Mail Thread Index
- [CLA-2005:945] Conectiva Security Announcement - kernel,
Conectiva Updates
- [SECURITY] [DSA 701-1] New samba packages fix arbitrary code execution,
Martin Schulze
- bzip2 TOCTOU file-permissions vulnerability,
Imran Ghory
- Re: DoS of LAN via D-Link switches,
Joel Maslak
- cPanel/WHM demo account problems,
Richard Stanway
- Vendor Response to Portculis Advisory 05-002: Spectrum Cash Receipting System,
Paul J Docherty
- Re: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS,
Chris Paget
- [ GLSA 200503-36 ] netkit-telnetd: Buffer overflow,
Thierry Carrez
- MDKSA-2005:064 - Updated libexif packages fix vulnerability,
Mandrakelinux Security Team
- [ GLSA 200503-37 ] LimeWire: Disclosure of sensitive information,
Thierry Carrez
- MX Shop 1.1.1 and MX Kart 1.1.2 are vulnerable to multiple SQL injection vulnerabilities,
dcrab
- MDKSA-2005:062 - Updated ipsec-tools packages fix vulnerability,
Mandrakelinux Security Team
- Bay Technical Associates telnet server logon bypass,
nolimit bugtraq
- MDKSA-2005:063 - Updated htdig packages fix vulnerability,
Mandrakelinux Security Team
- RE: eBay Account Phishing with eBay Redirect - Ebay fixed this + related XSS hole,
Rager, Anton (Anton)
- WindowsXP malformed .wmf files DoS,
liquid
- RE: Invision Power Board v2.0.3 XSS vulnerabilities,
alex
- (PAPER) "Vision of danger: The Firefox Greasemonkey",
Piotr Bania
- [HV-HIGH] Microsoft Jet DB engine vulnerabilities,
vuln
- Reverse shell using netcat on AS/400,
Shalom Carmel
- Security holes in the iTunes Music Store,
Charles M. Hannum
- [SECURITY] [DSA 703-1] New krb5 packages fix arbitrary code execution,
Martin Schulze
- [SECURITY] [DSA 702-1] New ImageMagick packages fix several vulnerabilities,
Martin Schulze
- iDEFENSE Security Advisory 03.31.05: PHP getimagesize() Multiple Denial of Service Vulnerabilities,
iDEFENSE Labs
- [Hat-Squad Advisory] Bakbone NetVault Heap overflow Vulnerabilities,
Hat-Squad Security Team
- Buffer Overflow within the RUMBA product,
Bahaa Naamneh
- [USN-103-1] Linux kernel vulnerabilities,
Martin Pitt
- DMA[2005-0401a] - 'IVT BlueSoleil Directory Transversal',
KF (Lists)
- (Paper) Programming: The Heart of Web Security,
Sumy
- Solaris 10 Containers / Zones Security Flaw,
jim allan
- Information leak in the Linux kernel ext2 implementation,
Arkoon Security Team
- multiple remote denial of service vulnerabilities in Gaim,
Jean-Yves Lefort
- [ GLSA 200504-01 ] telnet-bsd: Multiple buffer overflows,
Thierry Carrez
- In-game players kicking in the Quake 3 engine,
Luigi Auriemma
- In-game server buffer-overflow in Jedi Academy 1.011,
Luigi Auriemma
- In-game server crash in Call of Duty 1.5b and United Offensive 1.51b,
Luigi Auriemma
- RE: Microsoft Windows Server 2003 "Shell Folders" Directory Traversal Vulnerability,
Eiji James Yoshida
- MDKSA-2005:066 - Updated grip packages fix vulnerability,
Mandrakelinux Security Team
- MDKSA-2005:065 - Updated ImageMagick packages fix multiple vulnerabilities,
Mandrakelinux Security Team
- AlstraSoft EPay Pro v2.0 has file include and multiple xss vulnerabilities,
dcrab
- How to write remote exploits ( V. 1.1),
Sumy
- Yet Another Forum.net XSS vulnerabilities,
maty siman
- [ GLSA 200504-02 ] Sylpheed, Sylpheed-claws: Buffer overflow on message display,
Thierry Carrez
- SUSE Security Announcement: kernel local privilege escalation (SUSE-SA:2005:021),
Marcus Meissner
- Local buffer overflow on Aeon<=0.2a,
patr0n
- Microsoft Windows Internet Name Service (WINS) Remote Heap Overflow Exploit,
class101@xxxxxxxxxxxxx
- possible privilege escalation on Sco OpenServer 5.0.7,
pasquale minervini
- [SECURITY] [DSA 705-1] New wu-ftpd packages fix denial of service,
Martin Schulze
- [SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12,
Maksymilian Arciemowicz
- Full path disclosure and XSS in PHPNuke,
SecurityReason
- [SECURITY] [DSA 704-1] New remstats packages fix several vulnerabilities,
Martin Schulze
- ArGoSoft FTP Server is still vuln + PoC exploit code (IHSTeam),
c0d3r
- SonicWALL SOHO/10 - XSS vulnerability,
