Network Security Archives

Bugtraq (date)

[Thread Index] [Top] [All Lists]

September 30, 2004

Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Chris Paget, 23:32
iDEFENSE Security Advisory 09.29.04 - Macromedia JRun 4 mod_jrun Apache Module Buffer Overflow Vulnerability, customer service mailbox, 22:52
Re: directory traversal in ParaChat Server 5.5, Donato Ferrante, 22:31
Re: New whitepaper "The Phishing Guide", Aleksandar Milivojevic, 22:11
RE: Diebold Global Election Management System (GEMS) Backdoor, Geoff Vass, 20:51
Re:[4] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, advisories, 20:30
RE: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes, Hugo van der Kooij, 19:20
Samba Security Announcement -- Potential Arbitrary File Access, Gerald (Jerry) Carter, 18:59
Unicornscan 0.4.2, robert, 18:39
[Full-Disclosure] Multiple vulnerabilities in w-agora forum, Alexander Antipov, 18:19
Multiple Vulnerabilities in Silent Storm Portal, R00tCr4ck, 17:59
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, David F. Skoll, 17:59
TSL-2004-0050 - multi, Trustix Security Advisor, 17:49
Re: cdrecord local root exploit, Jason T. Miller, 17:08
Re: Promiscuous email printing in Canon imageRunner, Felix Lindner, 16:58
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Yoav Nir, 15:48
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Mike Healan, 14:47
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Nick Knouf, 14:27
RE: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes, David Brodbeck, 13:46
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, trh, 12:16
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Polazzo Justin, 11:05
[Full-Disclosure] [FLSA-2004:1581] Updated flim packages fix security vulnerability, Dominic Hargreaves, 10:35
[Full-Disclosure] [FLSA-2004:1549] Updated xchat packages fix security vulnerability, Dominic Hargreaves, 10:35
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Reed, Phillip C. (LNG-DAY), 10:25
[Full-Disclosure] Multiple vulnerabilities in w-agora forum, Alexander Antipov, 10:15
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, float, 10:15
[Full-Disclosure] [FLSA-2004:1840] Updated Ethereal packages fix security issues, Marc Deslauriers, 08:04
[Full-Disclosure] [FLSA-2004:2003] Updated rsync package fixes security issues, Marc Deslauriers, 07:54
directory traversal in ParaChat Server 5.5, Donato Ferrante, 06:51
Re: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes, Aleksandar Milivojevic, 06:00
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Bruce Barnett, 05:10
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, ERACC, 04:20
Re: New whitepaper "The Phishing Guide", Juraj Bednar, 03:39
@lex Guestbook (PHP) Include file, Himeur Nourredine, 03:29
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, David Schwartz, 02:49
Re: Diebold Global Election Management System (GEMS) Backdoor, Adam Shostack, 02:39
Php RFC1867 Upload Vuln. POC Released, Stefano Di Paola, 02:19
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Casper Dik, 02:19
Crash in Alpha Black Zero 1.04, Luigi Auriemma, 02:09
Re: Default username/password pairs in ON Command CCM 5.x database backend, Sep 20 2004 2:24PM, Sym Security, 01:59
RE: Promiscuous email printing in Canon imageRunner, Eric McCarty, 01:49
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Colm MacCarthaigh, 01:49
MSSQL 7.0 DoS, securma, 01:49
Re: Debian netkit telnetd vulnerability, Matt Zimmerman, 01:29
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Casper Dik, 01:18
RE: Microsoft's GDI Detetection Tool faults, mgotts, 00:38
Re: New whitepaper "The Phishing Guide", Philip Stoev, 00:08

September 29, 2004

MyWebServer 1.0.3, nekd0, 23:48
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Seth Breidbart, 22:57
Re: Re:[3] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, David Wilson, 22:27
Re[2]: New whitepaper "The Phishing Guide", Karsten Heidrich, 21:26
Re: Buffer overflow in Zinf 2.2.1 for Win32+exploit, iggy popal, 20:46
Php RFC1867 Upload Vuln. POC Released, Stefano Di Paola, 20:36
Possible GDI Exploit Vector, james_love, 20:36
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Kurt Seifried, 20:36
[CLA-2004:870] Conectiva Security Announcement - imlib, Conectiva Updates, 20:06
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Adam Shostack, 19:56
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, David F. Skoll, 18:45
[Full-Disclosure] [ GLSA 200409-35 ] Subversion: Metadata information leak, Sune Kloppenborg Jeppesen, 18:05
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Colm Buckley, 17:55
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to, Gareth Humphries, 17:45
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Jason T. Miller, 17:15
directory traversal in ParaChat Server 5.5, Donato Ferrante, 16:34
RE: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes, Jeremy Epstein, 16:24
Re: Diebold Global Election Management System (GEMS) Backdoor Account, Brian Kirkbride, 16:04
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Dana Hudes, 16:04
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Matthew Keller, 15:24
[security bulletin] SSRT4794 rev.0 HPStorageWorks Command View XP access restriction bypass, Boren, Rich (SSRT), 15:24
[Full-Disclosure] [FLSA-2004:1468] Updated tcpdump packages that fix multiple security vulnerabilities, Dominic Hargreaves, 15:03
Re: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes, Craig Paterson, 14:53
[Full-Disclosure] [FLSA-2004:1552] Updated cadaver packages that fix security vulnerabilities, Dominic Hargreaves, 14:13
RE: Promiscuous email printing in Canon imageRunner, Matthew E. Lauterbach, 14:03
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Bob Toxen, 13:53
RE: Microsoft's GDI Detetection Tool faults, Scott Jacobson, 13:53
Re: New whitepaper "The Phishing Guide", Brian Dessent, 13:53
Re: iDEFENSE Security Advisory 09.22.04 - Sophos Small Business Suite Reserved D, Lise Moorveld, 13:02
Yahoo! Store Security Advisory, Stuart Moore, 12:52
Re: Microsoft's GDI Detetection Tool faults, albatross, 09:31
RE: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes, David Brodbeck, 08:31
Re[2]: [Full-Disclosure] Automatically passing NTLM authentication credentials on Windows XP, Hidenobu Seki, 06:40
Re: GDI Virus in the wild., GuidoZ, 06:00
Re: GDI Virus in the wild., Gerry Eisenhaur, 05:29
MDKSA-2004:011-1 - Updated NetPBM packages fix a number of temporary file bugs., Mandrake Linux Security Team, 05:29
Multiple XSS Vulnerabilities in Wordpress 1.2, Thomas Waldegger, 05:19
Re[2]: [Full-Disclosure] Automatically passing NTLM authentication credentials on Windows XP, 3APA3A, 04:29
Re: New whitepaper "The Phishing Guide", Chip Andrews, 04:19

