Mail Index

• Thread Index

• [ GLSA 200501-42 ] VDR: Arbitrary file overwriting issue
  • From: Thierry Carrez
• [ GLSA 200501-43 ] f2c: Insecure temporary file creation
  • From: Thierry Carrez
• [ GLSA 200501-44 ] ncpfs: Multiple vulnerabilities
  • From: Thierry Carrez
• WASC-Articles: "The 80/20 Rule for Web Application Security"
  • From: robert
• Security Bulletin - SSRT4875 rev.1 - HP Tru64 UNIX Java (TM) Technology Software Denial of Service (DoS)
  • From: Boren, Rich (SSRT)
• [ GLSA 200501-41 ] TikiWiki: Arbitrary command execution
  • From: Sune Kloppenborg Jeppesen
• drone armies C&C report - Jan/2005
  • From: Gadi Evron
• Re[2]: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow
  • From: 3APA3A
• Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow
  • From: Casper . Dik
• Broadcast crash in Xpand Rally 1.0.0.0
  • From: Luigi Auriemma
• [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability
  • From: Luke Macken
• Re: Winamp Exploit (POC) 5.08 Stack Overflow
  • From: Black Dot
• Re: iDEFENSE Security Advisory 01.24.05: DataRescue Interactive Disassembler Pro Buffer Overflow Vulnerability
  • From: dila
• [PersianHacker.net] Full Path Disclosure and PHP Injection In Pafiledb 3.1 Final
  • From: Pedram hayati
• Zyxel / Netgear and probably other routers leaking information.
  • From: Jens Kalvik
• New Whitepaper available on security best practices
  • From: Gunter Ollmann
• Re: [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability
  • From: Paul Laudanski
• MDKSA-2005:025 - Updated clamav packages fix vulnerability
  • From: Mandrakelinux Security Team
• [ GLSA 200501-46 ] ClamAV: Multiple issues
  • From: Sune Kloppenborg Jeppesen
• SAME LADY, DIFFERENT HAT: REELY
  • From: http-equiv@xxxxxxxxxx
• [ Security Bulletin] SSRT5900 rev.0 HP-UX TGA daemon remote Denial of Service (DoS)
  • From: Boren, Rich (SSRT)
• [USN-71-1] PostgreSQL vulnerability
  • From: Martin Pitt
• [SECURITY] [DSA 663-1] New prozilla packages fix arbitrary code execution
  • From: Martin Schulze
• [SECURITY] [DSA 662-1] New squirrelmail package fixes several vulnerabilities
  • From: Martin Schulze
• [ GLSA 200502-01 ] FireHOL: Insecure temporary file creation
  • From: Matthias Geerdsen
• Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues
  • From: Trog
• Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues
  • From: Dack
• Re:WinAmp POC: How to get 900+ shellcodespace!?
  • From: lists
• [SECURITY] [DSA 664-1] New cpio packages fix insecure file permissions
  • From: Martin Schulze
• Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues
  • From: Darren Bounds
• MDKSA-2005:028 - Updated ncpfs packages fix vulnerabilities
  • From: Mandrakelinux Security Team
• SQL injection in EveryDNS.net Service
  • From: Calum Power
• MDKSA-2005:026 - Updated imap packages fix authentication vulnerability
  • From: Mandrakelinux Security Team
• MDKSA-2005:027 - Updated chbg packages fix vulnerability
  • From: Mandrakelinux Security Team
• Limited buffer-overflow in Painkiller 1.35
  • From: Luigi Auriemma
• 7a69Adv#19 - ZipGenius unpack path disclosure
  • From: Albert Puigsech Galicia
• Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues
  • From: Trog
• [USN-72-1] Perl vulnerabilities
  • From: Martin Pitt
• [ GLSA 200502-03 ] enscript: Multiple vulnerabilities
  • From: Thierry Carrez
• [FLSA-2005:2255] Updated zip package fixes security issue
  • From: Marc Deslauriers
• [FLSA-2005:2272] Updated unarj package fixes security issue
  • From: Marc Deslauriers
• [ GLSA 200502-02 ] UW IMAP: CRAM-MD5 authentication bypass
  • From: Sune Kloppenborg Jeppesen
• 7a69Adv#20 - ZipGenius unpack one-folder path disclosure
  • From: Albert Puigsech Galicia
• [SIG^2 G-TEC] DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities
  • From: chewkeong
• 7a69Adv#21 - WinRAR unpack one-folder path disclosure
  • From: Albert Puigsech Galicia
• [FLSA-2005:2187] Updated freeradius packages fix security flaws
  • From: Marc Deslauriers
• Portcullis Advisory 05-005 Update, Webseries Payment Application
  • From: Paul J Docherty
• Portcullis Advisory 05-001 Update, Webseries Payment Application
  • From: Paul J Docherty
• Portcullis Advisory 05-006 Update, Webseries Payment Application
  • From: Paul J Docherty
• Portcullis Advisory 05-007 Update, Webseries Payment Application
  • From: Paul J Docherty
• Portcullis Advisory 05-008 Update, Webseries Payment Application
  • From: Paul J Docherty
• Gallery is still vulnerable to Cross-site Scripting attacks
  • From: Jon Keating
• Windows Security Checklists - 10 Parts
  • From: Paul Laudanski
• Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues
  • From: exon
• Portcullis Advisory 05-009 Update, Webseries Payment Application
  • From: Paul J Docherty
• Re[2]: WinAmp POC: How to get 900+ shellcodespace!?
  • From: Viktor E Larionov
• Google getting smarter ?!?!
  • From: John Madden
• [ GLSA 200502-04 ] Squid: Multiple vulnerabilities
  • From: Sune Kloppenborg Jeppesen
• Re: [Full-Disclosure] [ GLSA 200501-40 ] ngIRCd: Buffer overflow
  • From: qobaiashi
• SV: Zyxel / Netgear and probably other routers leaking information.
  • From: Jens Kalvik
• [ GLSA 200502-05 ] Newspost: Buffer overflow vulnerability
  • From: Luke Macken
• MDKSA-2005:029 - Updated vim packages fix vulnerabilities
  • From: Mandrakelinux Security Team
• New presentation: Advanced SQL Injection in Oracle databases
  • From: Esteban Martínez Fayó
• RE: Google getting smarter ?!?!
