Network Security Archives

Bugtraq (date)

[Thread Index] [Top] [All Lists]

January 31, 2005

[Full-Disclosure] Windows Security Checklists - 10 Parts, Paul Laudanski, 21:41
SAME LADY, DIFFERENT HAT: REELY, http-equiv@excite.com , 21:30
MDKSA-2005:025 - Updated clamav packages fix vulnerability, Mandrakelinux Security Team, 19:50
New Whitepaper available on security best practices, Gunter Ollmann, 18:09
Zyxel / Netgear and probably other routers leaking information., Jens Kalvik, 17:58
[PersianHacker.net] Full Path Disclosure and PHP Injection In Pafiledb 3.1 Final, Pedram hayati, 17:48
Re: iDEFENSE Security Advisory 01.24.05: DataRescue Interactive Disassembler Pro Buffer Overflow Vulnerability, dila, 17:28
[Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues, Sune Kloppenborg Jeppesen, 17:28
Re: Winamp Exploit (POC) 5.08 Stack Overflow, Black Dot, 17:18
Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow, Casper . Dik, 16:37
Re[2]: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow, 3APA3A, 16:17
drone armies C&C report - Jan/2005, Gadi Evron, 16:07
Security Bulletin - SSRT4875 rev.1 - HP Tru64 UNIX Java (TM) Technology Software Denial of Service (DoS), Boren, Rich (SSRT), 15:47
WASC-Articles: "The 80/20 Rule for Web Application Security", robert, 15:37

January 30, 2005

[Full-Disclosure] Re: [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability, Paul Laudanski, 22:56
[Full-Disclosure] [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability, Luke Macken, 18:32
[Full-Disclosure] Broadcast crash in Xpand Rally 1.0.0.0, Luigi Auriemma, 17:00
[Full-Disclosure] [ GLSA 200501-44 ] ncpfs: Multiple vulnerabilities, Thierry Carrez, 16:40
[Full-Disclosure] [ GLSA 200501-42 ] VDR: Arbitrary file overwriting issue, Thierry Carrez, 16:40
[Full-Disclosure] [ GLSA 200501-43 ] f2c: Insecure temporary file creation, Thierry Carrez, 16:20
[Full-Disclosure] [ GLSA 200501-41 ] TikiWiki: Arbitrary command execution, Sune Kloppenborg Jeppesen, 05:51

January 29, 2005

XSS in Infinite Mobile Delivery v2.6 Webmail, steven, 19:25
Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow, Lee Dilkie, 17:54
Re: List of all admin accounts in phpBB, Paul Laudanski, 17:04
SquirrelMail Security Advisory, Jonathan Angliss, 16:53
RE: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow, David LeBlanc, 16:43
Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow, Damien Miller, 16:33

January 28, 2005

[Full-Disclosure] [ GLSA 200501-40 ] ngIRCd: Buffer overflow, Thierry Carrez, 19:34
Re: Unrestricted I/O access vulnerability in INCA Gameguard, David Roberts, 19:04
RE: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow, David LeBlanc, 18:44
Winamp Exploit (POC) 5.08 Stack Overflow, Rojodos, 17:03
Multiple vulnerabilities in Icewarp Web Mail 5.3.0: New holes, ShineShadow, 16:23
Re: UEBIMIAU <= 2.7.2 MULTIPLES VULNERABILITIES, pokley, 14:11
WebWasher Classic - HTTP CONNECT weakness, Oliver Karow, 13:51
Multiple vulnerabilities in Alt-N WebAdmin <= 3.0.2, David Alonso Pérez, 13:31
[Full-Disclosure] [ GLSA 200501-39 ] SquirrelMail: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 12:31
[Full-Disclosure] Winamp Exploit (POC) 5.08 Stack Overflow, Rojodos, 10:20
Re: [Full-Disclosure] Re: [ GLSA 200501-36 ] AWStats: Remote codeexecution, morning_wood, 04:47

January 27, 2005

WarFTPD 1.82 RC9 DoS, MC.Iglo, 22:24
MDKSA-2005:024 - Updated evolution packages fix vulnerability, Mandrakelinux Security Team, 19:42
[SECURITY] [DSA 661-1] New f2c packages fix insecure temporary files, Martin Schulze, 19:22
HKLM locking, Vladimir Kraljevic, 18:42
NOVL-2005-10096251 GroupWise WebAccess Error modules loading (report), Ed Reed, 16:11
DMA[2005-0127a] - 'Apple OSX batch family poor use of setuid', KF (Lists), 15:50
UEBIMIAU <= 2.7.2 MULTIPLES VULNERABILITIES, Nash Leon, 15:50
[Full-Disclosure] Re: [ GLSA 200501-36 ] AWStats: Remote code execution, Joao Victor A. Di Stasi, 15:50
[SIG^2 G-TEC] Magic Winmail Server v4.0 Multiple Vulnerabilities, chewkeong, 15:40
Ingate Firewall: Removed PPTP tunnels not deactivated, Per Cederqvist, 15:30
[Contact] Motorola broadband appliance team?, William A. Rowe, Jr., 15:20
[Full-Disclosure] Re: [ GLSA 200501-36 ] AWStats: Remote code execution, Niels Bakker, 14:50
NSFOCUS SA2005-01 : Buffer Overflow in WinAMP in_cdda.dll CDA Device Name, NSFOCUS Security Team, 13:19