September 28, 2004

Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Simon, 23:57
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Coleman, 23:17
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Patrick J. Kobly, 23:17
Re: ICMP spoofed source tunneling, Calum, 22:56
Vignette Application Portal Unauthenticated Diagnostics, Advisories, 22:56
Re: Diebold Global Election Management System (GEMS) Backdoor, Crispin Cowan, 22:46
MDKSA-2004:103 - Updated OpenOffice.org packages fix temporary file vulnerabilities, Mandrake Linux Security Team, 22:36
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Enrique A. Chaparro, 22:26
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, David Schwartz, 22:06
Re: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes, David F. Skoll, 21:06
Re: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes, Adam Jacob Muller, 20:35
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Marco S Hyman, 19:55
Re: Microsoft's GDI Detetection Tool faults, the rxmr, 19:35
Code execution in Icecast 2.0.1, Luigi Auriemma, 19:25
Re: New whitepaper "The Phishing Guide", Crispin Cowan, 19:25
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Tracy Bost, 19:15
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, gandalf, 18:24
RE: Microsoft's GDI Detetection Tool faults, Dowling, Gabrielle, 15:43
Re: Microsoft's GDI Detetection Tool faults, Andreas Marx, 06:59
Re: aspWebCalendar /aspWebAlbum: SQL injection, Steven, 02:16
iDEFENSE Security Advisory 09.27.04 - IBM AIX ctstrtcasd Local File Corruption Vulnerability, customer service mailbox, 01:26
Re: Re:[3] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, David F. Skoll, 00:05

September 27, 2004

Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Nicholas Knight, 22:54
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Ryan_Ward, 22:44
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Greg A. Woods, 22:24
Re: New whitepaper "The Phishing Guide", Greg A. Woods, 22:14
Broadcast crash in Chatman 1.5.1 RC1, Luigi Auriemma, 22:04
GDI Virus in the wild., Ben, 21:43
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Seth Breidbart, 21:03
RE: Diebold Global Election Management System (GEMS) Backdoor, Paul Wouters, 20:53
[Hat-Squad] Remote Buffer overflow Vulnerability in YahooPOPS, Hat-Squad Security Team, 20:33
[CLA-2004:869] Conectiva Security Announcement - kernel, Conectiva Updates, 20:22
Re:[3] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, David F. Skoll, 19:01
IPv4 fragmentation --> The Rose Attack, Gandalf The White, 16:50
Re: cdrecord local root exploit, Dr Andrew C Aitchison, 16:40
Re: New whitepaper "The Phishing Guide", Daniel Veditz, 10:03
New Macromedia Security Zone Bulletins Posted, Macromedia Security Zone, 09:42
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Polazzo Justin, 09:12
[Full-Disclosure] [ GLSA 200409-34 ] X.org, XFree86: Integer and stack overflows in libXpm, Thierry Carrez, 07:11
Motorola Wireless Router WR850G Authentication Circumvention, Daniel Fabian, 01:59

September 26, 2004

Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Claudius Li, 21:07
[Full-Disclosure] Re: HTTP Response Splitting and SQL injection in megabbs forum, PD9 Software, 18:46
[Full-Disclosure] SQL injection in BroadBoard Instant ASP Message Board, pigrelax, 17:46
Re: Promiscuous email printing in Canon imageRunner, Chip Mefford, 16:45
[Full-Disclosure] HTTP Response Splitting and SQL injection in megabbs forum, pigrelax, 15:35
aspWebCalendar /aspWebAlbum: SQL injection, Pedro Sanches, 15:25
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Atom 'Smasher', 13:44
Example of JPG Exploit & Shellcode, javier falbo, 13:24
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Jeremy Epstein, 04:40
Re:[3] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, advisories, 04:30
RE: Correction to latest Colsaire advisories, advisories, 04:20
RE: New whitepaper "The Phishing Guide", Dehner, Benjamin T., 04:20

September 25, 2004

Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Jose Rey, 21:57
New XSS vulnerabilities in paFileDB 3.1 final, alireza hassani, 21:47
Motorola Wireless Router WR850G Authentication Circumvention, Daniel Fabian, 21:37
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Heikki Korpela, 21:27
Promiscuous email printing in Canon imageRunner, Andrew Daviel, 20:37
NEW GDI+ JPEG Remote Exploit, John Bissell, 20:36
New Macromedia Security Zone Bulletins Postede, Macromedia Security Zone, 20:26
Microsoft's GDI Detetection Tool faults, albatross, 20:16
TSLSA-2004-0049 - apache, Trustix Security Advisor, 19:36
Buffer overflow in Zinf 2.2.1 for Win32, Luigi Auriemma, 19:06
Re: New whitepaper "The Phishing Guide", Seth Arnold, 18:25
Re: Microsoft's GDI Detetection Tool faults, Gadi Evron, 15:04
Re: ICMP spoofed source tunneling, raiblehugo, 14:44
Re: Microsoft's GDI Detetection Tool faults, John Bissell, 13:03

