Martin Pitt
• [Full-Disclosure] [ GLSA 200412-19 ] phpMyAdmin: Multiple vulnerabilities
  • From: Sune Kloppenborg Jeppesen
• [ GLSA 200412-21 ] MPlayer: Multiple overflows
  • From: Thierry Carrez
• Re: Gadu-Gadu, another two bugs
  • From: Przemyslaw Frasunek
• Gadu-Gadu Remote DoS (all versions)
  • From: Maciej Soltysiak
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Marcin Owsiany
• MDKSA-2004:153 - Updated aspell packages fix vulnerability
  • From: Mandrake Linux Security Team
• MDKSA-2004:152 - Updated ethereal packages fix multiple vulnerabilities
  • From: Mandrake Linux Security Team
• [SECURITY] [DSA 612-1] New a2ps packages fix arbitrary command execution
  • From: Martin Schulze
• Updated: TSLSA-2004-0068 - kernel
  • From: Trustix Security Advisor
• [USN-43-1] groff utility vulnerabilities
  • From: Martin Pitt
• Re: [Full-Disclosure] Re: Gadu-Gadu, another two bugs
  • From: Maciej Soltysiak
• MITKRB5-SA-2004-004: heap overflow in libkadm5srv
  • From: Tom Yu
• TSLSA-2004-0069 - kerberos5
  • From: Trustix Security Advisor
• [SECURITY] [DSA 614-1] New xzgv packages fix arbitrary code execution
  • From: Martin Schulze
• Re: AIX 5.1/5.2/5.3 local root exploits (diag issue)
  • From: Shiva Persaud
• Xprobe 0.2.1 Released
  • From: bugtraq
• phpBB Worm
  • From: Shannon Lee
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Jonathan T Rockway
• SUSE Security Announcement: various kernel problems (SUSE-SA:2004:044)
  • From: Marcus Meissner
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Artem Chuprina
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Dave Holland
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: milw0rm Inc.
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Antoine Martin
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Thor
• Re: phpBB Worm
  • From: Raymond Dijkxhoorn
• iDEFENSE Security Advisory 12.21.04: Multiple Vendor xpdf PDF Viewer Buffer Overflow Vulnerability
  • From: customer service mailbox
• iDEFENSE Security Advisory 12.21.04: Multiple Vendor Xine version 0.99.2 PNM Handler Negative Read Length Heap Overflow Vulnerability
  • From: customer service mailbox
• iDEFENSE Security Advisory 12.21.04: Multiple Vendor Xine version 0.99.2 PNM Handler PNA_TAG Heap Overflow Vulnerability
  • From: customer service mailbox
• iDEFENSE Security Advisory 12.21.04: libtiff Directory Entry Count Integer Overflow Vulnerability
  • From: customer service mailbox
• iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability
  • From: customer service mailbox
• iDEFENSE Security Advisory 12.21.04: Hewlett Packard HP-UX ftpd Remote Buffer Overflow Vulnerability
  • From: customer service mailbox
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Stephen Samuel
• Re: Wordpress 1.2.2 is still vulnerable
  • From: Thomas Waldegger
• RE: DJB's students release 44 *nix software vulnerability advisories
  • From: Devin Ganger
• Re: Windows Explorer TGA Crash is a DoS bug in Internet Explorer.
  • From: Berend-Jan Wever
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: David F. Skoll
• WebWorm using PHPBB vulnerability in the wild!
  • From: Niki Denev
• Re: AIX 5.1/5.2/5.3 local root exploits (paginit issue)
  • From: Shiva Persaud
• RE: phpBB Worm
  • From: Paul Kurczaba
• [SECURITY] [DSA 613-1] New ethereal packages fix denial of service
  • From: Martin Schulze
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Stephen Harris
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: laffer1
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Raymond M. Reskusich
• Re: Windows Explorer TGA Crash is a DoS bug in Internet Explorer.
