Mail Index

• Thread Index

• SQL Injection Vulnerability In IBProArcade
  • From: mike bailey
• [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC
  • From: houseofdabus HOD
• ArGoSoft FTP Server reveals valid usernames and allows for brute force attacks
  • From: steven
• Bluetooth: BlueSnarf and BlueBug Full Disclusore
  • From: Adam Laurie
• Re: [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC
  • From: Alberto Garcia Hierro
• [SECURITY] [DSA 621-1] New CUPS packages fix arbitrary code execution
  • From: Martin Schulze
• Cross Site Scripting DOS (Zyxel B-420 Ethernet Bridge)
  • From: beniwiedmer
• WHM AutoPilot Security Release [ Plus Upgrade Instructions ]
  • From: GulfTech Security
• Re: [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC
  • From: Steve Friedl
• Jacks FormMail.php remote file access vulnerability
  • From: Hack Hawk
• Windows Media files allow opening any url in Internet Explorer
  • From: Berend-Jan Wever
• Windows LoadImage API Heapoverflow exploit
  • From: Berend-Jan Wever
• 7a69Adv#17 - Internet Explorer FTP download path disclosure
  • From: Albert Puigsech Galicia
• Various Vulnerabilities in OWL Intranet Engine
  • From: Joxean Koret
• Cross Site Scripting Vulnerabilities and Possible Code Execution in SugarCRM
  • From: Joxean Koret
• Two Vulnerabilities in ViewCVS
  • From: Joxean Koret
• [SECURITY] [DSA 622-1] New htmlheadline package fixes insecure temporary files
  • From: Martin Schulze
• Remote DoS in GFI MailEssentials due to a bug in Microsoft HTML parser
  • From: Peter Kruse
• STG Security Advisory: [SSA-20041224-21] File extensions restriction bypass vulnerability in GNUBoard
  • From: advisory
• Multiple Vulnerabilities in FlatNuke
  • From: Pierquinto Manco
• Multiple Firewall Products Bypass Vulnerability
  • From: Ferruh Mavituna
• 3Com 3CDaemon Multiple Vulnerabilities
  • From: Sowhat .
• Serious Vulnerabilities In PhotoPost ReviewPost
  • From: GulfTech Security
• [SECURITY] [DSA 623-1] New nasm packages fix arbitrary code execution
  • From: Martin Schulze
• Multiple PhotoPost Pro Vulnerabilities
  • From: GulfTech Security
• [KDE Security Advisory] ftp kioslave command injection
  • From: Dirk Mueller
• MyBB SQL Injection
  • From: scottm
• Socket termination, format string and XSS in Soldner Secret Wars 30830
  • From: Luigi Auriemma
• QWikiwiki directory traversal vulnerability
  • From: Madelman
• [SECURITY] [DSA 624-1] New zip packages fix arbitrary code execution
  • From: Martin Schulze
• [ GLSA 200501-04 ] Shoutcast Server: Remote code execution
  • From: Luke Macken
• [CLA-2005:910] Conectiva Security Announcement - mplayer
  • From: Conectiva Updates
• [SECURITY] [DSA 625-1] New pcal packages fix arbitrary code execution
  • From: Martin Schulze
• [ GLSA 200501-01 ] LinPopUp: Buffer overflow in message reply
  • From: Thierry Carrez
• [ GLSA 200501-02 ] a2ps: Insecure temporary files handling
  • From: Thierry Carrez
• [ GLSA 200501-03 ] Mozilla, Firefox, Thunderbird: Various vulnerabilities
  • From: Thierry Carrez
• DMA[2005-0103a] - 'William LeFebvre "top" format string vulnerability'
  • From: KF (Lists)
• Paper: SQL Injection Attacks by Example
  • From: Steve Friedl
• IBM DB2 db2fmp buffer overflow (#NISR05012005A)
  • From: NGSSoftware Insight Security Research
• IBM DB2 libdb2.so buffer overflow (#NISR05012005B)
  • From: NGSSoftware Insight Security Research
• IBM DB2 call buffer overflow (#NISR05012005C)
  • From: NGSSoftware Insight Security Research
• IBM DB2 JDBC Applet Server buffer overflow (#NISR05012005D)
  • From: NGSSoftware Insight Security Research
• IBM DB2 SATADMIN.SATENCRYPT buffer overflow (#NISR05012005E)