Oliver Karow
- [CLA-2005:946] Conectiva Security Announcement - MySQL,
Conectiva Updates
- [USN-104-1] unshar vulnerability,
Martin Pitt
- [ GLSA 200504-03 ] Dnsmasq: Poisoning and Denial of Service vulnerabilities,
Thierry Carrez
- Disclosure of AS/400 user accounts via the FTP server,
Shalom Carmel
- phpMyAdmin Cross-site Scripting Vulnerability,
Oriol Torrent Santiago
- RE: PayPal "security" measures,
McAllister, Andrew
- Authenticaion bypass, Directory transversal and XSS vulnerabilities in PayProCart 3.0 - Profitcode Software,
dcrab
- gzip TOCTOU file-permissions vulnerability,
Imran Ghory
- SQL INJECTION in LinksLinks Pro. PHPBB Mod.,
rock master
- Logics Software BS2000 Host to Web Client ALL PLATFORMS,
Román Ramírez
- [SECURITYREASON.COM] Full path disclosure and XSS in PHPNuke part 3,
sp3x
- FreeBSD Security Advisory FreeBSD-SA-05:02.sendfile,
FreeBSD Security Advisories
- Sanboxed browsing and authentication credentials,
Max Moser
- TSLSA-2005-0011 - kernel,
Trustix Security Advisor
- iDEFENSE Labs Releases OllyDbg Breakpoint Manager,
iDEFENSE Labs
- SQL INJECTION in DLMan Pro. PHPBB Mod.,
rock master
- [USN-105-1] PHP4 vulnerabilities,
Martin Pitt
- [USN-106-1] Gaim vulnerabilities,
Martin Pitt
- [USN-107-1] racoon vulnerability,
Martin Pitt
- Sybase ASE Multiple Security Issues (#NISR05042005),
NGSSoftware Insight Security Research
- [OpenPKG-SA-2005.005] OpenPKG Security Advisory (imapd),
OpenPKG
- iDEFENSE Security Advisory 04.05.05: Computer Associates eTrust Intrusion Detection System CPImportKey DoS,
iDEFENSE Labs
- MailEnable Smtpd remote Dos [x0n3-h4ck],
CorryL
- crontab from vixie-cron allows read other users crontabs,
Karol Więsek
- [ GLSA 200504-05 ] Gaim: Denial of Service issues,
Luke Macken
- [USN-109-1] MySQL vulnerability,
Martin Pitt
- drone armies C&C report - March/2005,
Gadi Evron
- Microsoft Explorer Denial of Service,
Luca Ercoli
- Cisco Security Advisory: Vulnerabilities in the Internet Key Exchange Xauth Implementation,
Cisco Systems Product Security Incident Response Team
- runcms/e-xoops 1.1A and below file upload vulnerability,
pokley
- OSX - trojan apps can bypass authentication controls and gain root privilages,
bert
- Active Auction House has multiple Sql injection, error and XSS vulnerabilities,
dcrab
- FreeBSD Security Advisory FreeBSD-SA-05:03.amd64,
FreeBSD Security Advisories
- [ GLSA 200504-04 ] mit-krb5: Multiple buffer overflows in telnet client,
Thierry Carrez
- [USN-108-1] GDK vulnerability,
Martin Pitt
- [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure,
John Cobb
- Cisco Security Advisory: Vulnerabilities in Cisco IOS Secure Shell Server,
Cisco Systems Product Security Incident Response Team
- iDEFENSE Security Advisory 04.06.05: IBM Lotus Domino Server Web Service DoS Vulnerability,
iDEFENSE Labs
- LiteCommerce Sql injection and reveling errors vulnerability,
dcrab
- [waraxe-2005-SA#041] - Critical Sql Injection in PhpNuke 6.x-7.6 Top module,
Janek Vind
- [ GLSA 200504-06 ] sharutils: Insecure temporary file creation,
Luke Macken
- Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability,
Adam Back
- [SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability,
chewkeong
- iDEFENSE Security Advisory 04.07.05: SGI IRIX gr_osview Information Disclosure Vulnerability,
iDEFENSE Labs
- iDEFENSE Security Advisory 04.07.05: SGI IRIX gr_osview File Overwrite Vulnerability,
iDEFENSE Labs
- [SECURITYREASON.COM] phpnuke 7.6 Multiple vulnerabilities in Downloads Module cXIb8O3.13,
Maksymilian Arciemowicz
- Macromedia Security Bulletin - ColdFusion MX 6.1,
Macromedia Security Zone
- [SECURITYREASON.COM] phpnuke 7.6 Multiple vulnerabilities in Web_Links Module cXIb8O3.14,
Maksymilian Arciemowicz
- OpenServer 5.0.6 OpenServer 5.0.7 : termsh atcronsh auditsh environment buffer overflows,
please_reply_to_security
- UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : CDE dtlogin unspecified double free,
please_reply_to_security
- UnixWare 7.1.4 : libtiff Multiple vulnerabilities,
please_reply_to_security