January 26, 2005

Re: logwatch and logrotate might create a blind spot in reporting, The Tibetan Traveller, 23:53
[CLA-2005:923] Conectiva Security Announcement - squid, Conectiva Updates, 23:43
Re: List of all admin accounts in phpBB, Aaron Klein, 23:33
Multiple Vulnerabilities in Pocket IE, kers0r, 23:23
MDKSA-2005:021 - Updated tetex packages fix buffer overflow vulnerability, Mandrake Linux Security Team, 23:13
MDKSA-2005:019 - Updated koffice packages fix buffer overflow vulnerability, Mandrake Linux Security Team, 23:02
MDKSA-2005:018 - Updated cups packages fix buffer overflow vulnerability, Mandrake Linux Security Team, 22:52
MDKSA-2005:016 - Updated gpdf packages fix buffer overflow vulnerability, Mandrake Linux Security Team, 22:42
[SECURITY] [DSA 659-1] New libpam-radius-auth packages fix several vulnerabilities, Martin Schulze, 22:32
Black Hat new content on-line & Registration now open for Asia and Europe., Jeff Moss, 22:22
[SECURITY] [DSA 660-1] New kdebase packages fix authentication bypass, Martin Schulze, 21:52
[Full-Disclosure] [ GLSA 200501-38 ] Perl: rmtree and DBI tmpfile vulnerabilities, Thierry Carrez, 18:40
[Full-Disclosure] [ GLSA 200501-37 ] GraphicsMagick: PSD decoding heap overflow, Thierry Carrez, 18:30
[Full-Disclosure] Re: [ GLSA 200501-36 ] AWStats: Remote code execution, Delian Krustev, 18:30
MDKSA-2005:017 - Updated xpdf packages fix buffer overflow vulnerability, Mandrake Linux Security Team, 18:30
DMA[2005-0125a] - 'berlios gpsd format string vulnerability', KF (Lists), 18:10
MDKSA-2005:020 - Updated kdegraphics packages fix buffer overflow vulnerability, Mandrake Linux Security Team, 18:10
List of all admin accounts in phpBB, Predrag Damnjanovic, 17:50
MDKSA-2005:022 - Updated cups packages fix multiple vulnerabilities, Mandrake Linux Security Team, 17:30
[VulnWatch] iDEFENSE Security Advisory 01.26.05: Openswan XAUTH/PAM Buffer Overflow Vulnerability, iDefense Customer Service, 16:29
[Full-Disclosure] UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : x.org possible local socket hijacking, please_reply_to_security, 14:28

January 25, 2005

wifi AP + broadcoast ping, Miroslav Kubik, 21:00
[Full-Disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : wu-ftp local users can bypass access restrictions, please_reply_to_security, 20:30
[Full-Disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : scosessoin local privilege elevation, please_reply_to_security, 19:59
[Full-Disclosure] [ GLSA 200501-36 ] AWStats: Remote code execution, Luke Macken, 18:08
[SECURITY] [DSA 658-1] New libdbi-perl packages fix insecure temporary file, Martin Schulze, 17:08
[CLA-2005:921] Conectiva Security Announcement - xpdf, Conectiva Updates, 16:27
[Full-Disclosure] phpEventCalendar HTML injection, Madelman, 16:17
Re: "Local" and "Remote" considered insufficient, Frank Knobbe, 15:57
Re: ADVISORY: security hole (http response splitting) in snitz forums 2000, Harold Lines, 15:27
Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow, Michael Hampton, 15:17
[Full-Disclosure] [USN-70-1] Perl DBI module vulnerability, Martin Pitt, 14:36
MDKSA-2005:014 - Updated squid packages fix multiple vulnerabilities, Mandrake Linux Security Team, 13:56
MDKSA-2005:015 - Updated mailman packages fix vulnerabilities, Mandrake Linux Security Team, 13:46
Vulnerabilities in eXponent 0.95, Ahmad Muammar, 13:26
[SECURITY] [DSA 655-1] New zhcon packages fix unauthorised file access, Martin Schulze, 13:16
[SECURITY] [DSA 656-1] New vdr packages fix insecure file access, Martin Schulze, 13:06
logwatch and logrotate might create a blind spot in reporting, Sami Pitko, 12:56
[SECURITY] [DSA 657-1] New xine-lib packages fix arbitrary code execution, Martin Schulze, 12:45
MDKSA-2005:013 - Updated ethereal packages fix multiple vulnerabilities, Mandrake Linux Security Team, 01:31