  • From: NGSSoftware Insight Security Research
• IBM DB2 Windows Permission Problems (#NISR05012005F)
  • From: NGSSoftware Insight Security Research
• IBM DB2 to_char and to_date Denial Of Service (#NISR05012005G)
  • From: NGSSoftware Insight Security Research
• RE: Paper: SQL Injection Attacks by Example
  • From: David Litchfield
• IBM DB2 XML functions overflows (#NISR05012005H)
  • From: NGSSoftware Insight Security Research
• IBM DB2 XML functions file creation vulnerabilities (#NISR05012005I)
  • From: NGSSoftware Insight Security Research
• RE: Paper: SQL Injection Attacks by Example
  • From: Scovetta, Michael V
• Re: Paper: SQL Injection Attacks by Example
  • From: Chip Andrews
• RE: Paper: SQL Injection Attacks by Example
  • From: Michael Silk
• Re: Paper: SQL Injection Attacks by Example
  • From: Cory Foy
• RE: Paper: SQL Injection Attacks by Example
  • From: David Litchfield
• [ GLSA 200501-05 ] mit-krb5: Heap overflow in libkadm5srv
  • From: Sune Kloppenborg Jeppesen
• [ GLSA 200501-06 ] tiff: New overflows in image decoding
  • From: Thierry Carrez
• RE: Paper: SQL Injection Attacks by Example
  • From: Scovetta, Michael V
• All Symantec Products All Versions Until 2005 - Remote Stack Buffer Overflow
  • From: Rafel Ivgi, The-Insider
• RE: Paper: SQL Injection Attacks by Example
  • From: Sergey Chernyshev
• [SECURITY] [DSA 627-1] New namazu2 packages fix cross-site scripting vulnerability
  • From: Martin Schulze
• [SECURITY] [DSA 626-1] New tiff packages fix denial of service
  • From: Martin Schulze
• [SECURITY] [DSA 628-1] New imlib2 packages fix arbitrary code execution
  • From: Martin Schulze
• RE: All Symantec Products All Versions Until 2005 - Remote Stack Buffer Overflow
  • From: Polazzo Justin
• [USN-54-1] TIFF library tool vulnerability
  • From: Martin Pitt
• Socket unreacheable in Amp II engine
  • From: Luigi Auriemma
• [USN-55-1] imlib2 vulnerabilities
  • From: Martin Pitt
• [ GLSA 200501-07 ] xine-lib: Multiple overflows
  • From: Thierry Carrez
• [CLA-2005:913] Conectiva Security Announcement - samba
  • From: Conectiva Updates
• MDKSA-2005:001 - Updated libtiff packages fix multiple vulnerabilities
  • From: Mandrake Linux Security Team
• re: All Symantec Products All Versions Until 2005 - Remote Stack Buffer Overflow
  • From: Sym Security
• MDKSA-2005:002 - Updated wxGTK2 packages fix vulnerabilities
  • From: Mandrake Linux Security Team
• MDKSA-2005:003 - Updated vim packages fix modeline vulnerabilities
  • From: Mandrake Linux Security Team
• MDKSA-2005:004 - Updated nasm packages fix buffer overflow vulnerability
  • From: Mandrake Linux Security Team
• [ GLSA 200501-08 ] phpGroupWare: Various vulnerabilities
  • From: Luke Macken
• [ GLSA 200501-09 ] xzgv: Multiple overflows
  • From: Thierry Carrez
• [ GLSA 200501-10 ] Vilistextum: Buffer overflow vulnerability
  • From: Thierry Carrez
• WinAc AND WinHKI ZIP File Directory Transversal
  • From: Rafel Ivgi, The-Insider
• Santy and SSL
  • From: Ofer Shezaf
• grsecurity 2.1.0 release / 5 Linux kernel advisories
  • From: Brad Spengler
• grsecurity 2.1.0 release / 5 Linux kernel advisories
  • From: Brad Spengler
• Linux kernel sys_uselib local root vulnerability
  • From: Paul Starzetz
• Mozilla XBM Image Vulnerability
  • From: Luca Ercoli
• Simple PHP Blog directory traversal vulnerability
  • From: Madelman
• [SECURITY] [DSA 629-1] New kerberos packages fix arbitrary code execution
  • From: Martin Schulze
• Linux kernel uselib() privilege elevation, corrected
  • From: Paul Starzetz
• iDEFENSE Security Advisory [IDEF0725] Exim host_aton() Buffer Overflow Vulnerability
  • From: customer service mailbox
• Troj/Winser-A malware analysis