- UnixWare 7.1.4 : cdrecord local root exploit,
please_reply_to_security
- OpenServer 5.0.6 OpenServer 5.0.7 : cscope local attacker can remove arbitrary files,
please_reply_to_security
- MDKSA-2005:067 - Updated sharutils packages fix multiple vulnerabilities,
Mandrakelinux Security Team
- Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3,
dcrab
- MacOSX Java Runtime Environment Remote Denial-of-Service (DoS) Vulnerability,
Marc Schoenefeld
- MDKSA-2005:068 - Updated gtk+2.0 packages fix vulnerability,
Mandrakelinux Security Team
- MDKSA-2005:069 - Updated gdk-pixbuf packages fix vulnerability,
Mandrakelinux Security Team
- phpBB Upload Script "up.php" Arbitrary File Upload,
Status-x
- PunBB <= 1.2.4 - change email to become admin exploit,
exploits@xxxxxxxxxxx
- Pafiledb ACTION Parameter XSS,
tom cruise
- Double Choco Latte Remote Code Execution,
JeiAr
- iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability,
iDEFENSE Labs
- How to Report a Security Vulnerability to Microsoft,
Microsoft Security Response Center
- UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : telnet client multiple issues,
please_reply_to_security
- [USN-110-1] Linux kernel vulnerabilities,
Martin Pitt
- [ GLSA 200504-07 ] GnomeVFS, libcdaudio: CDDB response overflow,
Thierry Carrez
- UPDATE: [ GLSA 200503-35 ] Smarty: Template vulnerability,
Thierry Carrez
- OpenText FirstClass 8.0 Client Arbitrary File Execution,
dila
- SUSE Security Announcement: various KDE security problems (SUSE-SA:2005:022),
Marcus Meissner
- ================================ GNU Core Utilities race condition file-permissions vulnerability ================================ Software: mkdir, mknod, mkfifo Version: Part of GNU Core Utilities 5.2.1 Software URL: <http://www.gnu.org/software/cor,
Imran Ghory
- Multiple ModernBill 4.3.0 And Earlier Vulnerabilities,
GulfTech Security Research
- TowerBlog <= 0.6 Admin Account View [x0n3-h4ck],
CorryL
- Miranda IM and Miranda Installer Let Local Users Execute Arbitrary Code,
Kozan
- iDEFENSE Security Advisory 04.11.05: Computer Associates BrightStor ARCserve Backup UniversalAgent Buffer Overflow,
iDEFENSE Labs
- [ GLSA 200504-08 ] phpMyAdmin: Cross-site scripting vulnerability,
Luke Macken
- Zone-H 2004 statistics are ready to be downloaded,
Gerardo Astharot Di Giacomo
- Invision board 1.3.1 and below are vulnerable to a sql injection vulnerability [PATCH INCLUDED],
dcrab
- OpenOffice DOC document Heap Overflow,
lee xiaojun
- Microsoft Windows image rendering DoS vuln,
Andrew
- [WHITEPAPER] Bugger The Debugger,
Brett Moore
- Sql injection in jPortal version 2.3.1 (module banner),
Marcin \"CiNU5\" Krupowicz
- Directory transversal, sql injection and xss vulnerabilities in RadBids Gold v2,
dcrab
- AzDGDatingPlatinum multiple vulnerabilities,
kre0n
- XV multiple buffer overflows (update),
Greg Roelofs
- rpdump TOCTOU file-permissions vulnerability,
Imran Ghory
- rsnapshot Security Advisory 001,
security
- Microsoft Jet (msjet40.dll) Exploit,
Stuart Pearson
- 7a69Adv#23 - Jar tool directory transversal vulnerability,
Pluf
- WebCT 4.1 vulnerable to XSS attacks,
lacertosum
- iDEFENSE Security Advisory 04.12.05: Microsoft Windows CSRSS.EXE Stack Overflow Vulnerability,
iDEFENSE Labs
- iDEFENSE Security Advisory 04.12.05: Microsoft MSHTA Script Execution Vulnerability,
iDEFENSE Labs
- iDEFENSE Security Advisory 04.12.05: Microsoft Windows Internet Explorer Long Hostname Heap Corruption Vulnerability,
iDEFENSE Labs
- iDEFENSE Security Advisory 04.12.05: Microsoft Internet Explorer DHTML Engine Race Condition Vulnerability,
iDEFENSE Labs
- Centra 7 XSS Exploit,
Clorox
- IRM 011: Sygate,Security Agent (Sygate Secure Enterprise) Fail Open DoS,
IRM Advisories
- eGroupWare Leaks Files,
Gerald Quakenbush
- Remote Buffer Overflow in Lotus Domino,
Next Generation Insight Security Research (NGS Software)
- Re: Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3,
Dionysios G. Synodinos
- QuickTime for Windows malformed GIF DoS,
liquid
- [ GLSA 200504-09 ] Axel: Vulnerability in HTTP redirection handling,