September 24, 2004

Re: ICMP spoofed source tunneling, Tim Newsham, 22:47
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Jaeson Schultz, 19:25
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Jacob Appelbaum, 18:45
MDKSA-2004:101 - Updated webmin packages fix vulnerabilities, Mandrake Linux Security Team, 17:24
Remote buffer overflow in MDaemon IMAP and SMTP server, pigrelax, 16:54
Macromedia Products Not Affected by MS JPEG/GDIPlus Issue, Macromedia Security Zone, 15:33
[CLA-2004:868] Conectiva Security Announcement - apache, Conectiva Updates, 13:12
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Marvin Bellamy, 11:42
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Mike Ely, 10:41
[CLA-2004:866] Conectiva Security Announcement - qt3, Conectiva Updates, 10:21
MDKSA-2004:102 - Updated ImageMagick packages fix arbitray code execution vulnerabilities, Mandrake Linux Security Team, 08:40
Symantec Enterprise Firewall/VPN and Gateway Security 300 Series Appliances Multiple Issues, Sym Security, 08:00
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Rainer Duffner, 06:50
Re: New whitepaper "The Phishing Guide", Aleksandar Milivojevic, 04:39
[Full-Disclosure] [gentoo-announce] [ GLSA 200409-33 ] Apache: Exposure of protected directories, Dan Margolis, 02:58

September 23, 2004

[Full-Disclosure] [ GLSA 200409-32 ] getmail: Filesystem overwrite vulnerability, Sune Kloppenborg Jeppesen, 19:05
Re: ICMP spoofed source tunneling, fenfire, 16:13
[Full-Disclosure] Multiple vulnerabilities in ActivePost Standard 3.1, Luigi Auriemma, 16:13
Re: ICMP spoofed source tunneling, sin, 16:13
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, David Querin, 16:03
MDKSA-2004:100 - Updated mpg123 packages fix vulnerabilities, Mandrake Linux Security Team, 15:43
Re: ICMP spoofed source tunneling, Dave Paris, 15:43
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Barry Fitzgerald, 14:53
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Hollis Johnson, 14:33
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Lorne J. Leitman, 13:22
Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products, Mike Sues, 13:12
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Homer, 13:12
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Craig Paterson, 11:41
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Jay Hennigan, 11:11
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Gene Cronk, 10:51
Possible DoS attack against jabberd 1.4.3 and jadc2s 0.9.0, Matthias Wimmer, 08:40
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, steve menard, 08:00
[Full-Disclosure] [ GLSA 200409-31 ] jabberd 1.x: Denial of Service vulnerability, Sune Kloppenborg Jeppesen, 07:30
Re: ICMP spoofed source tunneling, fenfire, 05:29
New whitepaper "The Phishing Guide", Gunter Ollmann (NGS), 05:19
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Gene Cronk, 04:38
iDEFENSE Security Advisory 09.22.04 - Sophos Small Business Suite Reserved Device Name Handling Vulnerability, customer service mailbox, 03:48
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Polazzo Justin, 03:38
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Jaeson Schultz, 02:45
Pinnacle ShowCenter 1.51 possible DoS, J�r�me, 01:25
[CLA-2004:867] Conectiva Security Announcement - spamassassin, Conectiva Updates, 00:24

September 22, 2004

[Full-Disclosure] [ GLSA 200409-30 ] xine-lib: Multiple vulnerabilities, Thierry Carrez, 18:01
[Full-Disclosure] Remote buffer overflow in MDaemon IMAP and SMTP server, pigrelax, 17:01
RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Polazzo Justin, 15:10
Re: glFTPd local stack buffer overflow, Bloody_A, 11:28
[Full-Disclosure] [ GLSA 200409-29 ] FreeRADIUS: Multiple Denial of Service vulnerabilities, Sune Kloppenborg Jeppesen, 08:16
Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, pressinfo, 04:35

September 21, 2004

Netscape NSS Library Vulnerability Affects Sun Java Enterprise System, J�r�me, 23:33
ICMP spoofed source tunneling, Max Tulyev, 23:03
Re: [Full-Disclosure] RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, Valdis . Kletnieks, 22:22
[Full-Disclosure] Pinnacle ShowCenter Skin Denial of Service, Marc Ruef, 21:52
[Full-Disclosure] [ GLSA 200409-28 ] GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities, Thierry Carrez, 19:51
[Full-Disclosure] [ GLSA 200409-27 ] glFTPd: Local buffer overflow vulnerability, Thierry Carrez, 19:01
CA UniCenter Management Portal Username Enumeration Vulnerability, thomas adams, 18:21
[Full-Disclosure] Broadcast crash in Popmessenger 1.60 (before 20 Sep 2004), Luigi Auriemma, 16:30
And More Advanced SQL Injection..., Stefano Di Paola, 13:38
Re: Debian netkit telnetd vulnerability, Solar Designer, 11:16
Multiple Vulnerabilities In EmuLive Server4, GulfTech Security, 11:16
CoD United Offensive boom boom, Luigi Auriemma, 02:23
Re: Mambo Portal lasted version 4.5.1 (1.09) and lower vesion : SQL injection Vulnerability., Tim Broeker, 01:12