  • From: Scott Jacobson
• RE: SECURITEY.NNOV.RU NewsPost buffer overflow [EXPLOIT]
  • From: cybertronic
• ngIRCd <= v0.8.2 Format String Vulnerability
  • From: CoKi
• Python Security Advisory PSF-2005-001 - SimpleXMLRPCServer.py
  • From: Guido van Rossum
• DoS in LANChat Pro Revival 1.666c
  • From: Donato Ferrante
• [Linux kernel ipv6_setsockopt integer overflow]
  • From: qobaiashi
• [USN-73-1] Python vulnerability
  • From: Martin Pitt
• [ RSTACK Public Security Advisory ] Remote DOS against Linksys PSUS4
  • From: laurent oudot
• Re: [Linux kernel ipv6_setsockopt integer overflow]
  • From: Dan Yefimov
• Wireless networks/Default Admin username security problem in Croatia
  • From: Radoslav Dejanović
• [SECURITY] [DSA 666-1] New Python2.2 packages fix unauthorised XML-RPC internals access
  • From: Martin Schulze
• Exploit For Savant Web Server 3.1 (tested on win2003)
  • From: CorryL
• Input Validation Vulnerability in Apple Safari version 1.2.4 v125.12
  • From: Jonathan Rockway
• [SECURITY] [DSA 667-1] New PostgreSQL packages fix arbitrary library loading
  • From: Martin Schulze
• Re: [ RSTACK Public Security Advisory ] Remote DOS against Linksys PSUS4
  • From: Denis Jedig
• Re: Squirrelmail vacation v0.15 local root exploit
  • From: p dont think
• [SECURITY] [DSA 667-1] New squid packages fix several vulnerabilities
  • From: Martin Schulze
• Webroot Software Resigns from COAST
  • From: Paul Laudanski
• Re: Input Validation Vulnerability in Apple Safari version 1.2.4 v125.12
  • From: Nicolas Gregoire
• Re: Wireless networks/Default Admin username security problem in Croatia
  • From: Denis Jedig
• Foxmail Server Remote Buffer Overflow Vulnerability
  • From: Xin Ouyang
• directory traversal in RaidenHTTPD 1.1.27
  • From: Donato Ferrante
• [PersianHacker.NET 200502-05] WWWoard passwd
  • From: Pedram Hayati
• [USN-74-2] Fixed Postfix packages for USN-74-1
  • From: Martin Pitt
• [USN-74-1] Postfix vulnerability
  • From: Martin Pitt
• [USN-75-1] cpio vulnerability
  • From: Martin Pitt
• Re: [USN-74-1] Postfix vulnerability
  • From: Wietse Venema
• [SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities
  • From: Martin Schulze
• XSS Vulnerability at thefacebook.com
  • From: Jonathan Rockway
• VOIPSEC
  • From: VoIP Security Aliance
• New version of ike-scan (IPsec IKE scanner) available - v1.7
  • From: Roy Hills
• [OSX Finder] DS_Store arbitrary file overwrite vulnerability.
  • From: Vade 79
• DMA[2005-0131a] - 'Setuid Perl PERLIO_DEBUG root owned file creation'
  • From: KF (lists)
• Vulnerability in 3Com 3CServer v1.1
  • From: mandragore
• DMA[2005-0131b] - 'Setuid Perl PERLIO_DEBUG buffer overflow'
  • From: KF (lists)
• [USN-76-1] Emacs vulnerability
  • From: Martin Pitt
• [ GLSA 200502-07 ] OpenMotif: Multiple vulnerabilities in libXpm
  • From: Thierry Carrez
• [USN-77-1] Squid vulnerabilities
  • From: Martin Pitt
• Re: [Contact] Motorola broadband appliance team?
  • From: Grzegorz Cegielski
• [ GLSA 200502-06 ] LessTif: Multiple vulnerabilities in libXpm
  • From: Thierry Carrez
• iDEFENSE Security Advisory 02.07.05: SquirrelMail S/MIME Plugin Command Injection Vulnerability
  • From: iDefense Customer Service
• [Security Bulletin] HP Tru64 Unix Mozilla Application Suite 1.7.3 Remote Denial of Service (DoS)
  • From: Boren, Rich (SSRT)
• [ GLSA 200502-08 ] PostgreSQL: Local privilege escalation
  • From: Luke Macken
• OpenServer 5.0.6 OpenServer 5.0.7 : Vulnerabilities in long-lived TCP connections / Rose attack
  • From: please_reply_to_security
• Firedragging [Firefox 1.0]
  • From: mikx
• Fireflashing [Firefox 1.0]
  • From: mikx
• Firetabbing [Firefox 1.0]
  • From: mikx
• [SePro Bugtraq] SQL-Injection in PerlDesk 1.x
  • From: deluxe
• GMail / Google Groups ESMTP software b0f
  • From: Michal Zalewski
• UnixWare 7.1.4 : racoon multilple security issues
  • From: please_reply_to_security
• International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Brandon Kovacs
• CodeCon Reminder
  • From: Len Sassaman
• UnixWare 7.1.3 UnixWare 7.1.1 : Vulnerabilities in long-lived TCP connections / Rose attack
  • From: please_reply_to_security
• iDEFENSE Security Advisory 02.07.05: IBM AIX chdev Local Format String Vulnerability
  • From: iDefense Customer Service
• php-fusion 4.x vuln
  • From: thegreatone2176
• RE: International Domain Name [IDN] - browser-level fix (not network.enableIDN)
  • From: Scovetta, Michael V
• UnixWare 7.1.4 : vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands
  • From: please_reply_to_security
• CORE-2004-0819: MSN Messenger PNG Image Parsing Vulnerability
  • From: CORE Security Technologies Advisories
• AppleFileServer Denial of Service.