vorlon
- JavaMail allows directory traversal in attachments,
Rafael San Miguel Carrasco
- DoKuWiki file-upload vulnerabilities,
kreon
- Window Washer 6.0: False Sense of Security,
WBG Links
- WordPress XSS and HTML injection,
Nicolas Montoza
- GLD (Greylisting daemon for Postfix) multiple vulnerabilities.,
dong-hun you
- zOOM Media Gallery - Simple SQL Injection discovery,
Andreas Constantinides
- 'Widcomm BTW (Microsoft Windows BT stack) Directory Transversal',
KF (lists)
- Patch available for critical Veritas i3 Server vulnerability,
NGSSoftware Insight Security Research
- Gld 1.5 released (security fix),
Salim Gasmi
- Multiple medium risk flaws fixed in new version of PHP (late advisory),
NGSSoftware Insight Security Research
- Multiple High Risk flaws fixed in Oracle,
NGSSoftware Insight Security Research
- IBM WebSphere Widespread configuration JSP disclosure,
SPI Labs
- cpio TOCTOU file-permissions vulnerability,
Imran Ghory
- [SECURITY] [DSA 707-1] New mysql packages fix several vulnerabilities,
Martin Schulze
- NetManage RUMBA 7.4 Profile Handling Multiple Buffer Overflow Vulnerabilities,
Bahaa Naamneh
- [SECURITY] [DSA 706-1] New axel packages fix arbitrary code execution,
Martin Schulze
- MDKSA-2005:070 - Updated MySQL packages fix vulnerability,
Mandrakelinux Security Team
- ms05016 POC,
zwell zwell
- [ GLSA 200504-10 ] Gld: Remote execution of arbitrary code,
Sune Kloppenborg Jeppesen
- HTTP RESPONSE SPLITTING by Diabolic Crab,
dcrab
- LG U8120 Mobile Phone Denial of Service,
Luca Ercoli
- Details and PoC for MS05-020 MSIE DHTML Object handling vulnerabilities,
Berend-Jan Wever
- Multiple Sql injection and XSS vulnerabilities in phpBB Plus v.1.52 and below and some of its modules.,
dcrab
- [ GLSA 200504-11 ] JunkBuster: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
- Windows kernel overflow fixed,
NGSSoftware Insight Security Research
- serendipity SQL Injection vulnerability,
kreon
- [ GLSA 200504-12 ] rsnapshot: Local privilege escalation,
Thierry Carrez
- Internet Explorer wininet.dll URL parsing memory corruption technical details,
3APA3A
- MDKSA-2005:071 - Updated gaim packages fix multiple vulnerabilities,
Mandriva Security Team
- All4WWW-Homepagecreator Remote Command Execution,
Francisco Alisson
- sumus[v0.2.2]: (httpd) remote buffer overflow exploit.,
Vade 79
- Security Contact for NetApp ?,
Fabrice Marie
- Computer Associates BrightStor ARCserve Backup and BrightStor Enterprise Backup UniversalAgent buffer overflow vulnerability,
Williams, James K
- BCS Asia 2005 Slides and pictures,
Anthony Zboralski
- Multiple multiple sql injection/errors and xss vulnerabilities in OneWorldStore,
dcrab
- Multiple vulnerabilities in Yager 5.24,
Luigi Auriemma
- Trojan file issue in Musicmatch software,
Hyperdose Security
- Trusted Site Cross Site Scripting Elevation of Privilege in Musicmatch,
Hyperdose Security
- [USN-111-1] Squid vulnerability,
Martin Pitt
- [USN-112-1] PHP4 vulnerabilities,
Martin Pitt
- FreeBSD Security Advisory FreeBSD-SA-05:04.ifconf,
FreeBSD Security Advisories
- Improper log file storage in Musicmatch software,
Hyperdose Security
- [SECURITY] [DSA 709-1] New libexif packages fix arbitrary code execution,
Martin Schulze
- [ GLSA 200504-13 ] OpenOffice.Org: DOC document Heap Overflow,
Sune Kloppenborg Jeppesen
- windux-linux-gui-rainbow-lanman-cracker released,
Philippe Oechslin
- [Overflow.pl] GOCR - Multiple vulnerabilities,
Overflow.pl
- [SECURITY] [DSA 708-1] New PHP3 packages fix denial of service,
Martin Schulze
- Dameware NT Utilities and MiniRemote Control <= 4.9 vulnerability,
Jordi Corrales
- myBloggie 2.1.1,
Francisco Alisson
- Arbitrary file overwrite possible by Musicmatch ActiveX control,
Hyperdose Security
- Enumeration of AS/400 users and their status via POP3,
Shalom Carmel
- [ GLSA 200504-14 ] monkeyd: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
- Vulnerabilities in sphpblog,
echo staff
- [ECHO_ADV_12$2005] Vulnerabilities in sphpblog,
echo staff
- Mafia Blog,
Francisco Alisson