  • From: Steve Friedl
• iDEFENSE Security Advisory [IDEF0731] Exim auth_spa_server() Buffer Overflow Vulnerability
  • From: customer service mailbox
• Security Advisory: Woltlab Burning Board Lite formmail.php XSS
  • From: Martin Heistermann
• [SECURITY] [DSA 631-1] New kdlibs packages fix arbitrary FTP command execution
  • From: Martin Schulze
• [SECURITY] [DSA 632-1] New linpopup packages fix arbitrary code execution
  • From: Martin Schulze
• [ GLSA 200501-12 ] TikiWiki: Arbitrary command execution
  • From: Matthias Geerdsen
• SUSE Security Announcement: libtiff/tiff (SUSE-SA:2005:001)
  • From: Thomas Biege
• SQL Injection Vulnerability in Invision Community Blog
  • From: darkhawk matrix
• [SECURITY] [DSA 630-1] New lintian packages fix insecure temporary directory
  • From: Martin Schulze
• [ GLSA 200501-17 ] KPdf, KOffice: More vulnerabilities in included Xpdf
  • From: Sune Kloppenborg Jeppesen
• [ GLSA 200501-16 ] Konqueror: Java sandbox vulnerabilities
  • From: Sune Kloppenborg Jeppesen
• [SECURITY] [DSA 634-1] New hylafax packages fix unauthorised access
  • From: Martin Schulze
• UPDATED: the insider exploit( = the latest ie 0day which involves SHOWMODALDIALOG)
  • From: Liu Die Yu
• Multi-vendor AV gateway image inspection bypass vulnerability
  • From: Darren Bounds
• The Misuse of RC4 in Microsoft Word and Excel
  • From: Hongjun Wu
• HylaFAX hfaxd unauthorized login vulnerability
  • From: Lee Howard
• applicable exploit for winxp-sp2-uptodate Internet Explorer
  • From: Liu Die Yu
• EEYE: Windows ANI File Parsing Buffer Overflow
  • From: Derek Soeder
• [AppSecInc Team SHATTER Security Advisory] Microsoft Windows LPC heap overflow
  • From: Team SHATTER (Application Security, Inc.)
• VERITAS Backup Exec 8.x/9.x Remote Universal Exploit
  • From: class 101
• [AppSecInc Team SHATTER Security Advisory] Microsoft Windows Improper Token Validation
  • From: Team SHATTER (Application Security, Inc.)
• Portcullis Security Advisory 05-010
  • From: Paul J Docherty
• Firespoofing [Firefox 1.0]
  • From: mikx
• [ GLSA 200501-18 ] KDE FTP KIOslave: Command injection
  • From: Sune Kloppenborg Jeppesen
• Portcullis Security Advisory 05-005
  • From: Paul J Docherty
• Portcullis Security Advisory 05-001
  • From: Paul J Docherty
• Portcullis Security Advisory 05-007
  • From: Paul J Docherty
• Mod_dosevasive symlink and race vulnerability
  • From: LSS Security
• Portcullis Security Advisory 05-006
  • From: Paul J Docherty
• Portcullis Security Advisory 05-003
  • From: Paul J Docherty
• [SECURITY] [DSA 633-1] New bmv package fixes insecure temporary file creation
  • From: Martin Schulze
• [OpenPKG-SA-2005.001] OpenPKG Security Advisory (perl)
  • From: OpenPKG
• Portcullis Security Advisory 05-004
  • From: Paul J Docherty
• Woltlab Burning Book addentry.php SQL Injection
  • From: Martin Heistermann
• Metasploit Framework v2.3
  • From: H D Moore
• Apache mod_auth_radius remote integer overflow
  • From: LSS Security
• [ GLSA 200501-11 ] Dillo: Format string vulnerability
  • From: Thierry Carrez
• [USN-58-1] MIT Kerberos server vulnerability
  • From: Martin Pitt
• [ GLSA 200501-21 ] HylaFAX: hfaxd unauthorized login vulnerability
  • From: Thierry Carrez
• Portcullis Security Advisory 05-009
  • From: Paul J Docherty
• Security Contact for Nokia Mobile phone softwares
  • From: rohit
• [ GLSA 200501-20 ] o3read: Buffer overflow during file conversion
  • From: Thierry Carrez
• Fwd: APPLE-SA-2005-01-11 iTunes 4.7.1
  • From: David Ahmad
• IlohaMail Insecure Configuration Files
  • From: wang
• Re: Firespoofing [Firefox 1.0]
  • From: Pavel Kankovsky
• Re: DSL- Router Teledat 530 DoS
  • From: Stefan S.