  • From: nemo
• OpenServer 5.0.6 OpenServer 5.0.7 : enable command line buffer overflows
  • From: please_reply_to_security
• iDEFENSE Security Advisory 02.08.05: IBM AIX auditselect Local Format String Vulnerability
  • From: iDefense Customer Service
• [SECURITY] [DSA 670-1] New emacs20 packages fix arbitrary code execution
  • From: Martin Schulze
• [SECURITY] [DSA 671-1] New xemacs21 packages fix arbitrary code execution
  • From: Martin Schulze
• [PersianHacker.NET 200502-05] WWWoard passwd
  • From: Andrew guess
• mailman email harvester
  • From: Bernhard Kuemel
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Jerome ATHIAS
• SafeNet SoftRemote VPN Client Issue: Clear-text password stored in memory
  • From: Roy Hills
• EEYE: Windows SMB Client Transaction Response Handling Vulnerability
  • From: Marc Maiffret
• Integer overflow and arbitrary files deletion in RealArcade 1.2.0.994
  • From: Luigi Auriemma
• [SIG^2 G-TEC] 602LAN SUITE Web Mail Vulnerability Allows File Upload to Arbitrary Directories
  • From: chewkeong
• [SCL-2005.002] - IDN Feature Workaround via proxy.pac
  • From: Scovetta, Michael V
• GREENAPPLE Release
  • From: Dave Aitel
• Finjan Security Advisory: Microsoft Office XP Remote Buffer Overflow Vulnerability
  • From: Rafel Ivgi
• MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit
  • From: ATmaCA ATmaCA
• Internet Explorer zone spoofing with encoded URLs
  • From: Jouko Pynnonen
• [ GLSA 200502-10 ] pdftohtml: Vulnerabilities in included Xpdf
  • From: Matthias Geerdsen
• MDKSA-2005:031 - Updated perl packages fix multiple vulnerabilities
  • From: Mandrakelinux Security Team
• [SIG^2 G-TEC] ArGoSoft Mail Server Webmail Multiple Directory Traversal Vulnerabilities
  • From: chewkeong
• [Security Bulletin] - SSRT4883 HP-UX ftpd remote privileged access
  • From: Boren, Rich (SSRT)
• Mercuryboard <= 1.1.1 Working Sql Injection
  • From: Zeelock
• Several SQL injection bugs in myPHP Forum v.1.0
  • From: foster GHC
• [ GLSA 200502-09 ] Python: Arbitrary code execution through SimpleXMLRPCServer
  • From: Thierry Carrez
• Some details about MS05-007 security bulletin
  • From: Jean-Baptiste Marchand
• RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit
  • From: Andrew Hunter
• RE: International Domain Name [IDN] - browser-level fix (not network.enableIDN)
  • From: R Dicaire
• RE: International Domain Name [IDN] support in modern browsers al lows attackers to spoof domain name URLs + SSL certs.
  • From: Randal, Phil
• CFP for SyScAN'05
  • From: organiser@xxxxxxxxxx
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Simon Ãstengaard
• Patch available for high risk IBM DB2 Universal Database flaw
  • From: NGSSoftware Insight Security Research
• Re: GMail / Google Groups ESMTP software b0f
  • From: Heather Adkins
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Will Kamishlian
• [SECURITY] [DSA 672-1] New xview packages fix potential arbitrary code execution
  • From: Martin Schulze
• SQL injection in Chipmunk forums
  • From: foster GHC
• Paper: Solution to Red Hat PIE Protection
  • From: Zarul Shahrin
• CMS Core SQL injection
  • From: foster GHC
• yet another DSL modem backdoor - Mentor (Conexant)
  • From: Adam Laurie
• [Security Bulletin] SSRT4861 rev.0 - HP-UX BIND9.2.0 remote Denial of Service (DoS)
  • From: Boren, Rich (SSRT)
• SUSE Security Announcement: squid (SUSE-SA:2005:006)
  • From: Thomas Biege
• Re: yet another DSL modem backdoor - Mentor (Conexant)
  • From: Philip Barnham
• iDEFENSE Security Advisory 02.10.05: IBM AIX lspath Local File Access Vulnerability
  • From: iDefense Customer Service
• [SECURITY] [DSA 674-1] New mailman packages fix several vulnerabilities
  • From: Martin Schulze
• Re: International Domain Name [IDN] support in modern browsers al lows attackers to spoof domain name URLs + SSL certs.
  • From: Marcin Sochacki
• [SECURITY] [DSA 673-1] New evolution packages fix arbitrary code execution as root
  • From: Martin Schulze
• iDEFENSE Security Advisory 02.10.05: IBM AIX netpmon Local Buffer Overflow Vulnerability
  • From: iDefense Customer Service
• Barracuda Spam Firewall <= 3.1.10 acts as open relay for whitelisted senders.
  • From: Sean Sosik-Hamor
• iDEFENSE Security Advisory 02.10.05: IBM AIX ipl_varyon Local Buffer Overflow Vulnerability
  • From: iDefense Customer Service
• [ GLSA 200502-11 ] Mailman: Directory traversal vulnerability
  • From: Sune Kloppenborg Jeppesen
• Re: iDEFENSE Security Advisory 02.07.05: IBM AIX chdev Local Format String Vulnerability
  • From: Shiva Persaud
• Re: iDEFENSE Security Advisory 02.08.05: IBM AIX auditselect Local Format String Vulnerability
  • From: Shiva Persaud
• [USN-78-1] Mailman vulnerability
  • From: Martin Pitt
• [FLSA-2005:1943] Updated libpng resolves security vulnerabilities
  • From: Dominic Hargreaves
• [FLSA-2005:1906] Updated abiword packages fix security issue
  • From: Dominic Hargreaves
• [SECURITY] [DSA 675-1] New hztty packages fix local utmp exploit
  • From: Martin Schulze
• [USN-79-1] PostgreSQL vulnerabilities
  • From: Martin Pitt
• Re: Finjan Security Advisory: Microsoft Office XP Remote Buffer Overflow Vulnerability
  • From: Derek Martin
• RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit
  • From: Thor Larholm
• RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit
  • From: Color Inc.