  • From: Berend-Jan Wever
• SUSE Security Announcement: samba (SUSE-SA:2004:045)
  • From: Sebastian Krahmer
• [SECURITY] [DSA 615-1] New debmake package fixes insecure temporary directories
  • From: Martin Schulze
• Local versus remote security holes
  • From: D. J. Bernstein
• MDKSA-2004:154 - Updated kdelibs packages fix multiple vulnerability
  • From: Mandrake Linux Security Team
• Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability
  • From: Dmitry V. Levin
• Sybase ASE 12.5.2 vulnerabilities
  • From: NGSSoftware Insight Security Research
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: D. J. Bernstein
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Jonathan Rockway
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Chris Paget
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Jonathan Rockway
• Re: phpBB Worm
  • From: Sebastian Wiesinger
• Re: phpBB Worm
  • From: Alexander Klimov
• malware effecting broadband users in Israel
  • From: Gadi Evron
• Java Runtime Environment Remote Denial-of-Service (DoS) Vulnerability
  • From: Marc Schoenefeld
• MDKSA-2004:156 - Updated krb5 packages fix buffer overflow vulnerability
  • From: Mandrake Linux Security Team
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Valdis . Kletnieks
• Re: phpBB Worm
  • From: ycw1bh302
• Re: Local versus remote security holes
  • From: Adam Shostack
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Steven M. Christey
• Permission problem in Skype BETA for linux
  • From: Peter Conrad
• PHP v4.3.x exploit for Windows.
  • From: The Warlock
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: David Eisner
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Steven M. Christey
• Realone2.0 "pnxr3260.dll" Lets Remote Users IE Browser Crash
  • From: Wei Li
• [ GLSA 200412-23 ] Zwiki: XSS vulnerability
  • From: Luke Macken
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Casper . Dik
• RE: DJB's students release 44 *nix software vulnerability advisories
  • From: Manning, Robert (Mission Systems)
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Crispin Cowan
• stick with "anonymous" or "authenticated" when describing attacks
  • From: Jonathan G. Lampe
• possible local exploit via sendmail with procmail on solaris
  • From: Michael Barnes
• Webmin BruteForce + Command execution - By Di42lo <DiAblo_2@012.net.il>
  • From: amit sides
• MDKSA-2004:155 - Updated logcheck packages fix temporary file vulnerability
  • From: Mandrake Linux Security Team
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Jack Lloyd
• MDKSA-2004:157 - Updated mplayer packages fix multiple vulnerabilities
  • From: Mandrake Linux Security Team
• Security Advisory for ALL forum services with client-set images
  • From: James Bandara
• 2Bgal : 2.4 & 2.5.1 SQL injection Vulnerability
  • From: zib zib
• Re: WebWorm using PHPBB vulnerability in the wild!
  • From: Nick Johnson
• SUSE Security Announcement: kernel local privilege escalation (SUSE-SA:2004:046)
  • From: Marcus Meissner
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: sean
• Oracle Trigger Abuse (#NISR2122004I)
  • From: NGSSoftware Insight Security Research
• Oracle clear text passwords (#NISR2122004D)
  • From: NGSSoftware Insight Security Research
• Oracle ISQLPlus file access vulnerability (#NISR2122004E)
  • From: NGSSoftware Insight Security Research
• Oracle Character Conversion Bugs (#NISR2122004G)
  • From: NGSSoftware Insight Security Research
• Oracle extproc buffer overflow (#NISR23122004A)
  • From: NGSSoftware Insight Security Research
• Oracle extproc directory traversal (#NISR23122004B)
  • From: NGSSoftware Insight Security Research
• IBM DB2 generate_distfile buffer overflow vulnerability (#NISR2122004L)
  • From: NGSSoftware Insight Security Research
• Oracle extproc local command execution (#NISR23122004C)
  • From: NGSSoftware Insight Security Research
• Oracle TNS Listener DoS (#NISR2122004F)
  • From: NGSSoftware Insight Security Research
• Oracle multiple PL/SQL injection vulnerabilities (#NISR2122004H)
  • From: NGSSoftware Insight Security Research
• Oracle wrapped procedure overflow (#NISR2122004J)
  • From: NGSSoftware Insight Security Research
• [OpenPKG-SA-2004.055] OpenPKG Security Advisory (gettext)
  • From: OpenPKG
• IBM DB2 rec2xml buffer overflow vulnerability (#NISR2122004J)
  • From: NGSSoftware Insight Security Research
• [SECURITY] [DSA 616-1] New telnetd-ssl packages fix arbitrary code execution
  • From: Martin Schulze
• Microsoft Windows Kernel ANI File Parsing Crash and DOS Vulnerability
  • From: flashsky fangxing
• Microsoft Windows LoadImage API Integer Buffer overflow
  • From: flashsky fangxing
• Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability
  • From: Moritz Muehlenhoff
• SHOUTcast remote format string vulnerability
  • From: Damian Put
• Re: phpBB Worm
  • From: Alvin Packard
• Crystal FTP Pro 2.8 PoC
  • From: cybertronic
• [USN-47-1] Linux kernel vulnerabilities
  • From: Martin Pitt
• Cross Site Scripting In PsychoStats 2.2.4 Beta && Earlier
  • From: GulfTech Security
• Re: phpBB Worm
  • From: Anders Henke
• Re: stick with "anonymous" or "authenticated" when describing
  • From: Steven M. Christey
• Re: Linux kernel scm_send local DoS
  • From: Pavel Kankovsky
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Michal Zalewski
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: D. J. Bernstein
• Re: Security Advisory for ALL forum services with client-set images
  • From: Stefan Paletta
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Crispin Cowan
• RE: DJB's students release 44 *nix software vulnerability advisories
  • From: Palmer, Paul (ISSAtlanta)
• Inexcusable weakness in Kmail / GnuPG
  • From: Thomas C. Greene
• Re: phpBB Worm
  • From: William Geoghegan
• Re: [webmin-l] Re: Webmin BruteForce + Command execution - By Di42lo <DiAblo_2@012.net.il>
  • From: Jamie Cameron
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Crispin Cowan
• RE: Local versus remote security holes
  • From: David Brodbeck
• RE: Crystal FTP Pro 2.8 PoC
  • From: cybertronic
• [USN-48-1] xpdf, tetex-bin vulnerabilities
  • From: Martin Pitt
• [USN-49-1] debmake vulnerability
  • From: Martin Pitt
• [USN-51-1] teTeX auxiliary script vulnerability
  • From: Martin Pitt
• [USN-52-1] vim vulnerability
  • From: Martin Pitt
• RE: phpBB Worm
  • From: Ofer Shezaf
• [ Security Bulletin ] SSRT4699 rev.0 HP-UX SAM local privilege increase
  • From: Boren, Rich (SSRT)
• [Security Bulletin] SSRT4867 rev.0 Netscape Directory Server on HP-UX LDAP remote buffer overflow
  • From: Boren, Rich (SSRT)
• Microsoft Windows winhlp32.exe Heap Overflow Vulnerability
  • From: flashsky fangxing
• [Security Bulletin] SSRT4876 rev.0 HP Tru64 UNIX SWS (Apache) Secure Web Server Remote
  • From: Boren, Rich (SSRT)
• WPkontakt message parsing error
  • From: Jaroslaw Sajko
• Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
  • From: flashsky fangxing
• Re: Security Advisory for ALL forum services with client-set images
  • From: Tim Jackson
• [Security Bulletin] SSRT4883 rev.3 HP-UX ftp and ftpd remote unauthorized access
  • From: Boren, Rich (SSRT)
• Re: phpBB Worm
  • From: Anders Henke
• [USN-50-1] CUPS vulnerabilities
  • From: Martin Pitt
• [Security Bulletin] SSRT4696 rev.0 - HP Tru64 UNIX TCP Stack Remote Denial of Service (DoS)
  • From: Boren, Rich (SSRT)
• Re: Webmin BruteForce + Command execution - By Di42lo <DiAblo_2@012.net.il>
  • From: Martin Mewes
• Re: [Full-Disclosure] Re: Linux kernel scm_send local DoS
  • From: Valdis . Kletnieks
• Re: possible local exploit via sendmail with procmail on solaris
  • From: Jeff Damens
• raptor's xmas pack 2004
  • From: Marco Ivaldi
• [SECURITY] [DSA 618-1] New imlib packages fix arbitrary code execution
  • From: Martin Schulze
• [SECURITY] [DSA 617-1] New libtiff packages fix arbitrary code execution
  • From: Martin Schulze
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: Crispin Cowan
• Re: DJB's students release 44 *nix software vulnerability advisories
  • From: David Wagner
• Re: phpBB Worm
  • From: steve
• Re: [USN-52-1] vim vulnerability
  • From: Liu Die Yu
• STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard
  • From: advisory
• Re: Inexcusable weakness in Kmail / GnuPG
  • From: Simple Nomad
• XSS in yacy 0.31
  • From: Donato Ferrante
• Final Call for Papers & Workshops - BCS Asia 2005
  • From: Anthony.zboralski
• Re: phpBB Worm
  • From: Raymond Dijkxhoorn
• Re: phpBB Worm
  • From: Zeljko Brajdic
• CleanCache v2.19: False Sense of Security
  • From: WBG Links
• New Santy-Worm attacks *all* PHP-skripts
  • From: Juergen Schmidt
• new phpBB worm affects 2.0.11
  • From: Herman Sheremetyev
• PHPBB worm in action
  • From: Colin Keith
• RE: phpBB Worm
  • From: Chris Ess
• Re: New Santy-Worm attacks *all* PHP-skripts ( Santy.c ? )
  • From: K-OTiK Security
• Re: Microsoft Windows LoadImage API Integer Buffer overflow
  • From: Brett Glass
• New Winhlp32.exe vuln
  • From: bad_son
• Microsoft Internet Explorer SP2 Fully Automated Remote Compromise
  • From: Paul
• Multiple Vulnerabilities in Moodle
  • From: Bartek Nowotarski
• MDKSA-2004:158 - Updated samba packages fix integer overflow vulnerabilities
  • From: Mandrake Linux Security Team
• possible error in latest NGS realplayer advisory
  • From: Marc Bejarano
• Multiple WHM Autopilot Vulnerabilities
  • From: GulfTech Security
• Did a 16-bit counter overflow shut down Comair?