• Re: [Full-Disclosure] Multi-vendor AV gateway image inspection bypass vulnerability
  • From: Darren Bounds
• Re: [Full-Disclosure] Multi-vendor AV gateway image inspection bypass vulnerability
  • From: Danny
• [NILESA-20050101]: Denial of Service vulnerability due to the mountd bug
  • From: Jonglim Yun
• [ GLSA 200501-22 ] poppassd_pam: Unauthorized password changing
  • From: Thierry Carrez
• Re: The Misuse of RC4 in Microsoft Word and Excel
  • From: Brendan Dolan-Gavitt
• [ GLSA 200501-13 ] pdftohtml: Vulnerabilities in included Xpdf
  • From: Thierry Carrez
• [USN-59-1] mailman vulnerabilities
  • From: Martin Pitt
• Squirrelmail vacation v0.15 local root exploit
  • From: LSS Security
• WMV (Windows Media Player) trojan in wild
  • From: Marc Bejarano
• Portcullis Security Advisory 05-008
  • From: Paul J Docherty
• Linux kernel i386 SMP page fault handler privilege escalation
  • From: Paul Starzetz
• Arkeia Possible remote root & information leakage
  • From: Maciej Bogucki
• [SECURITY] [DSA 635-1] New exim packages fix arbitrary code execution
  • From: Martin Schulze
• Security Advisory: BiTBOARD xss
  • From: Martin Heistermann
• [SECURITY] [DSA 636-1] New libc6 packages fix insecure temporary files
  • From: Martin Schulze
• [ GLSA 200501-23 ] Exim: Two buffer overflows
  • From: Matthias Geerdsen
• Is DEP easily evadable?
  • From: John Richard Moser
• Windows ANI File Parsing Proof Of Concept (MS05-002)
  • From: assaf404
• [waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNuke
  • From: Janek Vind
• [SECURITY] [DSA 638-1] New gopher packages fix several vulnerabilities
  • From: Martin Schulze
• [CLA-2005:915] Conectiva Security Announcement - php4
  • From: Conectiva Updates
• [SECURITY] [DSA 637-1] New exim-tls packages fix arbitrary code execution
  • From: Martin Schulze
• [CLA-2005:916] Conectiva Security Announcement - ethereal
  • From: Conectiva Updates
• XSS Vulnerability in ForumKIT
  • From: tom cruise
• [CLA-2005:917] Conectiva Security Announcement - krb5
  • From: Conectiva Updates
• Cross Site Scripting holes found in Horde 3.0
  • From: Hyperdose Security
• TSLSA-2005-0001 - multi
  • From: Trustix Security Advisor
• IE issue with percent 20
  • From: RSnake
• Re: Is DEP easily evadable?
  • From: Florian Weimer
• UPDATE: [ GLSA 200412-25 ] CUPS: Multiple vulnerabilities
  • From: Thierry Carrez
• InternetExploiter 3.2
  • From: Berend-Jan Wever
• Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack
  • From: CIRT Advisory
• Re: Is DEP easily evadable?
  • From: John Richard Moser
• MDKSA-2005:006 - Updated hylafax packages fix vulnerability
  • From: Mandrake Linux Security Team
• Re: Is DEP easily evadable?
  • From: Ben Pfaff
• SB2005002: pron to bypass APF checking uid(0) routine
  • From: x90c
• MDKSA-2005:007 - Updated imlib packages fix vulnerability
  • From: Mandrake Linux Security Team
• Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack
  • From: Hammud_Saway
• iDEFENSE Security Advisory 01.13.05 - Apple iTunes Playlist Parsing Buffer Overflow Vulnerability
  • From: customer service mailbox
• Server crash in Breed patch #1
  • From: Luigi Auriemma
• STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities
  • From: advisory
• iDEFENSE Security Advisory 01.13.05: MySQL MaxDB WebAgent websql logon Buffer Overflow Vulnerability
  • From: customer service mailbox
• iDEFENSE Security Advisory 01.13.05: SGI IRIX inpview Design Error Vulnerability
  • From: customer service mailbox
• Internet Explorer valid JavaScript-file successfull load detection local file enumeration
  • From: Berend-Jan Wever
• [CLA-2005:918] Conectiva Security Announcement - twiki
  • From: Conectiva Updates
• Re: Is DEP easily evadable?
  • From: John Richard Moser
• XSS Vulnerability in Siteman v1.1.9
  • From: Pedram hayati
• Paper: How to exploit overflow vulnerability under Fedora Core 2
  • From: vangelis vangelis
• Re: Is DEP easily evadable?
  • From: Ben Pfaff
• MDKSA-2005:005 - Updated nfs-utils packages fix 64bit vulnerability
  • From: Mandrake Linux Security Team
• Re: Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack
  • From: shadown
• new tool : the first remote PHP vulnerability scanner
  • From: bad boy
• Re: Multiple Firewall Products Bypass Vulnerability
  • From: Ansgar -59cobalt- Wiechers
• [SECURITY] [DSA 639-1] New mc packages fix several vulnerabilities
  • From: Martin Schulze
• iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer Overflow Vulnerability
  • From: customer service mailbox
• Re: rssh and scponly arbitrary command execution
  • From: Derek Martin
• iDefense iTunes advisory.