• secure-roster script to address mailman email harvester
  • From: Neal McBurnett
• Re: iDEFENSE Security Advisory 02.10.05: IBM AIX netpmon Local Buffer Overflow Vulnerability
  • From: Shiva Persaud
• Re: iDEFENSE Security Advisory 02.10.05: IBM AIX lspath Local File Access Vulnerability
  • From: Shiva Persaud
• HACKING WITH JAVASCRIPT
  • From: hictor ertd
• Symantec UPX Parsing Engine Heap Overflow
  • From: Neil Watson
• ASPjar guestbook (Injection in login page)
  • From: farhad koosha
• RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit
  • From: Andrew Hunter
• iDEFENSE Security Advisory 02.09.05: CA BrightStor ARCserve Backup v11 Discovery Service Remote Buffer Overflow
  • From: iDefense Customer Service
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Peter J. Holzer
• Re:iDEFENSE Security Advisory 02.10.05: IBM AIX ipl_varyon Local Buffer Overflow Vulnerability
  • From: Shiva Persaud
• Crashes and socket unreacheable in Armagetron Advanced 0.2.7.0
  • From: Luigi Auriemma
• UPDATE: [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability
  • From: Luke Macken
• TSLSA-2005-0003 - multi
  • From: Trustix Security Advisor
• [SECURITY] [DSA 678-1] New netkit-rwho packages fix denial of service
  • From: Martin Schulze
• MDKSA-2005:032 - Updated cpio packages fix vulnerability
  • From: Mandrakelinux Security Team
• MDKSA-2005:033 - Updated enscript packages fix multiple vulnerabilities
  • From: Mandrakelinux Security Team
• MDKSA-2005:034 - Updated squid packages fix multiple vulnerabilities
  • From: Mandrakelinux Security Team
• MDKSA-2005:035 - Updated python packages fix vulnerability
  • From: Mandrakelinux Security Team
• MDKSA-2005:036 - Updated MySQL packages fix temporary file vulnerability
  • From: Mandrakelinux Security Team
• Remotely Controlling XSS Attacks - Announcing XSS-Proxy
  • From: Rager, Anton (Anton)
• [SECURITY] [DSA 674-2] New mailman packages really fix several vulnerabilities
  • From: Martin Schulze
• insecure temporary file creation in kdelibs 3.3.2
  • From: Davide Madrisan
• Re: Symantec UPX Parsing Engine Heap Overflow
  • From: James Riden
• [SECURITY] [DSA 676-1] New xpcd packages fix arbitrary code execution as root
  • From: Martin Schulze
• [SECURITY] [DSA 677-1] New sympa packages fix potential arbitrary code execution
  • From: Martin Schulze
• [FLSA-2005:2188] Updated gaim package resolves security issues
  • From: Marc Deslauriers
• [USN-81-1] iptables vulnerability
  • From: Martin Pitt
• [USN-80-1] mod_python vulnerability
  • From: Martin Pitt
• [FLSA-2005:2352] Updated Xpdf package fixes security issues
  • From: Marc Deslauriers
• [FLSA-2005:2252] Updated iptables packages resolve security issues
  • From: Marc Deslauriers
• [FLSA-2005:2353] Updated gpdf package fixes security issues
  • From: Marc Deslauriers
• BrightStor ARCserve Backup buffer overflow PoC
  • From: cybertronic
• Re: HACKING WITH JAVASCRIPT
  • From: Cleiton Martins
• Re: HACKING WITH JAVASCRIPT
  • From: Jim Halfpenny
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Scott Gifford
• SYM05-003 Symantec UPX Parsing Engine Heap Overflow
  • From: secure
• Zone Labs Security Alert ZL05-01: Zone Labs IPC Instability
  • From: Zone Labs Product Security
• [ GLSA 200502-13 ] Perl: Vulnerabilities in perl-suid wrapper
  • From: Thierry Carrez
• [ GLSA 200502-12 ] Webmin: Information leak in Gentoo binary package
  • From: Thierry Carrez
• iDEFENSE Security Advisory 02.11.05: ZoneAlarm 5.1 Invalid Pointer Dereference Vulnerability
  • From: iDefense Customer Service
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Neil W Rickert
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Scott Gifford
• MDKSA-2005:032-1 - Updated cpio packages fix vulnerability
  • From: Mandrakelinux Security Team
• Symantec UPX issue solution
  • From: Roger A. Grimes
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Janusz A. Urbanowicz
• Re: [Full-Disclosure] Fireflashing [Firefox 1.0]
  • From: Jelmer Kuperus
• Re: Advanced Guestbook 2.2 -- SQL Injection Exploit
  • From: mary
• Infostring crash and shutdown in the Quake 3 engine
  • From: Luigi Auriemma
• exim auth_spa_server() PoC exploit
  • From: Yuri Gushin
• Re: BrightStor ARCserve Backup buffer overflow PoC
  • From: H D Moore
• [CLA-2005:924] Conectiva Security Announcement - XFree86
  • From: Conectiva Updates
• [SECURITY] [DSA 679-1] New toolchain-source package fixes insecure temporary files
  • From: Martin Schulze
• [SECURITY] [DSA 680-1] New htdig packages fix cross-site scripting vulnerability
  • From: Martin Schulze
• [ GLSA 200502-14 ] mod_python: Publisher Handler vulnerability
  • From: Sune Kloppenborg Jeppesen
• Re: BrightStor ARCserve Backup buffer overflow PoC
  • From: H D Moore
• RE: International Domain Name [IDN] support in modern browsers al lows attackers to spoof domain name URLs + SSL certs.