September 20, 2004

Re: Posible security bug in phpMyWebhosting, Udo Mueller, 23:42
[Full-Disclosure] [sb] [ GLSA 200409-26 ] Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities, Thierry Carrez, 23:01
Vulnerabilities in TUTOS, Joxean Koret, 22:51
Multiple Full Disclosure Path in postnuke 0.750 phoenix, FAiN182, 22:31
Serious Security Issue in Windows XP SP2's Firewall, Andreas Marx, 22:11
Multiple Full Disclosure Path in postnuke 0.750 phoenix, Jirtme, 22:01
FreeBSD Security Advisory FreeBSD-SA-04:14.cvs, FreeBSD Security Advisories, 21:41
Vulnerabilities in TUTOS, Joxean Koret, 21:31
glFTPd local stack buffer overflow, CoKi, 21:10
[Full-Disclosure] [ GLSA 200409-26 ] Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities, Thierry Carrez, 19:50
[Full-Disclosure] [ GLSA 200409-25 ] CUPS: Denial of service vulnerability, Thierry Carrez, 19:09
[Full-Disclosure] Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, Larry Mitchell, 15:47
[Full-Disclosure] RE: [SPAM] - Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access - Email found in subject, Michael Scheidell, 15:27
[Full-Disclosure] [ GLSA 200409-24 ] Foomatic: Arbitrary command execution in foomatic-rip filter, Joshua J. Berry, 14:37
[Full-Disclosure] Default username/password pairs in ON Command CCM 5.x database backend, Jonas Olsson, 14:17
AOL Groups/AIM Information Disclosure, Link Linkovich, 11:15
wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities, Paul Johnston, 08:34

September 19, 2004

[Full-Disclosure] Tool announcement: fakebust, Michal Zalewski, 20:09
Re: [Full-Disclosure] The remote Openssh User-Level-Denial-Of-Service, 3APA3A, 18:08
[Full-Disclosure] Crash in Lords of the Realm III 1.01, Luigi Auriemma, 17:58
[Full-Disclosure] Local root compromise possible with getmail, David Watson, 12:25
[Full-Disclosure] Re: GoogleToolbar:About -- Allows Script Injection, ViPeR, 12:05
[Full-Disclosure] Re: GoogleToolbar:About -- Allows Script Injection, Liu Die Yu, 12:05
[Full-Disclosure] The remote Openssh User-Level-Denial-Of-Service, Alpt, 11:55
Microsoft WordPerfect 5.x Converter Heap Overflow, NGSSoftware Insight Security Research Advisory, 09:44
Re:[2] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, advisories, 09:24
RE: www.proboards.com / YaBB XSS Vuln, GulfTech Security, 09:04
GoogleToolbar:About -- Allows Script Injection, ViPeR, 08:54
RE: JPEG Processing BOF Proof Of Concept, Cassidy Macfarlane, 08:54
Re: www.proboards.com / YaBB XSS Vuln, Patrick Clinger, 08:44
MDKSA-2004:097 - Updated cups packages fix DoS vulnerability, Mandrake Linux Security Team, 03:11
Important message to Bugtraq Subscribers!, Daniel Bertrand, 02:51
ADVISORY: security hole (http response splitting) in snitz forums 2000, Maestro De-Seguridad, 02:41

September 18, 2004

Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, David F. Skoll, 23:49
Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, Greg A. Woods, 21:07
[Full-Disclosure] Debian netkit telnetd vulnerability, Michal Zalewski, 17:44
[Full-Disclosure] RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, Michael Scheidell, 17:44
[Full-Disclosure] Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, Shawn McMahon, 17:33
[Full-Disclosure] Re: GoogleToolbar:About -- Allows Script Injection, Rafel Ivgi, The-Insider, 17:23
Virus exploits workaround in Windows Mobile/Pocket PC architecture (Includes Source Code), kers0r, 16:32
Sudo Exploit by Rosiello Security, Angelo Rosiello, 16:01
RhinoSoft DNS4ME HTTP Server Vulnerabilities, GulfTech Security, 15:51
Re:[2] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, David F. Skoll, 15:41
Mambo Portal lasted version 4.5.1 (1.09) and lower vesion : SQL injection Vulnerability., khoaimi, 14:50
Re: Multiple Vulnerabilities in phpScheduleIt, Nick Korbel, 14:40
Corsaire Security Advisory - Multiple vendor MIME field whitespace issue, advisories, 14:30
Re: FreeBSD kernel buffer overflow, Tim Newsham, 14:09
[Full-Disclosure] RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, Michael Scheidell, 13:49
[Full-Disclosure] RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, Michael Scheidell, 13:48
Re: FreeBSD kernel buffer overflow, Wesley Shields, 13:38
[Full-Disclosure] Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, Shawn McMahon, 12:57
[Full-Disclosure] Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, Chris Norton, 07:53
Corsaire Security Advisory - Multiple vendor MIME RFC2231 encoding issue, advisories, 07:13
MDKSA-2004:095-1 - Updated gdk-pixbuf and gtk+2 packages fix image loading vulnerabilities, Mandrake Linux Security Team, 00:20