  • From: nemo
• [USN-60-0] Linux kernel vulnerabilities
  • From: Martin Pitt
• Various Vulnerabilities in SparkleBlog
  • From: Kovács László
• XSS in the nested BB tag in many forum
  • From: pigrelax
• Apple Airport WDS DoS
  • From: Dylan Griffiths
• RE: Various Vulnerabilities in SparkleBlog
  • From: Alan W. Rateliff, II
• exim dns_buld_reverse() proof-of-concept
  • From: Rafael San Miguel Carrasco
• [ GLSA 200501-25 ] Squid: Multiple vulnerabilities
  • From: Sune Kloppenborg Jeppesen
• [SECURITY] [DSA 640-1] New gatos packages fix arbitrary code execution
  • From: Martin Schulze
• [OpenPKG-SA-2005.002] OpenPKG Security Advisory (sudo)
  • From: OpenPKG
• [SECURITY] [DSA 641-1] New playmidi packages fix local root exploit
  • From: Martin Schulze
• [OpenPKG-SA-2005.003] OpenPKG Security Advisory (a2ps)
  • From: OpenPKG
• [SECURITY] [DSA 642-1] New gallery packages fix several vulnerabilities
  • From: Martin Schulze
• SUSE Security Announcement: php4/mod_php4 (SUSE-SA:2005:002)
  • From: Ludwig Nussel
• MDKSA-2005:008 - Updated cups packages fix multiple vulnerabilities
  • From: Mandrake Linux Security Team
• phpGiftReq SQL Injection
  • From: Madelman
• [SIG^2 G-TEC] NodeManager Professional V2.00 Buffer Overflow Vulnerability
  • From: chewkeong
• Minis directory traversal vulnerability
  • From: Madelman
• Multiple Vulnerabilities in Netgear FVS318 Router
  • From: Paul Kurczaba
• Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i
  • From: NGSSoftware Insight Security Research
• [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
  • From: Martin Schulze
• [SECURITY] [DSA 643-1] New queue packages fix buffer overflows
  • From: Martin Schulze
• IE HHCTRL exploit still usable even after patch
  • From: Valentin Avram
• UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : chroot A known exploit can break a chroot prison.
  • From: please_reply_to_security
• Novell GroupWise WebAccess error modules loading
  • From: Marc Ruef
• [USN-62-1] imagemagick vulnerability
  • From: Martin Pitt
• Netegrity SiteMinder smpwservicescgi.exe target specification
  • From: Marc Ruef
• [USN-63-1] MySQL client vulnerability
  • From: Martin Pitt
• Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations
  • From: Rafel Ivgi, The-Insider
• [USN-61-1] vim vulnerabilities
  • From: Martin Pitt
• Unrestricted I/O access vulnerability in INCA Gameguard
  • From: Ryu Connor
• Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability
  • From: Rafel Ivgi, The-Insider
• iDEFENSE Security Advisory 01.17.05: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability
  • From: customer service mailbox
• iDEFENSE Security Advisory 01.18.05 - Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow
  • From: customer service mailbox
• PeteFinnigan.com - Oracle security advisory
  • From: Pete Finnigan
• Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations
  • From: Berend-Jan Wever
• Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations
  • From: Markus Kern
• Cisco Security Advisory: Vulnerability in Cisco IOS Embedded Call Processing Solutions
  • From: Cisco Systems Product Security Incident Response Team
• RealPlayer Arbitrary File Deletion Vulnerability (#NISR19012005f)
  • From: NGSSoftware Insight Security Research
• MSN Heartbeat Control Buffer Overflow
  • From: NGSSoftware Insight Security Research
• RealPlayer Miscellaneous Vulnerabilities (#NISR19012005g)
  • From: NGSSoftware Insight Security Research
• Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a)
  • From: NGSSoftware Insight Security Research
• Darwin Kernel Vulnerability
  • From: nemo
• RealPlayer 'ShowPreferences' Buffer Overflow Vulnerability (#NISR19012005e)
  • From: NGSSoftware Insight Security Research
• Multiple vulnerabilities in the AtHoc Toolbar (#NISR19012005c)
  • From: NGSSoftware Insight Security Research
• iDEFENSE Security Advisory 01.19.05: MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities
  • From: Michael Sutton
• [SECURITY] [DSA 645-1] New CUPS packages fix arbitrary code execution
  • From: Martin Schulze
• Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations
  • From: Markus Kern
• [SECURITY] [DSA 646-1] New ImageMagick packages fix arbitrary code execution
  • From: Martin Schulze
• [SECURITY] [DSA 647-1] New mysql packages fix insecure temporary files
  • From: Martin Schulze
• Microsoft Internet Explorer HTML Help Control Vulnerability Still Exploitable After Patch
  • From: Valentin Avram
• fkey[v0.0.2]: local/remote file accessibility exploit.