  • From: Michael Wojcik
• [ GLSA 200502-16 ] ht://Dig: Cross-site scripting vulnerability
  • From: Luke Macken
• [ GLSA 200502-15 ] PowerDNS: Denial of Service vulnerability
  • From: Matthias Geerdsen
• [SECURITY] [DSA 681-1] New synaesthesia packages fix unauthorised file access
  • From: Martin Schulze
• AWStats <= 6.4 Multiple vulnerabilities
  • From: [ru]@securityfocus.com@www.securityfocus.com
• RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: David Schwartz
• Credit Card Phishing with executable download
  • From: Gandalf The White
• eBay Account Phishing with eBay Redirect
  • From: Steven
• vbulletin 3.0.x PHP code execution
  • From: AL3NDALEEB
• Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185
  • From: James Lay
• [NOBYTES.COM: #2] CubeCart 2.0.4 - Multiple Vulnerabilities
  • From: John Cobb
• Re: eBay Account Phishing with eBay Redirect
  • From: Josh Tolley
• [ GLSA 200502-17 ] Opera: Multiple vulnerabilities
  • From: Sune Kloppenborg Jeppesen
• [ GLSA 200502-19 ] PostgreSQL: Buffer overflows in PL/PgSQL parser
  • From: Sune Kloppenborg Jeppesen
• [SECURITY] [DSA 683-1] New postgresql packages fix arbitrary code execution
  • From: Martin Schulze
• ASPjar Guestbook login.asp not official patch
  • From: CorryL
• Re: AWStats <= 6.4 Multiple vulnerabilities
  • From: Ondra Holecek
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Vincent Archer
• [SECURITY] [DSA 682-1] New awstats packages fix arbitrary command execution
  • From: Martin Schulze
• Re: eBay Account Phishing with eBay Redirect
  • From: Nick FitzGerald
• Re: vbulletin 3.0.x PHP code execution
  • From: pokley
• MDKSA-2005:037 - Updated mailman packages fix directory traversal vulnerability
  • From: Mandrakelinux Security Team
• Re: eBay Account Phishing with eBay Redirect
  • From: Jonathan Rockway
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: bkfsec
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?
  • From: Jamie Pratt
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?
  • From: Ondra Holecek
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Gwendolynn ferch Elydyr
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Thor (Hammer of God)
• IE6 SP1 - Click N Crash
  • From: ViPeR
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: bkfsec
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: bkfsec
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?
  • From: Herman Sheremetyev
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Sebastian
• RE: eBay Account Phishing with eBay Redirect
  • From: Thomas T. Evans, III
• Re: eBay Account Phishing with eBay Redirect
  • From: Jay Calvert
• Re: IE6 SP1 - Click N Crash is old news
  • From: Berend-Jan Wever
• RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185 Correction
  • From: James Lay
• Scottrader Application Exploit
  • From: Ben Efros
• Scottsave.com Trade History Exploit
  • From: Ben Efros
• [NOBYTES.COM: #3] osCommerce 2.2-MS2 - XSS Vulnerability
  • From: John Cobb
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?
  • From: Ondra Holecek
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?
  • From: Jeffrey Wilkinson
• RE: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?
  • From: William Pratt
• RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB886185
  • From: Threlkeld, Richard
• RE: eBay Account Phishing with eBay Redirect
  • From: Israel Torres
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?
  • From: twebster
• RE: [Full-Disclosure] RE: Microsoft Baseline Security Analyzer no t seeing KB887742 and KB886185
  • From: Randal, Phil
• XSS in MySpace.com RuWeb.net and Primus.com
  • From: Chris
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?
  • From: Jamie Pratt
• [Full Disclosure] Using DHTML XSS to launch HHCTRL exploit
  • From: Valentin Avram
• [CLA-2005:925] Conectiva Security Announcement - evolution
  • From: Conectiva Updates
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?
  • From: Thom Craver
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Thor (Hammer of God)
• Re: vbulletin 3.0.x PHP code execution
  • From: AL3NDALEEB.
• Re: BrightStor ARCserve Backup buffer overflow PoC
  • From: Williams, James K
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: George Capehart
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?
  • From: K-OTiK Security
• MDKSA-2005:038 - Updated emacs/xemacs packages fix vulnerability
  • From: Mandrakelinux Security Team
• [KDE Security Advisory] Buffer overflow in fliccd of kdeedu/kstars/indi
  • From: Dirk Mueller
• [hackgen-2005-#003] - SQL injection bugs in DCP-Portal
  • From: Exoduks
• [KDE Security Advisory] Buffer overflow in fliccd of kdeedu/kstars/indi
  • From: Dirk Mueller
• [ GLSA 200502-22 ] wpa_supplicant: Buffer overflow vulnerability
  • From: Matthias Geerdsen
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Janusz A. Urbanowicz
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: bkfsec
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Gwendolynn ferch Elydyr
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: bkfsec
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Gwendolynn ferch Elydyr
• xprobe2 v0.2.2 released
  • From: Ofir Arkin
• [ GLSA 200502-23 ] KStars: Buffer overflow in fliccd
  • From: Sune Kloppenborg Jeppesen
• UPDATE: [ GLSA 200501-36 ] AWStats: Remote code execution
  • From: Thierry Carrez
• [ GLSA 200502-18 ] VMware Workstation: Untrusted library search path
  • From: Thierry Carrez
• Advisory: Cross Site Scripting Vulnerability in Openconf Conference Management Software
  • From: Maximillian Dornseif
• Blind Sql-Injection in MySQL Databases
  • From: Zeelock
• RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: David Schwartz
• [USN-82-1] Linux kernel vulnerabilities
  • From: Martin Pitt
• [ GLSA 200502-20 ] Emacs, XEmacs: Format string vulnerabilities in movemail
  • From: Thierry Carrez
• [ GLSA 200502-21 ] lighttpd: Script source disclosure
  • From: Thierry Carrez
• [SECURITY] [DSA 684-1] New typespeed packages fix arbitrary group games code execution
  • From: Martin Schulze
• RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185 Correction
  • From: Joe Granto
• Re: vbulletin 3.0.x PHP code execution
  • From: pokley
• RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: David Schwartz
• [USN-83-1] LessTif 2 vulnerabilities
  • From: Martin Pitt
• SHA-1 broken
  • From: Gadi Evron
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Bill Brown
• Update Your Bookmarks
  • From: Amit Klein (AKsecurity)
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?