  • From: Richard M. Smith
• Remote code execution with parameters withoutu ser interaction, even with XP SP2
  • From: ShredderSub7 SecExpert
• Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability
  • From: Marcus Meissner
• [HAT-SQUAD] NetCat Remote Critical Vulnerability, Poc included
  • From: Hat-Squad Security Team
• Netcat v1.11 For Windows , New fixed version
  • From: Hat-Squad Security Team
• XSA-2004-7: stack overflow in AIFF demultiplexer
  • From: Michael Roitzsch
• Re: [HAT-SQUAD] NetCat Remote Critical Vulnerability, Poc included
  • From: Chris Wysopal
• KDE Security Advisory: kpdf Buffer Overflow Vulnerability
  • From: Dirk Mueller
• Re: Microsoft Windows LoadImage API IntegerBuffer overflow
  • From: Berend-Jan Wever
• php-Calendar File Include Vulnerability [ Command Exec ]
  • From: GulfTech Security
• QNX crrtrap arbitrary file read/write vulnerability [RLSA_06-2004]
  • From: Julio Cesar Fort
• Sanity Worm Concepts
  • From: Andy Fewtrell
• Re: Did a 16-bit counter overflow shut down Comair?
  • From: Mike Nice
• Re: Did a 16-bit counter overflow shut down Comair?
  • From: Avleen Vig
• [CLA-2004:909] Conectiva Security Announcement - netpbm
  • From: Conectiva Updates
• [ GLSA 200412-25 ] CUPS: Multiple vulnerabilities
  • From: Thierry Carrez
• [ GLSA 200412-26 ] ViewCVS: Information leak and XSS vulnerabilities
  • From: Thierry Carrez
• [ GLSA 200412-24 ] Xpdf, GPdf: New integer overflows
  • From: Thierry Carrez
• Heap overflow in Mozilla Browser <= 1.7.3 NNTP code.
  • From: Maurycy Prodeus
• [SECURITY] [DSA 620-1] New perl packages fix several vulnerabilities
  • From: Martin Schulze
• MDKSA-2004:160 - Updated kdelibs packages fix konqueror email vulnerability
  • From: Mandrake Linux Security Team
• MDKSA-2004:161 - Updated xpdf packages fix buffer overflow vulnerability
  • From: Mandrake Linux Security Team
• KorWeblog php injection Vulnerability
  • From: Min-sung Choi
• NetCat V 1.11 Multiple Bugs
  • From: CorryL
• [SECURITY] [DSA 619-1] New xpdf packages fix arbitrary code execution
  • From: Martin Schulze
• MDKSA-2004:164 - Updated cups packages fix buffer overflow vulnerability
  • From: Mandrake Linux Security Team
• MDKSA-2004:159 - Updated glibc packages fix temporary file vulnerability
  • From: Mandrake Linux Security Team
• MDKSA-2004:163 - Updated kdegraphics packages fix buffer overflow vulnerability
  • From: Mandrake Linux Security Team
• MDKSA-2004:165 - Updated koffice packages fix multiple vulnerabilities
  • From: Mandrake Linux Security Team
• Re: Strange Java Loader (not so strange - Trojan.ByteVerify)
  • From: K-OTiK Security
• MDKSA-2004:162 - Updated gpdf packages fix buffer overflow vulnerability
  • From: Mandrake Linux Security Team
• Re: Multiple Vulnerabilities in Moodle
  • From: Martin Dougiamas
• Re: Sanity Worm Concepts
  • From: Paul Laudanski
• MDKSA-2004:166 - Updated tetex packages fix multiple vulnerabilities
  • From: Mandrake Linux Security Team