  • From: Vade 79
• [USN-65-1] Apache utility script vulnerability
  • From: Martin Pitt
• [USN-66-1] PHP vulnerabilities
  • From: Martin Pitt
• [SECURITY] [DSA 651-1] New squid packages fix denial of service
  • From: Martin Schulze
• [USN-64-1] xpdf, CUPS vulnerabilities
  • From: Martin Pitt
• [SECURITY] [DSA 650-1] New sword packages fix arbitrary command execution
  • From: Martin Schulze
• [CLA-2005:920] Conectiva Security Announcement - libtiff3
  • From: Conectiva Updates
• [USN-67-1] Squid vulnerabilities
  • From: Martin Pitt
• Multiple vulnerabilities in Konversation
  • From: Wouter Coekaerts
• MDKSA-2005:011 - Updated xine packages fix multiple vulnerabilities
  • From: Mandrake Linux Security Team
• Integrigy Security Advisory - High Risk Security Issues in the Oracle Database and Oracle Applications
  • From: Integrigy Security
• Re: Darwin Kernel Vulnerability
  • From: neil
• MDKSA-2005:009 - Updated mpg123 packages fix vulnerability
  • From: Mandrake Linux Security Team
• MDKSA-2005:010 - Updated playmidi packages fix buffer overflow vulnerability
  • From: Mandrake Linux Security Team
• STG Security Advisory: [SSA-20050120-24] GForge 3.x directory traversal vulnerability
  • From: advisory
• STG Security Advisory: [SSA-20050120-22] JSBoard file disclosure vulnerability
  • From: advisory
• [SECURITY] [DSA 649-1] New xtrlock packages fix authentication bypass
  • From: Martin Schulze
• God Admin Injection Vulnerability in Siteman 1.0.x
  • From: Pedram hayati
• OpenServer 5.0.6 OpenServer 5.0.7 : bind remote attacker can poison the nameserver cache
  • From: please_reply_to_security
• [ GLSA 200501-26 ] ImageMagick: PSD decoding heap overflow
  • From: Sune Kloppenborg Jeppesen
• [SECURITY] [DSA 652-1] New unarj packages fix several vulnerabilities
  • From: Martin Schulze
• UnixWare 7.1.3 UnixWare 7.1.1 : OpenSSL Multiple Vulnerabilities
  • From: please_reply_to_security
• iDEFENSE Security Advisory 01.20.05: 3Com OfficeConnect Wireless 11g AP Information Disclosure Vulnerability
  • From: iDefense Customer Service
• [ GLSA 200501-27 ] Ethereal: Multiple vulnerabilities
  • From: Luke Macken
• SUSE Security Announcement: kernel local privilege escalation (SUSE-SA:2005:003)
  • From: Marcus Meissner
• Various Buffer Overflows in Oracle 10g Tools
  • From: Joxean Koret
• bug report comersus Back Office Lite 6.0 and 6.0.1
  • From: raf somers
• Mac OS X 10.3 iSync Privilege Escalation
  • From: Braden Thomas
• (MS05-002) Cursor and Icon Format Handling Vulnerability (PoC for all affected systems)
  • From: houseofdabus HOD
• Re: Advanced Guestbook
  • From: Stewart Souter
• PHRACK #63 CALL FOR PAPERS
  • From: rm
• Call for DEFCON Capture the Flag Organizers.
  • From: The Dark Tangent
• Re: Various Buffer Overflows in Oracle 10g Tools
  • From: David Litchfield
• [ GLSA 200501-29 ] Mailman: Cross-site scripting vulnerability
  • From: Luke Macken
• Arbitrary files overwriting through skins in DivX Player 2.6
  • From: Luigi Auriemma
• Microsoft NetDDE Service Unauthenticated Remote Buffer Overflow
  • From: NGSSoftware Insight Security Research
• ASH Hashing Algorithm
  • From: seasonedpaper
• [SECURITY] [DSA 653-1] New ethereal packages fix buffer overflow
  • From: Martin Schulze
• KDE Security Advisory: KOffice PDF Import Filter Vulnerability
  • From: Waldo Bastian
• Security Contact within RIM / Blackberry
  • From: Mark Litchfield
• [SECURITY] [DSA 654-1] New enscript packages fix several vulnerabilities
  • From: Martin Schulze
• KDE Security Advisory: Multiple vulnerabilities in Konversation
  • From: Waldo Bastian
• [ GLSA 200501-28 ] Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2
  • From: Thierry Carrez
• [ GLSA 200501-30 ] CUPS: Stack overflow in included Xpdf code
  • From: Thierry Carrez
• Siteman User Database Line Insertion Vulnerability
  • From: shoalie sefid
• RealVNC Contact
  • From: DSGM
• Re: Novell GroupWise WebAccess error modules loading
  • From: Jonathan Rockway
• Internet Explorer URL obfuscation.