September 17, 2004

[Full-Disclosure] Re: [exploitwatch.org] ALERT: Windows XP JPEG Buffer Overflow POCExploit, Clemens, Dan, 23:50
RsyncX vulnerabilities, Matt Johnston, 20:49
RE: [Full-Disclosure] Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, pingywon MCSE, 20:39
[Full-Disclosure] RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, Michael Wilson, Contractor, 19:08
[Full-Disclosure] RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, Michael Wilson, Contractor, 19:08
[Full-Disclosure] RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, Michael Scheidell, 18:17
[Full-Disclosure] RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, Michael Scheidell, 17:57
Re: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow, Gary Warner, 17:47
Microsoft WordPerfect 5.x Converter Heap Overflow, NGSSoftware Insight Security Research, 17:17
FreeBSD kernel buffer overflow, gerarra, 17:07
[Full-Disclosure] Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, Chris Norton, 16:36
XSA-2004-4: multiple string overflows, Michael Roitzsch, 16:16
XSA-2004-5: heap overflow in DVD subpicture decoder, Michael Roitzsch, 14:15
[Full-Disclosure] ANNOUNCE: VulnDisco RADIUS testsuite v1.2, Evgeny Demidov, 13:35
Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, Borja Marcos, 13:15
iDEFENSE Security Advisory 09.15.04: GNU Radius SNMP String Length Integer Overflow Denial of Service Vulnerability, customer service mailbox, 11:44
[Full-Disclosure] [ GLSA 200409-23 ] SnipSnap: HTTP response splitting, Kurt Lieber, 10:34
wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities, Paul Johnston, 10:34
RE: Correction to latest Colsaire advisories, David Litchfield, 08:53
Re: [Full-Disclosure] [exploitwatch.org] ALERT: Windows XP JPEG Buffer Overflow POC Exploit, Gadi Evron, 08:33
CESA-2004-004: libXpm, chris, 07:32
[Full-Disclosure] [exploitwatch.org] ALERT: Windows XP JPEG Buffer Overflow POC Exploit, admin, 06:32
MDKSA-2004:098 - Updated libxpm4 packages fix libXpm overflow vulnerabilities, Mandrake Linux Security Team, 06:12
JPEG Processing BOF Proof Of Concept, GulfTech Security, 05:22
Re: cdrecord local root exploit, Jason T. Miller, 03:31
www.proboards.com / YaBB XSS Vuln, admin, 02:20
RE: Correction to latest Colsaire advisories, advisories, 01:30
RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow, Angelidis, Fotis(NSASOUDABAY), 01:20
TSLSA-2004-0047 - multi, Trustix Security Advisor, 01:10
RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow, Polazzo Justin, 00:50

September 16, 2004

Re: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow, sheep explode, 22:59
[Full-Disclosure] [ GLSA 200409-22 ] phpGroupWare: XSS vulnerability in wiki module, Kurt Lieber, 19:57
[ANNOUNCE] Apache HTTP Server 2.0.51 Released, Sander Striker, 19:47
[Full-Disclosure] [ GLSA 200409-21 ] Apache 2, mod_dav: Multiple vulnerabilities, Thierry Carrez, 19:07
MDKSA-2004:096 - Updated apache2 packages fix multiple vulnerabilities, Mandrake Linux Security Team, 18:26
[Full-Disclosure] Freeze in Pigeon Server 3.02.0143, Luigi Auriemma, 16:56
MDKSA-2004:094 - Updated printer-drivers packages fix vulnerability in foomatic, Mandrake Linux Security Team, 15:45
[Full-Disclosure] Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, Harrison Gladden, 14:04
[Full-Disclosure] FlowSecurity.org: Local Stack Overflow on htpasswd apache 1.3.31 advsory., Luiz Fernando, 13:54
RE: [Full-Disclosure] Vulnerability in IBM Windows XP: default hi dden Administrator account allows local Administrator access, Stephen Agar, 13:44
RE: [Full-Disclosure] Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, pingywon MCSE, 13:34
[Full-Disclosure] [ GLSA 200409-20 ] mpg123: Buffer overflow vulnerability, Thierry Carrez, 11:33
Re: [Full-Disclosure] Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, Colin . Scott, 11:03
[Full-Disclosure] Fwd: Theo's presentation on exploit prevention, Bas Alberts, 09:42
[RLSA_04-2004] QNX crrtrap possible race condition vulnerability, Julio Cesar Fort, 09:32
Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, David F. Skoll, 09:32
[Full-Disclosure] Re: The ArpSucker is b0rn! Be yourself, be the net., H D Moore, 09:22
RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow, Polazzo Justin, 09:01
Re: cdrecord local root exploit, Volker Kuhlmann, 07:51
Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, David Covin, 07:51
SUSE Security Announcement: cups (SUSE-SA:2004:031), Sebastian Krahmer, 07:31
CESA-2004-005: gtk+ XPM decoder, chris, 06:51
[Full-Disclosure] [ GLSA 200409-19 ] Heimdal: ftpd root escalation, Sune Kloppenborg Jeppesen, 06:41
Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow, Nick D., 04:20
Re: [Full-Disclosure] RE: [Bugtraq] McAfee VirusScan Privilege Escalation Vulnerability, bashis, 02:59
MDKSA-2004:095 - Updated gdk-pixbuf packages fix image loading vulnerabilities, Mandrake Linux Security Team, 00:08

September 15, 2004

[Full-Disclosure] RE: [Bugtraq] McAfee VirusScan Privilege Escalation Vulnerability [iDEFENSE], Francis Favorini, 22:25
[Full-Disclosure] Re: Correction to latest Colsaire advisories, Andreas Marx, 22:05
McAfee VirusScan Privilege Escalation Vulnerability [iDEFENSE], J�r�me, 20:34
[Full-Disclosure] Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, Michael Scheidell, 20:14
MDKSA-2004:093 - Updated squid packages fix DoS vulnerability, Mandrake Linux Security Team, 19:43
SUSE Security Announcement: apache2 (SUSE-SA:2004:032), Ludwig Nussel, 19:43
[VulnWatch] Php Vulnerability N. 2, Stefano Di Paola, 18:43
[Full-Disclosure] Re: [Bugtraq] McAfee VirusScan Privilege Escalation Vulnerability [iDEFENSE], bashis, 17:32
[VulnWatch] PHP Vulnerability N. 1, Stefano Di Paola, 17:22
[VulnWatch] myServer 0.7 Directory Traversal Vulnerability, Securiteinfo.com, 15:31
New Mozilla, Firefox and Thunderbird releases fix critical security issues, Gaël Delalleau, 15:31
SMC7004VWBR / SMC7008ABR "spoofing" vulnerability., Jimmy Scott, 14:41
ADVISORY: http response splitting in snipsnap, Maestro De-Seguridad, 13:51
Microsoft Office WordPerfect Converter Buffer Overflow Vulnerability, Jirtme, 13:10
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution [MS04-028], J�r�me, 13:00
[Full-Disclosure] SA04-002 - Apache config file env variable buffer overflow, jonas . thambert, 11:39
[Full-Disclosure] Re: The ArpSucker is b0rn! Be yourself, be the net., Gregory Steuck, 09:49
Corsaire Security Advisory - Multiple vendor MIME field quoting issue, advisories, 05:17
Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue, advisories, 05:07
Rainbow tables for LM/NTLMv1 authentication, Hidenobu Seki, 04:46