  • From: Micah Brandon
• Re: [Full-Disclosure] RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB886185
  • From: Thor (Hammer of God)
• [Security Bulletin] SSRT5893 rev.0 - HP Web-enabled Management Software Remote Buffer Overflow
  • From: Boren, Rich (SSRT)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: bkfsec
• RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185 Correction
  • From: Threlkeld, Richard
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: lyal.collins
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Seth Breidbart
• [PersianHacker.NET 200505-06] paNews v2.0b4 XSS Vulnerability
  • From: PersianHacker Team
• NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+
  • From: TAC
• Re: SHA-1 broken
  • From: Kent Borg
• RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Benjamin Franz
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Stefan Paletta
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Stefan Paletta
• RE: BrightStor ARCserve Backup buffer overflow PoC (fix available)
  • From: Williams, James K
• Re: SHA-1 broken
  • From: Michael Cordover
• RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Nick FitzGerald
• RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: David Schwartz
• Re: SHA-1 broken
  • From: Robert Sussland
• Re: SHA-1 broken
  • From: Steve Friedl
• XSS vulnerabilty in ASP.Net [with details]
  • From: Andir Andir
• RE: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?
  • From: Michael Scheidell
• MDKSA-2005:039 - Updated rwho packages fix vulnerability
  • From: Mandrakelinux Security Team
• Re: xprobe2 v0.2.2 released
  • From: Stan Bubrouski
• RECON 2005 CFP [Montreal, Canada]
  • From: dataworm
• [ GLSA 200502-24 ] Midnight Commander: Multiple vulnerabilities
  • From: Sune Kloppenborg Jeppesen
• Invision Power Boards 1.3.1 FINAL XSS Exploit
  • From: Daniel A.
• Dangers of discarding duplicated messages
  • From: Adrian Bunk
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?
  • From: Matt Wilder
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: bkfsec
• RE: BrightStor ARCserve Backup buffer overflow PoC (fixes available)
  • From: Williams, James K
• [ SCL-2005.001 ] - WebCalendar: SQL Injection from encoded cookie
  • From: Scovetta Labs
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Ron DuFresne
• Re: Permission problem in Skype BETA for linux
  • From: Peter Conrad
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Thor (Hammer of God)
• Remote Windows Kernel Exploitation - Step Into the Ring 0
  • From: Marc Maiffret
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Vincent Archer
• RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Tosoni
• [PersianHacker.NET 200505-07] paFAQ Beta4 Sql Injection
  • From: PersianHacker Team
• Possible phpBB <=2.0.11 bug or sql injection?
  • From: jtm297
• [SECURITY] [DSA 685-1] New emacs21 packages fix arbitrary code execution
  • From: Martin Schulze
• Advisory: Multiple Vulnerabilities in BibORB
  • From: Patrick Hof
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: bkfsec
• Re: SHA-1 broken
  • From: Jonathan G. Lampe
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: bkfsec
• [SECURITY] [DSA 686-1] New gftp packages fix directory traversal vulnerability
  • From: Martin Schulze
• hpm_guestbook.cgi JavaScript-Injection
  • From: Christoph Burchert
• iDEFENSE Labs Website Launch
  • From: iDEFENSE Labs
• RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: David Schwartz
• Re: IE6 SP1 - Click N Crash
  • From: Robert ONeal
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: bkfsec
• RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: David Schwartz
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: bkfsec
• Phishing hole found in IE and OE
  • From: Jay Calvert
• RE: SHA-1 broken
  • From: Scovetta, Michael V
• [USN-78-2] Fixed mailman packages for USN-78-1
  • From: Martin Pitt
• [USN-66-2] PHP vulnerability
  • From: Martin Pitt
• Re: NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+
  • From: Vade 79
• Re: SHA-1 broken
  • From: dullien
• Re: SHA-1 broken
  • From: dullien
• MDKSA-2005:043 - Updated xpdf packages fix vulnerabilities on 64 bit platforms
  • From: Mandrakelinux Security Team
• Re: Possible phpBB <=2.0.11 bug or sql injection?
  • From: Exoduks
• Re: Dangers of discarding duplicated messages
  • From: Maciej Soltysiak
• MDKSA-2005:042 - Updated gpdf packages fix vulnerabilities on 64 bit platforms
  • From: Mandrakelinux Security Team
• RE: SHA-1 broken
  • From: Michael Silk
• BizMail 2.1 Spam Exploit
  • From: Jason Frisvold
• [SECURITY] [DSA 687-1] New bidwatcher packages fix format string vulnerability
  • From: Martin Schulze
• [ GLSA 200502-26 ] GProFTPD: gprostats format string vulnerability
  • From: Sune Kloppenborg Jeppesen
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Rainer Duffner
• 3com 3CDaemon FTP "USER" Remote BOverflow POC
  • From: Hat-Squad Security Team
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  • From: Riccardo Murri
• Re: SHA-1 broken
  • From: D.J. Capelis
• Re: Phishing hole found in IE and OE
  • From: Greg Merideth
• RE: Possible phpBB <=2.0.11 bug or sql injection?
  • From: Miguel Angel Rodríguez Jódar
• Re: Phishing hole found in IE and OE
  • From: David Nichols
• Adobe Reader invalid root page node Count value DOS
  • From: Hongzhen Zhou
• Combining Hashes
  • From: Kent Borg
• MDKSA-2005:045 - Updated kdelibs packages fix vulnerabilities
  • From: Mandrakelinux Security Team
• Multiple vulnerabilities in TrackerCam 5.12
  • From: Luigi Auriemma
• Re: SHA-1 broken
  • From: Michael Silk
• Re: SHA-1 broken
  • From: Dan Harkless
• MDKSA-2005:044 - Updated tetex packages fix vulnerabilities on 64 bit platforms
  • From: Mandrakelinux Security Team
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?
  • From: newbug Tseng
• [ GLSA 200502-25 ] Squid: Denial of Service through DNS responses
  • From: Sune Kloppenborg Jeppesen
• MDKSA-2005:041 - Updated cups packages fix vulnerabilities on 64 bit platforms
  • From: Mandrakelinux Security Team
• Multiple vulnerabilities in Glftpd v1.26 - v2.00 default zip based plug-ins
  • From: headpimp
• MDKSA-2005:040 - Updated PostgreSQL packages fix multiple vulnerabilities
  • From: Mandrakelinux Security Team
• Joint encryption?
  • From: John Richard Moser
• Re: SHA-1 broken
  • From: dullien
• Re: SHA-1 broken
  • From: Darren Reed
• Multiples vulnerability in ZeroBoard,
  • From: albanian haxorz
• Re: Joint encryption?