  • From: Stewart, Graeme
• Netscape Overflow.
  • From: Carlos Ulver
• [KDE Security Advisory] kpdf Buffer Overflow Vulnerability
  • From: Dirk Mueller
• [ GLSA 200501-33 ] MySQL: Insecure temporary file creation
  • From: Luke Macken
• [ GLSA 200501-32 ] KPdf, KOffice: Stack overflow in included Xpdf code
  • From: Sune Kloppenborg Jeppesen
• Re: Internet Explorer URL obfuscation.
  • From: Berend-Jan Wever
• SUSE Security Announcement: Realplayer 8 (SUSE-SA:2005:004)
  • From: Marcus Meissner
• SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow
  • From: 3APA3A
• Local buffer-overflow in W32Dasm 8.93
  • From: Luigi Auriemma
• Portcullis Security Advisory 05-002 Spectrum Cash Receipting System Weak Password Encryption
  • From: Paul J Docherty
• MDKSA-2005:012 - Updated zhcon packages fix vulnerability
  • From: Mandrake Linux Security Team
• Multiple vulnerabilities in MercuryBoard 1.1.1
  • From: Alberto Trivero
• English-language version of K-OTik.COM launched today !
  • From: K-OTiK Security
• iDEFENSE Security Advisory 01.24.05: DataRescue Interactive Disassembler Pro Buffer Overflow Vulnerability
  • From: iDefense Customer Service
• [ GLSA 200501-35 ] Evolution: Integer overflow in camel-lock-helper
  • From: Luke Macken
• MDKSA-2005:013 - Updated ethereal packages fix multiple vulnerabilities
  • From: Mandrake Linux Security Team
• [SECURITY] [DSA 657-1] New xine-lib packages fix arbitrary code execution
  • From: Martin Schulze
• logwatch and logrotate might create a blind spot in reporting
  • From: Sami Pitko
• [SECURITY] [DSA 656-1] New vdr packages fix insecure file access
  • From: Martin Schulze
• [SECURITY] [DSA 655-1] New zhcon packages fix unauthorised file access
  • From: Martin Schulze
• Vulnerabilities in eXponent 0.95
  • From: Ahmad Muammar
• MDKSA-2005:015 - Updated mailman packages fix vulnerabilities
  • From: Mandrake Linux Security Team
• MDKSA-2005:014 - Updated squid packages fix multiple vulnerabilities
  • From: Mandrake Linux Security Team
• [USN-68-1] enscript vulnerabilities
  • From: Martin Pitt
• Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow
  • From: Michael Hampton
• [USN-69-1] Evolution vulnerability
  • From: Martin Pitt
• [ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilities
  • From: Thierry Carrez
• Re: ADVISORY: security hole (http response splitting) in snitz forums 2000
  • From: Harold Lines
• Re: "Local" and "Remote" considered insufficient
  • From: Frank Knobbe
• [USN-70-1] Perl DBI module vulnerability
  • From: Martin Pitt
• [CLA-2005:921] Conectiva Security Announcement - xpdf
  • From: Conectiva Updates
• [SECURITY] [DSA 658-1] New libdbi-perl packages fix insecure temporary file
  • From: Martin Schulze
• phpEventCalendar HTML injection
  • From: Madelman
• [ GLSA 200501-36 ] AWStats: Remote code execution
  • From: Luke Macken
• wifi AP + broadcoast ping
  • From: Miroslav Kubik
• OpenServer 5.0.6 OpenServer 5.0.7 : scosessoin local privilege elevation
  • From: please_reply_to_security
• OpenServer 5.0.6 OpenServer 5.0.7 : wu-ftp local users can bypass access restrictions
  • From: please_reply_to_security
• MDKSA-2005:022 - Updated cups packages fix multiple vulnerabilities
  • From: Mandrake Linux Security Team
• List of all admin accounts in phpBB
  • From: Predrag Damnjanovic
• MDKSA-2005:020 - Updated kdegraphics packages fix buffer overflow vulnerability
  • From: Mandrake Linux Security Team
• DMA[2005-0125a] - 'berlios gpsd format string vulnerability'
  • From: KF (Lists)
• MDKSA-2005:017 - Updated xpdf packages fix buffer overflow vulnerability
  • From: Mandrake Linux Security Team
• Cisco Security Advisory: Multiple Crafted IPv6 Packets Cause Reload
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Misformed BGP Packet Causes Reload
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Crafted Packet Causes Reload on Cisco Routers
  • From: Cisco Systems Product Security Incident Response Team
• UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : x.org possible local socket hijacking
  • From: please_reply_to_security
• [SECURITY] [DSA 660-1] New kdebase packages fix authentication bypass
  • From: Martin Schulze
• Re: [ GLSA 200501-36 ] AWStats: Remote code execution
  • From: Delian Krustev
• iDEFENSE Security Advisory 01.26.05: Openswan XAUTH/PAM Buffer Overflow Vulnerability
  • From: iDefense Customer Service
• Black Hat new content on-line & Registration now open for Asia and Europe.