September 14, 2004

[RLSA_02-2004] QNX Photon multiple buffer overflows, Julio Cesar Fort, 23:44
Inkra 1504GX DoS vulnerability in conducting IP protocol, felix zhou, 20:13
Insecure file permissions in the Firefox browser for Linux >= v0.9, Max, 19:53
[Full-Disclosure] RE: The ArpSucker is b0rn! Be yourself, be the net., Compton, Rich, 19:43
[Full-Disclosure] [ GLSA 200409-17 ] SUS: Local root vulnerability, Sune Kloppenborg Jeppesen, 19:33
[Full-Disclosure] [ GLSA 200409-18 ] cdrtools: Local root vulnerability in cdrecord if set SUID root, Sune Kloppenborg Jeppesen, 19:12
Corsaire Security Advisory - Multiple vendor MIME Content-Transfer-Encoding mechanism issue, advisories, 18:52
Corsaire Security Advisory - Multiple vendor MIME field multiple occurrence issue, advisories, 18:02
[RLSA_03-2004] QNX ftp client format string bug, Julio Cesar Fort, 17:52
[XSS]/SQL Injection PHP-Nuke Edit/Save Message(s) Bug, bima tampan, 17:52
SUS 2.0.2 local root vulnerability, LSS Security, 17:22
Corsaire Security Advisory - Multiple vendor MIME separator issue, advisories, 17:22
QNX crrtrap possible race condition vulnerability, Jirtme, 17:12
Corsaire Security Advisory - Multiple vendor MIME RFC822 comment issue, advisories, 16:51
Zyxel Prestige 681 SDSL router information leak, Przemyslaw Frasunek, 16:41
Re: [Full-Disclosure] Re: The ArpSucker is b0rn! Be yourself, be the net., nirvana, 14:10
Re: [Full-Disclosure] Re: The ArpSucker is b0rn! Be yourself, be the net., Barrie Dempster, 14:00
MDKSA-2004:092 - Updated samba packages fix multiple vulnerabilities, Mandrake Linux Security Team, 12:49
@stake advisory: Pingtel Xpressa Denial of Service, Advisories, 12:39
RE: New Data Wipe Tools, Altheide, Cory B. (IARC), 12:29
TSL-2004-0046 - multi, Trustix Security Advisor, 12:09
RE: Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denial of Service, Ron DuFresne, 11:59
Re: cdrecord local root exploit, Sean Davis, 11:49
@stake advisory: Lexar JumpDrive Secure Password Extraction, Chris Wysopal, 11:29
Re: [Full-Disclosure] Re: The ArpSucker is b0rn! Be yourself, be the net., VX Dude, 10:58
Samba nmbd Invalid Length Denial of Service Vulnerability [iDEFENSE], J�r�me, 08:37
[Full-Disclosure] Re: The ArpSucker is b0rn! Be yourself, be the net., Stefan . Laudat, 07:06
[CLA-2004:865] Conectiva Security Announcement - zlib, Conectiva Updates, 06:06
[CLA-2004:864] Conectiva Security Announcement - kde, Conectiva Updates, 05:26
Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denial of Service, Wolfpaw - Dale Corse, 04:56
Re: Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denial of Service, David S. Miller, 04:35
problem in voip environment, Pasquiet Loic (M.), 04:15
Posible Inclusion File in Perl Desk, Nikyt0x Argentina, 03:55

September 13, 2004

Samba 3.0 DoS Vulberabilities (CAN-2004-0807 & CAN-2004-0808), Gerald (Jerry) Carter, 23:13
Re: Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denial of Service, David S. Miller, 21:32
[Full-Disclosure] New Security paper released, shadown, 21:12
Directory Traversal Vulnerability in TwinFTP Server allows overwriting, J�r�me, 20:52
Re: cdrecord local root exploit, Sean Davis, 20:01
[Full-Disclosure] The ArpSucker is b0rn! Be yourself, be the net., Alpt, 19:41
Re: Remote buffer overflow in Apache mod_ssl when reverse proxying SSL, 3APA3A, 19:31
RE: Linux 2.4.27 SECURITY BUG - TCP Local (probable Remote) Denial of Service, Wolfpaw - Dale Corse, 19:11
Re: New Data Wipe Tools, Derek Martin, 18:31
[Full-Disclosure] Correction to latest Colsaire advisories, 3APA3A, 12:07
[Full-Disclosure] [ GLSA 200409-16 ] Samba: Denial of Service vulnerabilities, Sune Kloppenborg Jeppesen, 11:47
F-Secure Internet Gatekeeper Content Scanning Server Denial of Service [iDEFENSE], J�r�me, 07:53