  • From: John Richard Moser
• [ GLSA 200502-27 ] gFTP: Directory traversal vulnerability
  • From: Matthias Geerdsen
• Re: Joint encryption?
  • From: Damian Menscher
• [FLSA-2005:2137] Updated cyrus-sasl resolves security vulnerabilities
  • From: Dominic Hargreaves
• exwormshoucast part of PTjob project: SHOUTcast v1.9.4 remote exploit
  • From: yan feng
• Re: Phishing hole found in IE and OE
  • From: cyberpixl
• Re: SHA-1 broken
  • From: Tollef Fog Heen
• Thomson TCW690 POST Password Validation Vulnerability
  • From: MurDoK
• [Hat-Squad] Findjmp2 Tool
  • From: Hat-Squad Security Team
• 3com 3CDaemon FTP Unauthorized "USER" Remote BOverflow
  • From: class 101
• webfsd fun. opensource is god .lol windows
  • From: yan feng
• cfengine rsa heap remote exploit: part of PTjob project
  • From: yan feng
• Re: Joint encryption?
  • From: Casper . Dik
• Re: Joint encryption?
  • From: devnull
• Re: Possible phpBB <=2.0.11 bug or sql injection?
  • From: kaosone+[ONE]+
• Re: Combining Hashes
  • From: unmanarc
• Re: [lists] Combining Hashes
  • From: Elliott Bäck
• Re: Joint encryption?
  • From: John Richard Moser
• Re: Joint encryption?
  • From: John Richard Moser
• Re: SHA-1 broken
  • From: Michael Silk
• Re: SHA-1 broken
  • From: Anatole Shaw
• Re: SHA-1 broken
  • From: securityfocus
• Re: Dangers of discarding duplicated messages
  • From: Jon Keating
• Re: Combining Hashes
  • From: Felix Cuello
• Knox Arkeia remote root/system exploit
  • From: John Doe
• Re: SHA-1 broken
  • From: exon
• Re: SHA-1 broken
  • From: Brian May
• Re: [Full-Disclosure] Thomson TCW690 Denial Of Service Vulnerability
  • From: Andres Tarasco
• Re: Possible phpBB <=2.0.11 bug or sql injection?
  • From: Giacomo Rizzo
• Re: Dangers of discarding duplicated messages
  • From: Gene Rackow
• Re: Dangers of discarding duplicated messages
  • From: David F. Skoll
• Re: SHA-1 broken
  • From: Michael Cordover
• Re: Combining Hashes
  • From: exon
• [SECURITY] [DSA 674-3] New mailman packages really fix several vulnerabilities
  • From: Martin Schulze
• Arkeia Network Backup Client Remote Access
  • From: H D Moore
• Re: Knox Arkeia remote root/system exploit
  • From: H D Moore
• Re: Combining Hashes
  • From: Ivan Krstic
• Re: SHA-1 broken
  • From: Michael Silk
• Gigafast/CompUSA router (model EE400-R) vulnerabilities
  • From: Gary H. Jones II
• Re: Joint encryption?
  • From: Robert C. Helling
• ADP Elite System Max 9000 Series Login Vulnerability
  • From: rootfiend
• Re: SHA-1 broken
  • From: exon
• Windows Firewall Has A Backdoor
  • From: Jay Calvert
• [USN-84-1] Squid vulnerabilities
  • From: Martin Pitt
• [FLSA-2005:2058] Updated cdrtools packages fix a security issue
  • From: Marc Deslauriers
• [FLSA-2005:1945] Updated sox packages fix buffer overflows
  • From: Marc Deslauriers
• [FLSA-2005:1944] GNOME VFS updates address extfs vulnerability
  • From: Marc Deslauriers
• Re: Combining Hashes
  • From: Frank Knobbe
• RE: SHA-1 broken
  • From: Frank Knobbe
• Re: Joint encryption?
  • From: Gandalf The White
• RE: Joint encryption?
  • From: David Schwartz
• Re: SHA-1 broken
  • From: Paul Johnston
• Re: Joint encryption?
  • From: John Richard Moser
• Re: SHA-1 broken
  • From: peeon+securityfocus
• Re: Joint encryption?
  • From: peter zulu
• Re: Joint encryption?
  • From: Valdis . Kletnieks
• Re: SHA-1 broken
  • From: Denis Jedig
• Re: Windows Firewall Has A Backdoor
  • From: Chris Wysopal
• Re: Joint encryption?
  • From: Ruud H.G. van Tol
• Re: SHA-1 broken
  • From: Damian Menscher
• Re: Joint encryption?