- [Overflow.pl] Libsafe - Safety Check Bypass Vulnerability,
Overflow.pl
- Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below,
dcrab
- [DR001] AppleWebKit XMLHttpRequest arbitrary file disclosure vulnerability,
David Remahl
- phpBB datenbank mod has XSS/SQL Injection in the id variable,
tom cruise
- Require many large corporate emails for contact regarding vulnerability.,
dcrab
- SUSE Security Announcement: cvs (SUSE-SA:2005:024),
Sebastian Krahmer
- [ECL] Windows IP Options DoS POC [ECL],
Yuri Gushin
- Vulnerability in Coppermine Photo Gallery 1.3.*,
GHC team
- [ GLSA 200504-15 ] PHP: Multiple vulnerabilities,
Thierry Carrez
- Firelinking [Firefox 1.0.2],
mikx
- Firesearching 1 + 2 [Firefox 1.0.2],
mikx
- phpBB - Knowledge Base MOD - SQL-Injection and Full Path Disclosure,
deluxe
- [SECURITY] [DSA 710-1] New gtkhtml packages fix denial of service,
Martin Schulze
- ERNW Security Advisory 01/2005,
Mailinglists
- [AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages,
Team SHATTER
- [AppSecInc Team SHATTER Security Advisory] SQL Injection in CREATE_SCN_CHANGE_SET procedure,
Team SHATTER
- [AppSecInc Team SHATTER Security Advisory] Denial of Service in Oracle interMedia,
Team SHATTER
- [AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_METADATA package,
Team SHATTER
- [AppSecInc Team SHATTER Security Advisory] SQL Injection in ALTER_MANUALLOG_CHANGE_SOURCE procedure,
Team SHATTER
- [ GLSA 200504-16 ] CVS: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
- The first open source spyware,
gilbert nzeka
- iDEFENSE Security Advisory 04.18.05: McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability,
iDEFENSE Labs
- - Argeniss - Oracle exploits and workarounds,
Cesar
- MDKSA-2005:072 - Updated php packages fix multiple vulnerabilities,
Mandriva Security Team
- [ GLSA 200504-17 ] XV: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
- Portcullis Security Advisory 05-012 Ebay Session Riding Vulnerability,
Paul J Docherty
- [SECURITY] [DSA 711-1] New info2www packages fix cross-site scripting vulnerability,
Martin Schulze
- Directoy Traversal Attack in apexec.pl (.%00./-Bug),
msdarkflyer
- RE: ERNW Security Advisory 01/2005 [ EXPLOIT ],
cybertronic
- UBB Thread printthread.php SQL Injection,
Hillel Himovich
- File Selection May Lead to Command Execution (GM#015-IE),
GreyMagic Security
- [SECURITY] [DSA 712-1] New geneweb packages fix insecure file operations,
Martin Schulze
- [ GLSA 200504-18 ] Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities,
Thierry Carrez
- CAU - New Tool: hcraft - HTTP Vuln Request Crafter,
I)ruid
- MS05-021 Microsoft Exchange X-LINK2STATE Heap Overflow PoC,
Evgeny Pinchuk
- PAKCON II: Call for Papers (CfP - 2005),
Ayaz Ahmed Khan
- Announcing PAKCON II (2005)!,
Ayaz Ahmed Khan
- Capital One's website inadvertently assists phishing,
Joseph Barillari
- [CLA-2005:947] Conectiva Security Announcement - MySQL,
Conectiva Updates
- DUportal Pro 3.4 has MANY Sql injection and Sql Errors.,
dcrab
- [SECURITY] [DSA 661-2] New f2c packages fix insecure temporary files,
Martin Schulze
- SUSE Security Announcement: PostgreSQL buffer overflow problems (SUSE-SA-2005:027),
Marcus Meissner
- SUSE Security Announcement: RealPlayer buffer overflow in RAM file handling (SUSE-SA:2005:026),
Marcus Meissner
- [HSC Security Group] Ocean12 Calendar manager 1.01 SQL injection,
Zinho
- [ GLSA 200504-19 ] MPlayer: Two heap overflow vulnerabilities,
Matthias Geerdsen
- RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Overflow,
Piotr Bania
- Neslo Desktop Rover Remote DoS Vulnerability,
Adam Baldwin
- ICMP attacks against TCP (Proof-of-Concept code) (MS05-019, CISCO:20050412),
houseofdabus HOD
- Multiple eGroupware Vulnerabilities,
GulfTech Security Research
- RE: iDEFENSE Security Advisory 04.18.05: McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability,
Boyce, Nick
- Multiple Security Issues Found In AZBB,
GulfTech Security Research
- Annuaire Netref v4.2 [ fwrite php ] vulnerability,
jaguar
- [waraxe-2005-SA#042] - Multiple vulnerabilities in Coppermine Photo Gallery 1.3.2,