January 24, 2005

English-language version of K-OTik.COM launched today !, K-OTiK Security, 23:29
Multiple vulnerabilities in MercuryBoard 1.1.1, Alberto Trivero, 23:09
MDKSA-2005:012 - Updated zhcon packages fix vulnerability, Mandrake Linux Security Team, 22:28
Portcullis Security Advisory 05-002 Spectrum Cash Receipting System Weak Password Encryption, Paul J Docherty, 21:48
[VulnWatch] iDEFENSE Security Advisory 01.24.05: DataRescue Interactive Disassembler Pro Buffer Overflow Vulnerability, iDefense Customer Service, 19:26
[Full-Disclosure] [ GLSA 200501-35 ] Evolution: Integer overflow in camel-lock-helper, Luke Macken, 19:16
[Full-Disclosure] Local buffer-overflow in W32Dasm 8.93, Luigi Auriemma, 18:16
Re: [Full-Disclosure] 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS, Anders Langworthy, 18:06
[Full-Disclosure] SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow, 3APA3A, 18:06
RE: [Full-Disclosure] 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS, Paul Kurczaba, 17:15
[Full-Disclosure] RealPlayer 10.5 Denial of Service and possible Overflow, Carlos Ulver, 13:53
SUSE Security Announcement: Realplayer 8 (SUSE-SA:2005:004), Marcus Meissner, 13:33
Re: [Full-Disclosure] 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS, Valdis . Kletnieks, 13:33
Re: [Full-Disclosure] 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS, KF (lists), 13:03
[Full-Disclosure] [ GLSA 200501-34 ] Konversation: Various vulnerabilities, Luke Macken, 12:23
[Full-Disclosure] [USN-69-1] Evolution vulnerability, Martin Pitt, 12:02
[KDE Security Advisory] kpdf Buffer Overflow Vulnerability, Dirk Mueller, 11:22
[Full-Disclosure] New PGP key, Carlos Ulver, 11:22
[Full-Disclosure] [USN-68-1] enscript vulnerabilities, Martin Pitt, 09:41
[Full-Disclosure] 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS, rohit, 08:51

January 23, 2005

[Full-Disclosure] [ GLSA 200501-33 ] MySQL: Insecure temporary file creation, Luke Macken, 19:35
[Full-Disclosure] [ GLSA 200501-32 ] KPdf, KOffice: Stack overflow in included Xpdf code, Sune Kloppenborg Jeppesen, 11:01
[Full-Disclosure] [ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilities, Thierry Carrez, 09:30
[Full-Disclosure] Re: Internet Explorer URL obfuscation., Berend-Jan Wever, 03:07

January 22, 2005

Netscape Overflow., Carlos Ulver, 20:45
Internet Explorer URL obfuscation., Stewart, Graeme, 20:35
Re: Novell GroupWise WebAccess error modules loading, Jonathan Rockway, 20:25
RealVNC Contact, DSGM, 20:15
Security Contact within RIM / Blackberry, Mark Litchfield, 20:05
[sb] [Full-Disclosure] [USN-65-1] Apache utility script vulnerability, Martin Pitt, 20:05
Siteman User Database Line Insertion Vulnerability, shoalie sefid, 19:55
KDE Security Advisory: KOffice PDF Import Filter Vulnerability, Waldo Bastian, 19:24
KDE Security Advisory: Multiple vulnerabilities in Konversation, Waldo Bastian, 19:04
[SECURITY] [DSA 654-1] New enscript packages fix several vulnerabilities, Martin Schulze, 18:44
[SECURITY] [DSA 653-1] New ethereal packages fix buffer overflow, Martin Schulze, 18:34
Re: Various Buffer Overflows in Oracle 10g Tools, David Litchfield, 18:04
Call for DEFCON Capture the Flag Organizers., The Dark Tangent, 17:54
PHRACK #63 CALL FOR PAPERS, rm, 17:44
Re: Advanced Guestbook, Stewart Souter, 17:34
(MS05-002) Cursor and Icon Format Handling Vulnerability (PoC for all affected systems), houseofdabus HOD, 17:23
Mac OS X 10.3 iSync Privilege Escalation, Braden Thomas, 17:13
[Full-Disclosure] [gentoo-announce] [ GLSA 200501-30 ] CUPS: Stack overflow in included Xpdf code, Thierry Carrez, 07:09
bug report comersus Back Office Lite 6.0 and 6.0.1, raf somers, 01:47