September 12, 2004

[Full-Disclosure] [ GLSA 200409-15 ] Webmin, Usermin: Multiple vulnerabilities in Usermin, Dan Margolis, 17:41
[Full-Disclosure] Gadu-Gadu (all versions with image-send feature) Heap Overflow, Sec-Labs Team, 16:39
SQL-Injection in Subjects 2.0 for Postnuke, Criolabs, 15:58
Serv-U up to 5.2 Denial of Service, Patrick, 15:38
Axis Network Camera and Video Server Security Advisory, product-security, 07:25
Bug XSS in PsNews 1.1, Michal Blaszczak, 07:04
New Data Wipe Tools, Thomas C. Greene, 06:44
cdrecord local root exploit, newbug Tseng, 04:51
Remote buffer overflow in Apache mod_ssl when reverse proxying SSL, J�r�me, 03:39
Re: New Data Wipe Tools, Brendan Murray, 03:19
Re: New Data Wipe Tools, Jake Appelbaum, 03:09
Re: New Data Wipe Tools, Thomas C. Greene, 01:27

September 11, 2004

Multiple vulnerabilities in Icewarp Web Mail 5.2.7, ShineShadow, 16:16
[CLA-2004:860] Conectiva Security Announcement - krb5, Conectiva Updates, 15:15
BlackJumboDog FTP Server version 3.6.1 Buffer Overflow [Exploit included], J�r�me, 02:49
OpenOffice World-Readable Temporary Files Disclose Files to Local Users, J�r�me, 02:29
[CLA-2004:863] Conectiva Security Announcement - wv, Conectiva Updates, 02:19

September 10, 2004

[Full-Disclosure] CAU-EX-2004-0002: cdrecord-suidshell.sh, I)ruid, 14:33
serverview 3.0 - insecure file permissions, Rene, 11:32
[Full-Disclosure] ERRATA: [ GLSA 200409-14 ] Samba: Remote printing non-vulnerability, Sune Kloppenborg Jeppesen, 10:52

September 09, 2004

[Full-Disclosure] Off-by-one bug in Halo 1.04, Luigi Auriemma, 21:44
Multiple vulnerabilities 1n BBS E-Market Professional, Ahmad Muammar, 20:03
MDKSA-2004:091 - Updated cdrecord packages fix local root vulnerability, Mandrake Linux Security Team, 19:13
MDKSA-2004:089 - Updated imlib/imlib2 packages fix BMP crash vulnerability, Mandrake Linux Security Team, 13:40
[XSS]/SQL Injection PHP-Nuke Delete Message(s) Bug, bima tampan, 11:49
Bug XSS in PsNews 1.1, Michal Blaszczak, 08:58
PHP-Nuke 7.4 Multiple XSS Vulnerabilities Patch, Pierquinto Manco, 07:57
Re: Apple, Apple Remote Desktop client [Multiple vulnerabilities], J�r�me, 05:56
Insecure Temporary File Creation Vulnerability in Net-Acct, J�r�me, 05:46
Re: [XSS] PHP-Nuke 7.4 Bugs, Peter Lowe, 05:46
[Full-Disclosure] [ GLSA 200409-14 ] Samba: Remote printing vulnerability, Sune Kloppenborg Jeppesen, 04:46

September 08, 2004

Cerulean Studios Trillian 0.74i Buffer Overflow in MSN module exploit, Jirtme, 22:33
[XSS] PHP-Nuke 7.4 AddMsg Bug, Pierquinto Manco, 20:02
[Full-Disclosure] [ GLSA 200409-13 ] LHa: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 18:11
MDKSA-2004:090 - Updated zlib packages fix DoS vulnerability, Mandrake Linux Security Team, 16:30
Good Patch to Multiple [XSS] Vulnerabilities in PHP-Nuke 7.4, Pierquinto Manco, 07:16
[Full-Disclosure] [ GLSA 200409-12 ] ImageMagick, imlib, imlib2: BMP decoding buffer overflows, Thierry Carrez, 07:06
[XSS] PHP-Nuke 7.4 Newsletter Injection Bug, Pierquinto Manco, 06:46
[SNS Advisory No.77] Usermin Remote Arbitrary Shell Command Execution Vulnerability, snsadv, 01:14
Re: [XSS] PHP-Nuke 7.4 Bugs, Blaine Elzey, 01:03
Re: cdrdao local root exploit, 3APA3A, 00:53
mpg123 buffer overflow vulnerability, Davide Del Vecchio, 00:43
Site News Authentication Error May Let Local Users Add Messages, J�r�me, 00:43

September 07, 2004

[Full-Disclosure] [ GLSA 200409-11 ] star: Suid root vulnerability, Kurt Lieber, 21:42
[Full-Disclosure] Cerulean Studios Trillian 0.74i buffer overflow in MSN module, Komrade, 19:51
[Full-Disclosure] Short Paper on "the warez scene", Andrew Smith, 18:41
Apple, Apple Remote Desktop client, Adam Shostack, 02:44
cdrdao local root exploit, J�r�me, 02:34
[RLSA_01-2004] QNX PPPoEd local root vulnerabilities, Julio Cesar Fort, 02:24
Denial of service in Brocade switches (was: Engenio/LSI Logic controllers denial of service/data corruption), Jedi/Sector One, 02:04
SUSE Security Announcement: apache2 (SUSE-SA:2004:030), Sebastian Krahmer, 01:23

September 06, 2004

[Full-Disclosure] [ GLSA 200409-10 ] multi-gnome-terminal: Information leak, Thierry Carrez, 16:50
[Full-Disclosure] [ GLSA 200409-10 ] multi-gnome-terminal: Information leak, Thierry Carrez, 16:50
Cross-Site Scripting Vulnerability in Newtelligence DasBlog, Dominick Baier, 14:59
Patch available for multiple critical flaws in Oracle, NGSSoftware Insight Security Research, 14:49
FUll Path Disclosure in YABBSE, Ahmad Muammar, 14:29
OpenCA Security Advisory: Cross Site Scripting vulnerability, Martin Bartosch, 13:39
[Full-Disclosure] [ GLSA 200409-09 ] MIT krb5: Multiple vulnerabilities, Thierry Carrez, 06:46