Janek Vind
- Ecommerce-Carts SQL injection vulnerability ( IHSTeam ),
c0d3r
- Shoutbox SCRIPT <= 3.0.2 Administrative MD5 Username and Password Retrieval [x0n3-h4ck],
CorryL
- Linux vsyscalls may be used as attack vectors,
Clad Strife
- Secure Science Corporation Application Software Advisory 055,
SSC Advisory Notice
- [OpenPKG-SA-2005.006] OpenPKG Security Advisory (mysql),
OpenPKG
- Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Stephen Frost
- Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
David F. Skoll
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Tom Lane
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Jim C. Nasby
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Tom Lane
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Bruce Momjian
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Jim C. Nasby
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Stephen Frost
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Joshua D. Drake
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Tino Wildenhain
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Jim Knoble
- <Possible follow-ups>
- Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Josh Berkus
- gzip directory traversal vulnerability,
Imran Ghory
- PMsoftware mini http server remote stack overflow exploit (IHSTeam),
c0d3r
- cpio directory traversal vulnerability,
Imran Ghory
- [PLSN-0004] - Buffer overflow in PostgreSQL,
Peachtree Linux Security Team
- MDKSA-2005:076 - Updated xli packages fix multiple vulnerabilities,
Mandriva Security Team
- MDKSA-2005:074 - Updated gnome-vfs2 packages fix vulnerability,
Mandriva Security Team
- [SECURITY] [DSA 701-2] New samba packages fix correct sporadic crash,
Martin Schulze
- directory traversal in Yawcam 0.2.5,
Donato Ferrante
- MDKSA-2005:073 - Updated cvs packages fix vulnerability,
Mandriva Security Team
- Vulnerability kali's tagboard,
piker piker
- MDKSA-2005:075 - Updated libcdaudio1 packages fix vulnerability,
Mandriva Security Team
- xine security announcement: multiple heap overflows in MMS and Real RTSP streaming clients,
Michael Roitzsch
- [SECURITY] [DSA 713-1] New junkbuster packages fix several vulnerabilities,
Martin Schulze
- [PLSN-0001] - Multiple PHP vulnerabilities,
Peachtree Linux Security Team
- APG Classmaster Workstation Windows SMB share access vulnerability,
Alex Garrett
- TSLSA-2005-0013 - cvs,
Trustix Security Advisor
- MDKSA-2005:077 - Updated cdrecord packages fix vulnerability,
Mandriva Security Team
- Canonicalization and directory traversal in iSeries FTP security products,
Shalom Carmel
- [ GLSA 200504-20 ] openMosixview: Insecure temporary file creation,
Thierry Carrez
- [PLSN-0002] - Multiple vulnerabilities in Gaim,
Peachtree Linux Security Team
- UPDATE: [ GLSA 200504-16 ] CVS: Multiple vulnerabilities,
Sune Kloppenborg Jeppesen
- UPDATE: [ GLSA 200410-10 ] gettext: Insecure temporary file handling,
Sune Kloppenborg Jeppesen
- [PLSN-0003] - Remote exploits in mplayer,
Peachtree Linux Security Team
- Multiple Sql injection and XSS in Asp Nuke 0.80 (Working exploits included),
dcrab
- [KDE Security Advisory]: kimgio input validation errors,
Dirk Mueller
- [KDE Security Advisory]: Kommander untrusted code execution,
Dirk Mueller
- Multiple vulnerabilities in Argosoft Mail Server 1.8.7.6,
ShineShadow
- RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords,
Mark Senior
- [ GLSA 200504-21 ] RealPlayer, Helix Player: Buffer overflow vulnerability,
Thierry Carrez
- [PLSN-0001] - Multiple vulnerabilities in Gaim,
Peachtree Linux Security Team
- [ GLSA 200504-22 ] KDE kimgio: PCX handling buffer overflow,
Sune Kloppenborg Jeppesen
- [ GLSA 200504-23 ] Kommander: Insecure remote script execution,
Sune Kloppenborg Jeppesen
- BitDefender 8 - Race condition vulnerability,
SecuBox fRoGGz
- FreeBSD Security Advisory FreeBSD-SA-05:05.cvs,
FreeBSD Security Advisories
- [SePro Bugtraq] WBB - WoltLab Burning Board <= 2.3.1 - XSS Vulnerability (22.04.05),
deluxe
- Multiple Sql injection vulnerabilities in BK Forum v.4,