  • From: John Richard Moser
• [ GLSA 200502-28 ] PuTTY: Remote code execution
  • From: Luke Macken
• RE: Windows Firewall Has A Backdoor
  • From: Chris Goodwin
• iDEFENSE Security Advisory 02.21.05: Multiple PuTTY SFTP Client Packet Parsing Integer Overflow Vulnerabilities
  • From: iDEFENSE Labs
• iDEFENSE Security Advisory 02.21.05: Multiple Unix/Linux Vendor cURL/libcURL NTLM Authentication Buffer Overflow Vulnerability
  • From: iDEFENSE Labs
• iDEFENSE Security Advisory 02.21.05: Multiple Unix/Linux Vendor cURL/libcURL Kerberos Authentication Buffer Overflow Vulnerability
  • From: iDEFENSE Labs
• Re: SHA-1 broken
  • From: Peter J. Holzer
• Re: SHA-1 broken
  • From: Peter Jeremy
• phpBB 2.0.12 released
  • From: Snapdragon
• Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability
  • From: m123303
• Re: Arkeia Network Backup Client Remote Access
  • From: Vincent Archer
• iDEFENSE Security Advisory 02.22.05: phpBB Group phpBB Arbitrary File Disclosure Vulnerability
  • From: iDEFENSE Labs
• Re: Arkeia Network Backup Client Remote Access
  • From: H D Moore
• Re: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability
  • From: grutz
• SD Server 4.0.70 Directory Traversal Bug
  • From: CorryL
• [NOBYTES.COM: #5] iGeneric eShop 1.2 - Information Disclosure & Possible SQL Injection
  • From: John Cobb
• Re: Windows Firewall Has A Backdoor
  • From: Thor (Hammer of God)
• RE: Windows Firewall Has A Backdoor
  • From: Thor Larholm
• Re: Combining Hashes
  • From: Joel Maslak
• The WebConnect 6.4.4 and 6.5 contains several vulnerabilities
  • From: CIRT Advisory
• [SCAN Associates Security Advisory] vbulletin 3.0.6 and below php code injection
  • From: pokley
• paNews v2.0b4 - PHP Injection
  • From: tjomka
• Cross Site Scripting exploitation via malformed files
  • From: Jerome ATHIAS
• iDEFENSE Security Advisory 02.22.05: phpBB Group phpBB2 Arbitrary File Unlink Vulnerability
  • From: iDEFENSE Labs
• Software PBLang 4.65 search.php XSS vulnerability
  • From: Raven
• Software PBLang 4.65 pmpshow.php XSS vulnerability
  • From: Raven
• Software PBLang 4.65 pm.php XSS vulnerability
  • From: Raven
• Re: Arkeia Network Backup Client Remote Access
  • From: Arnaud Spicht
• Re: Knox Arkeia remote root/system exploit
  • From: Arnaud Spicht
• Re: Cross Site Scripting exploitation via malformed files
  • From: http-equiv@xxxxxxxxxx
• Re: phpBB 2.0.12 released
  • From: bcl
• [SECURITY] [DSA 688-1] New squid packages fix denial of service
  • From: Martin Schulze
• [SECURITY] [DSA 689-1] New mod_python packages fix information leak
  • From: Martin Schulze
• Incorrect Classification of iDownload's Product as Spyware...
  • From: Paul Laudanski
• [ GLSA 200502-29 ] Cyrus IMAP Server: Multiple overflow vulnerabilities
  • From: Matthias Geerdsen
• Robustness patch for TWiki, vulnerability in ImageGalleryPlugin
  • From: Florian Weimer
• Release of Arkeia Network Backup 5.3.5 fixes security issue [bugtraq id 12594]
  • From: Arnaud Spicht
• [Fwd: [arkeia-announce] Release of Arkeia Network Backup 5.3.5 fixes security issue]
  • From: Maciej Bogucki
• Office 10 applications & flashdrives can be used to browse restricted drives
  • From: Discini, Sonny
• RE: Incorrect Classification of iDownload's Product as Spyware...
  • From: Roger A. Grimes
• Multiple vulnerabilities found in CSGuestbook by CoolSerlets.com
  • From: Josh884
• RE: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability
  • From: Walton, John Michael (John)
• iDEFENSE Security Advisory 02.23.05: Sun Solaris kcms_configure Arbitrary File Corruption Vulnerability
  • From: iDEFENSE Labs
• Re: phpBB 2.0.12 released
  • From: bcl
• Cisco Security Advisory: ACNS Denial of Service and Default Admin Password Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• [Security Bulletin] SSRT4694 HP-UX ftpd remote unauthorized access
  • From: Boren, Rich (SSRT)
• In-game cl_guid crash in Soldier of Fortune II 1.03
  • From: Luigi Auriemma
• RE: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability
  • From: PASTOR ADRIAN
• Multiple vulns in punBB
  • From: John Gumbel
• MDKSA-2005:046 - Updated uim packages fix vulnerability
  • From: Mandrakelinux Security Team
• MDKSA-2005:047 - Updated squid packages fix vulnerability
  • From: Mandrakelinux Security Team
• [FLSA-2005:2043] Updated zlib package fixes security issues
  • From: Marc Deslauriers
• [FLSA-2005:2343] Updated vim packages fix security issues
  • From: Marc Deslauriers
• phpWebSite-0.10.0_exploit
  • From: tjomka
• [FLSA-2005:2005] Updated gdk-pixbuf packages fix security flaws
  • From: Marc Deslauriers
• [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4
  • From: Maksymilian Arciemowicz
• phpWebSite 0.10.0 Full Path disclosure
  • From: HaCkZaTaN.
• phpWebSite 0.10.0 Full Path disclosure
  • From: HaCkZaTaN
• Firescrolling [Firefox 1.0]
  • From: mikx
• [SECURITY] [DSA 690-1] New bsmtpd packages fix arbitrary command execution
  • From: Martin Schulze
• Announce: RSBAC v1.2.4 released
  • From: Amon Ott
• CFP: WORM 2005
  • From: David Moore
• AW: phpWebSite-0.10.0_exploit
  • From: webmaster
• Re: Office 10 applications & flashdrives can be used to browse restricted drives
  • From: Denis Jedig
• [FLSA-2005:2336] Updated kernel packages fix security issues
  • From: Marc Deslauriers
• [USN-85-1] Gaim vulnerabilities
  • From: Martin Pitt
• RE: Firescrolling [Firefox 1.0]
  • From: Beauford, Jason
• iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability
  • From: iDEFENSE Labs
• RE: Firescrolling [Firefox 1.0]
  • From: Eric McCarty
• CIS WebServer Directory Traversal Bug
  • From: CorryL
• Re: iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability
  • From: Stan Bubrouski
• Re: Firescrolling [Firefox 1.0]
  • From: btrq
• -==phpBB 2.0.12 Full path disclosure==-
  • From: HaCkZaTaN
• Re: [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion
  • From: Calum Power
• Knet <= 1.04c Buffer Overflow Bug
  • From: CorryL
• Re: Office 10 applications & flashdrives can be used to browse restricted drives
  • From: Paul
• [ GLSA 200502-30 ] cmd5checkpw: Local password leak vulnerability
  • From: Thierry Carrez
• Mozilla Firefox 1.0.1 Javascript Images are Draggable
  • From: Paul
• Re: Firescrolling [Firefox 1.0]
  • From: Stan Bubrouski
• Re: Mozilla Firefox 1.0.1 Javascript Images are Draggable
  • From: Jay D. Dyson
• Re: Office 10 applications & flashdrives can be used to browse restricted drives
  • From: Jay D. Dyson