  • From: Jeff Moss
• [SECURITY] [DSA 659-1] New libpam-radius-auth packages fix several vulnerabilities
  • From: Martin Schulze
• MDKSA-2005:016 - Updated gpdf packages fix buffer overflow vulnerability
  • From: Mandrake Linux Security Team
• MDKSA-2005:018 - Updated cups packages fix buffer overflow vulnerability
  • From: Mandrake Linux Security Team
• MDKSA-2005:019 - Updated koffice packages fix buffer overflow vulnerability
  • From: Mandrake Linux Security Team
• MDKSA-2005:021 - Updated tetex packages fix buffer overflow vulnerability
  • From: Mandrake Linux Security Team
• Multiple Vulnerabilities in Pocket IE
  • From: kers0r
• Re: List of all admin accounts in phpBB
  • From: Aaron Klein
• [CLA-2005:923] Conectiva Security Announcement - squid
  • From: Conectiva Updates
• Re: logwatch and logrotate might create a blind spot in reporting
  • From: The Tibetan Traveller
• HKLM locking
  • From: Vladimir Kraljevic
• NSFOCUS SA2005-01 : Buffer Overflow in WinAMP in_cdda.dll CDA Device Name
  • From: NSFOCUS Security Team
• Ingate Firewall: Removed PPTP tunnels not deactivated
  • From: Per Cederqvist
• DMA[2005-0127a] - 'Apple OSX batch family poor use of setuid'
  • From: KF (Lists)
• NOVL-2005-10096251 GroupWise WebAccess Error modules loading (report)
  • From: Ed Reed
• [Contact] Motorola broadband appliance team?
  • From: William A. Rowe, Jr.
• [SIG^2 G-TEC] Magic Winmail Server v4.0 Multiple Vulnerabilities
  • From: chewkeong
• UEBIMIAU <= 2.7.2 MULTIPLES VULNERABILITIES
  • From: Nash Leon
• [ GLSA 200501-38 ] Perl: rmtree and DBI tmpfile vulnerabilities
  • From: Thierry Carrez
• [ GLSA 200501-37 ] GraphicsMagick: PSD decoding heap overflow
  • From: Thierry Carrez
• [SECURITY] [DSA 661-1] New f2c packages fix insecure temporary files
  • From: Martin Schulze
• MDKSA-2005:024 - Updated evolution packages fix vulnerability
  • From: Mandrakelinux Security Team
• WarFTPD 1.82 RC9 DoS
  • From: MC.Iglo
• Multiple vulnerabilities in Alt-N WebAdmin <= 3.0.2
  • From: David Alonso Pérez
• [ GLSA 200501-39 ] SquirrelMail: Multiple vulnerabilities
  • From: Sune Kloppenborg Jeppesen
• WebWasher Classic - HTTP CONNECT weakness
  • From: Oliver Karow
• [OpenPKG-SA-2005.004] OpenPKG Security Advisory (sasl)
  • From: OpenPKG
• Re: UEBIMIAU <= 2.7.2 MULTIPLES VULNERABILITIES
  • From: pokley
• Multiple vulnerabilities in Icewarp Web Mail 5.3.0: New holes
  • From: ShineShadow
• Winamp Exploit (POC) 5.08 Stack Overflow
  • From: Rojodos
• RE: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow
  • From: David LeBlanc
• Re: Unrestricted I/O access vulnerability in INCA Gameguard
  • From: David Roberts
• [ GLSA 200501-40 ] ngIRCd: Buffer overflow
  • From: Thierry Carrez
• Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow
  • From: Damien Miller
• RE: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow
  • From: David LeBlanc
• SquirrelMail Security Advisory
  • From: Jonathan Angliss
• Re: List of all admin accounts in phpBB
  • From: Paul Laudanski
• Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow
  • From: Lee Dilkie
• XSS in Infinite Mobile Delivery v2.6 Webmail
  • From: steven