dcrab
- ACSblog bug,
farhad koosha
- New auto download / install / exploit URL?,
Gandalf The White
- -==phpBB 2.0.14 Multiple Vulnerabilities==-,
HaCkZaTaN
- artmedic_links5 remote file access exploit,
Adam n30n Simuntis
- Multiple Sql injection and XSS in CartWIZ ASP Cart,
dcrab
- Local file detection found through Adobe Reader ActiveX control,
Hyperdose Security
- E-Cart v1.1 Remote Command Execution,
Nicolas Montoza
- TSLSA-2005-0015 - postgresql,
Trustix Security Advisor
- [SNS Advisory No.80] nProtect:Netizen Arbitrary File Download Vulnerability,
snsadv
- [CIRT.DK - Advisory] Novell Nsure Audit 1.0.1 Denial of Service,
CIRT.DK Advisory
- remote command execution in inserter.cgi script,
fireboy fireboy
- Sql Injection in Confixx 3.06 & 3.08 & 3.?? ?,
Erich Klaus
- DMA[2005-0423a] - 'Nokia Affix Bluetooth Integer Underflow',
KF (lists)
- Multiple SQL Injections in StorePortal 2.63,
dcrab
- remote command execution in include.cgi script,
fireboy fireboy
- MS05-019 Windows IP options DoS exploit,
GomoR
- [INetCop Security Advisory] Snmppd potentially format string vulnerability.,
dong-hun you
- hyper.cgi script file show bug,
fireboy fireboy
- remote command execution in citat.pl script,
fireboy fireboy
- remote command execution in includer.cgi script,
fireboy fireboy
- Possible XSS in User-Agent,
Nicolas Montoza
- Yager <= 5.24 Remote Buffer Overflow Exploit,
cybertronic
- E-Cart v1.1 Remote Command Execution Vulnerability,
Emanuele \"z\\\" Gentili
- [Overflow.pl] ImageMagick ReadPNMImage() Heap Overflow,
Damian Put
- MailEnable HTTPS Buffer Overflow [x0n3-h4ck],
CorryL
- remote command execution in text.cgi script,
fireboy fireboy
- index.cgi script XSS + file show,
fireboy fireboy
- remote command execution in forum.pl script,
fireboy fireboy
- WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability (24.04.05),
admin
- Re: [Full-disclosure] [VulnDiscuss] Re: -==phpBB 2.0.14 Multiple Vulnerabilities==-[Scanned],
Dave Aitel
- remote command execution in ad.cgi script,
fireboy fireboy
- [ GLSA 200504-24 ] eGroupWare: XSS and SQL injection vulnerabilities,
Matthias Geerdsen
- [security bulletin] SSRT5954 rev.0 HP-UX TCP/IP Remote Denial of Service (DoS),
Boren, Rich (SSRT)
- dBpowerAMP Auxiliary - Abnormal execution,
SecuBox fRoGGz
- [SECURITY] [DSA 714-1] New kdelibs packages fix arbitrary code execution,
Martin Schulze
- iDEFENSE Security Advisory 04.26.05: Citrix Program Neighborhood Agent Buffer Overflow,
iDEFENSE Labs
- iDEFENSE Security Advisory 04.26.05: Citrix Program Neighborhood Agent Arbitrary Shortcut Creation Vulnerability,
iDEFENSE Labs
- iDEFENSE Security Advisory 04.26.05: MySQL MaxDB Webtool Remote 'If' Stack Overflow Vulnerability,
iDEFENSE Labs
- Multiple SQL Injections in MetaCart e-Shop V-8,
dcrab
- Multiple SQL Injections in MetaCart2 for PayPal,
dcrab
- Multiple SQL Injections in MetaCart2 for SQL Server Special Edition U.K,
dcrab
- MetaCart2 for PayFlow Multiple Sql Injection Vulnerabilities,
dcrab
- Multiple SQL Injections in MetaBid Auctions,
dcrab
- E-Cart E-Commerce Software EXPLOIT,
Emanuele \"z\\\" Gentili
- [exploits] phpMyVisites 1.3 local file retrieval,
Max Cerny
- GrayCMS php code injection,
Kold
- tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop DOS.,
Vade 79
- tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits.,
Vade 79
- [PLSN-0007] new libcdaudio package available,
Peachtree Linux Security Team
- [PLSN-0006] new libexif package available,
Peachtree Linux Security Team
- [PLSN-0005] new cvs package available,
Peachtree Linux Security Team
- IE - cross site click detection?,
ViPeR
- SQL-injections in Invision Power Board v2.0.1,
CENSORED
- [Hackers Center Security Group] Sqwebmail Http Splitting Vulnerability,
Zinho
- Discovering and Stopping Phishing/Scam Attacks,
steven
- [ GLSA 200504-25 ] Rootkit Hunter: Insecure temporary file creation,
Sune Kloppenborg Jeppesen
- iDEFENSE Security Advisory 04.25.05: MySQL MaxDB Webtool Remote Stack Overflow Vulnerability,
iDEFENSE Labs