September 05, 2004

[XSS] PHP-Nuke 7.4 DelAdmin Bug, Pierquinto Manco, 16:46
[Full-Disclosure] Broadcast shutdown in Call of Duty 1.4, Luigi Auriemma, 13:23
MITKRB5-SA-2004-002: double-free vulnerabilities, Tom Yu, 06:18
[XSS] PHP-Nuke 7.4 ViewAdmin Bug, Pierquinto Manco, 02:56
Engenio/LSI Logic controllers denial of service/data corruption, Jedi/Sector One, 02:26
FW: [Unpatched] Shell and Drag'n'Drop vulnerabilities, Thor Larholm, 01:26

September 04, 2004

MailWorks Professional - Authentication Bypass, headpimp, 12:31
Kerio Personal Firewall's Application Launch Protection Can Be Disabled by Direct Service Table Restoration, J�r�me, 11:51
RE: CuteNews News.txt writable to world, Albert Puigsech Galicia, 02:06

September 03, 2004

[Full-Disclosure] Finger Google v1.0 released, shadown, 18:03
[Full-Disclosure] [ GLSA 200409-08 ] Ruby: CGI::Session creates files insecurely, Sune Kloppenborg Jeppesen, 17:03
Re: Linux OpenExchange - cleartext rootpw in swap, Joshua Goodall, 15:42
Dynalink routers backdoor?, fabio, 15:32
[Full-Disclosure] [ GLSA 200409-07 ] xv: Buffer overflows in image handling, Sune Kloppenborg Jeppesen, 10:40
[hackgen-2004-#001] - Non-critacal Cross-Site Scripting bug in CuteNews, Exoduks, 09:19
SUSE Security Announcement: zlib (SUSE-SA:2004:029), Thomas Biege, 08:59
[Full-Disclosure] UPDATE: [ GLSA 200408-22 ] Mozilla, Firefox, Thunderbird, Galeon, Epiphany: New releases fix vulnerabilities, Sune Kloppenborg Jeppesen, 07:38
[security bulletin] SSRT3657 rev.3 HP-UX CDE libDtHelp buffer overflow, Boren, Rich (SSRT), 06:08
WinZip Unspecified Buffer Overflows May Let Remote or Local Users Execute Arbitrary Code, Jirtme, 05:27
TSL-2004-0045 - kerberos5, Trustix Security Advisor, 05:27

September 02, 2004

MailWorks Professional - Authentication bypass, headpimp, 21:14
[Full-Disclosure] [ GLSA 200409-06 ] eGroupWare: Multiple XSS vulnerabilities, Sune Kloppenborg Jeppesen, 20:33
Password Protect XSS and SQL-Injection vulnerabilities., Criolabs, 19:53
[Full-Disclosure] [ GLSA 200409-04 ] Squid: Denial of service when using NTLM authentication, Thierry Carrez, 19:43
[Full-Disclosure] [ GLSA 200409-05 ] Gallery: Arbitrary command execution, Sune Kloppenborg Jeppesen, 19:33
[Full-Disclosure] [ GLSA 200409-03 ] Python 2.2: Buffer overflow in getaddrinfo(), Thierry Carrez, 18:42
Re: SUSE Security Announcement: kernel (SUSE-SA:2004:028), Paul Starzetz, 17:12
Re: Linux OpenExchange - cleartext rootpw in swap, Valdis . Kletnieks, 16:41
Exploit: AIM Exploit (Ignore Previous Post), John Bissell, 16:41
MDKSA-2004:088 - Updated krb5 packages fix multiple vulnerabilities, Mandrake Linux Security Team, 16:31
Multiple Vulnerabilities In phpWebsite, GulfTech Security, 16:31
Opera DOS, Stevo, 16:21
SSHD / AnonCVS Nastyness, Dragos Ruiu, 16:11
MSInfo Buffer Overflow, E.Kellinis, 15:00
ADVISORY: http response splitting hole in Comersus shopping cart, Maestro De-Seguridad, 01:54
RE: Security Center and Windows XP clients in domain, David Webster, 01:34
Cross-Site Scripting Vulnerability in Newtelligence DasBlog, Dominick Baier, 01:04

September 01, 2004

[Full-Disclosure] [SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server, SHATTER, 22:43
[nisr@nextgenss.com: Patch available for multiple critical flaws in Oracle], David Ahmad, 18:51
RE: Security Center and Windows XP clients in domain, 20040831062712.31317.qmail@www.securityfocus.com, Sym Security, 16:40
Re: Security Center and Windows XP clients in domain, Thor, 15:30
New security tools and papers released, shadown, 15:10
[Full-Disclosure] [ GLSA 200409-01 ] vpopmail: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 15:10
[VulnWatch] Patch available for IBM DB2 Universal Database flaws, NGSSoftware Insight Security Research, 14:59
[Full-Disclosure] [ GLSA 200409-02 ] MySQL: Insecure temporary file creation in mysqlhotcopy, Thierry Carrez, 14:39
SUSE Security Announcement: kernel (SUSE-SA:2004:028), Thomas Biege, 13:29
Multiple Vulnerabilities in phpScheduleIt, Joxean Koret, 05:15
Samba FindNextPrintChangeNotify() Error Lets Remote Authenticated Users Crash smbd, J�r�me, 04:44
Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, J�r�me, 04:14
Re: Linux OpenExchange - cleartext rootpw in swap, Rainer Duffner, 03:54
MITKRB5-SA-2004-003: ASN.1 decoder denial-of-service, Tom Yu, 03:44