- iDEFENSE Security Advisory 04.25.05: MySQL MaxDB Webtool Remote Lock-Token Stack Overflow Vulnerability,
iDEFENSE Labs
- ADV: NetTerm's NetFtpd 4.2.2 Buffer Overflow + PoC Exploit,
shadown
- New Whitepaper: Stopping Automated Attack Tools,
Gunter Ollmann (NGS)
- [ GLSA 200504-26 ] Convert-UUlib: Buffer overflow,
Sune Kloppenborg Jeppesen
- SUSE Security Announcement: Mozilla Firefox, Mozilla various security problems (SUSE-SA:2005:028),
Marcus Meissner
- Black Hat USA 2005 Reminder CFP closing soon!,
Jeff Moss
- [HSC Security Group] Comersus v6 Script injection,
Zinho
- myPHP Forum v3 (possible v1 & 2 also) Identification 'spoof',
Terencentanio Enache
- [SECURITY] [DSA 715-1] New cvs packages fix unauthorised repository access,
Martin Schulze
- [ GLSA 200504-27 ] xine-lib: Two heap overflow vulnerabilities,
Thierry Carrez
- [SECURITY] [DSA 717-1] New lsh packages fix several vulnerabilities,
Martin Schulze
- [SECURITY] [DSA 716-1] New gaim packages fix denial of service,
Martin Schulze
- [CLA-2005:950] Conectiva Security Announcement - evolution,
Conectiva Updates
- [CLA-2005:949] Conectiva Security Announcement - gaim,
Conectiva Updates
- SQL-injections in koobi-cms,
CENSORED
- iDEFENSE Labs Releases dltrace,
iDEFENSE Labs
- Privilege escalation in BakBone NetVault 7.1,
Reed Arvin
- Privilege escalation in BulletProof FTP Server v2.4.0.31,
Reed Arvin
- [CLA-2005:948] Conectiva Security Announcement - squid,
Conectiva Updates
- Buffer overflow in KMiNT21 Software Golden FTP Server Pro v2.52 (10.04.2005),
Reed Arvin
- ZRCSA-200501 - Multiple vulnerabilities in Claroline,
Sieg Fried
- Security contact at sourceforge?,
Joxean Koret
- [ GLSA 200504-28 ] Heimdal: Buffer overflow vulnerabilities,
Sune Kloppenborg Jeppesen
- [SECURITY] [DSA 718-2] New ethereal packages fix buffer overflow,
Martin Schulze
- [SECURITY] [DSA 719-1] New prozilla packages fix arbitrary code execution,
Martin Schulze
- [SECURITY] [DSA 718-1] New ethereal packages fix buffer overflow,
Martin Schulze
- High risk flaw in HP OpenView Radia Management Agent,
NGSSoftware Insight Security Research
- phpBB Notes Mod SQL Injection Vulnerability,
GulfTech Security Research
- OT: Two Factor Authentication on Linux / Mac / Windows,
Mohit Muthanna
- Netflix Site may assist Phishing,
Sara Togian
- Borland Security Contact,
Dave Armstrong
- insecure user account lam-runtime-7.0.6-2mdk rpm,
Scott Grayban
- Webcache Client Requests Bypass OHS mod_access Restrictions,
Alexander Kornbrust
- File appending vulnerability in Oracle Webcache 9i,
Alexander Kornbrust
- Cross Site Scripting in Oracle Webcache 9i Adminstrator Application,
Alexander Kornbrust
- [Security Bulletin] SSRT5958 rev.0 - HP OpenView Radia Mgmt. Portal (RMP) Radia Mgmt. Agent Remote unauthorized Privileged Access and (DoS),
Boren, Rich (SSRT)
- [HSC Security Group] Ocean12 Mailing List Manager Pro SQL injection,
Zinho
- Cross Site Scripting in BEA Admin Console,
Alexander Kornbrust
- DHS Security Contact,
Jason Coombs
- Multiple Sql injections in phpCoin v1.2.2 and below,
dcrab
- Safari HTTPS Overflow,
Gilbert Verdian
- NY sues Spyware Intermix, funded by Tiaa-Cref,
Paul Laudanski
- Golden FTP Server Pro remote stack BOF exploit (IHSTeam),
c0d3r
- MDKSA-2005:080 - Updated libxpm4 packages fix libXpm vulnerabilities,
Mandriva Security Team
- Multiples Full Path Disclosure in php-nuke 7.6 (and below),
Luis Fernando
- MDKSA-2005:079 - Updated perl packages to fix rmtree vulnerability,
Mandriva Security Team
- MDKSA-2005:078 - Updated squid packages fix vulnerability,
Mandriva Security Team
- [CAN-2005-1063] Administration protocol abuse leads to Service and System Denial of Service,
Secure Computer Group
- [CAN-2005-1062] Administration protocol abuse allows local/remote password cracking,
Secure Computer Group
- DEF CON - New CTF Organizers chosen!,
The Dark Tangent
- Mac OS X Cocktail 3.5.4 admin password disclosure,
sonderling
- Snmppd SNMP proxy daemon format string exploit,
cybertronic
- Apache hacks (./atac, d0s.txt),
Andrew Y Ng
Mail converted by MHonArc 2.6.10