January 21, 2005

Various Buffer Overflows in Oracle 10g Tools, Joxean Koret, 22:56
SUSE Security Announcement: kernel local privilege escalation (SUSE-SA:2005:003), Marcus Meissner, 22:05
[Full-Disclosure] [ GLSA 200501-29 ] Mailman: Cross-site scripting vulnerability, Luke Macken, 21:45
[Full-Disclosure] [ GLSA 200501-28 ] Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2, Thierry Carrez, 18:03
[SECURITY] [DSA 652-1] New unarj packages fix several vulnerabilities, Martin Schulze, 17:53
[Full-Disclosure] Arbitrary files overwriting through skins in DivX Player 2.6, Luigi Auriemma, 15:32
[VulnWatch] Microsoft NetDDE Service Unauthenticated Remote Buffer Overflow, NGSSoftware Insight Security Research, 13:31
[Full-Disclosure] [sb] [USN-65-1] Apache utility script vulnerability, Martin Pitt, 01:15
[SECURITY] [DSA 650-1] New sword packages fix arbitrary command execution, Martin Schulze, 00:24

January 20, 2005

God Admin Injection Vulnerability in Siteman 1.0.x, Pedram hayati, 23:34
[SECURITY] [DSA 649-1] New xtrlock packages fix authentication bypass, Martin Schulze, 23:24
STG Security Advisory: [SSA-20050120-22] JSBoard file disclosure vulnerability, advisory, 23:03
STG Security Advisory: [SSA-20050120-24] GForge 3.x directory traversal vulnerability, advisory, 22:53
MDKSA-2005:010 - Updated playmidi packages fix buffer overflow vulnerability, Mandrake Linux Security Team, 22:43
MDKSA-2005:009 - Updated mpg123 packages fix vulnerability, Mandrake Linux Security Team, 22:33
Re: Darwin Kernel Vulnerability, neil, 22:13
[Full-Disclosure] UnixWare 7.1.3 UnixWare 7.1.1 : OpenSSL Multiple Vulnerabilities, please_reply_to_security, 22:13
Integrigy Security Advisory - High Risk Security Issues in the Oracle Database and Oracle Applications, Integrigy Security, 22:03
MDKSA-2005:011 - Updated xine packages fix multiple vulnerabilities, Mandrake Linux Security Team, 21:53
[VulnWatch] iDEFENSE Security Advisory 01.20.05: 3Com OfficeConnect Wireless 11g AP Information Disclosure Vulnerability, iDefense Customer Service, 21:12
[Full-Disclosure] [ GLSA 200501-27 ] Ethereal: Multiple vulnerabilities, Luke Macken, 20:22
[CLA-2005:920] Conectiva Security Announcement - libtiff3, Conectiva Updates, 20:02
[Full-Disclosure] [ GLSA 200501-26 ] ImageMagick: PSD decoding heap overflow, Sune Kloppenborg Jeppesen, 19:42
[Full-Disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : bind remote attacker can poison the nameserver cache, please_reply_to_security, 17:31
Re: [Full-Disclosure] Re: [ISN] Book Review: Forensic Discovery, j mark, 17:31
[Full-Disclosure] [USN-67-1] Squid vulnerabilities, Martin Pitt, 17:31
[SECURITY] [DSA 651-1] New squid packages fix denial of service, Martin Schulze, 17:01
fkey[v0.0.2]: local/remote file accessibility exploit., Vade 79, 16:10
[Full-Disclosure] [USN-66-1] PHP vulnerabilities, Martin Pitt, 15:00
Microsoft Internet Explorer HTML Help Control Vulnerability Still Exploitable After Patch, Valentin Avram, 14:40
[Full-Disclosure] Re: [ISN] Book Review: Forensic Discovery, Anthony Zboralski, 10:07
[Full-Disclosure] ASH Hashing Algorithm, seasonedpaper, 08:47

January 19, 2005

[SECURITY] [DSA 647-1] New mysql packages fix insecure temporary files, Martin Schulze, 20:52
[SECURITY] [DSA 646-1] New ImageMagick packages fix arbitrary code execution, Martin Schulze, 20:42
[SECURITY] [DSA 645-1] New CUPS packages fix arbitrary code execution, Martin Schulze, 19:11
iDEFENSE Security Advisory 01.19.05: MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities, Michael Sutton, 18:51
RealPlayer 'ShowPreferences' Buffer Overflow Vulnerability (#NISR19012005e), NGSSoftware Insight Security Research, 18:41
Darwin Kernel Vulnerability, nemo, 18:41
Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a), NGSSoftware Insight Security Research, 18:41
RealPlayer Miscellaneous Vulnerabilities (#NISR19012005g), NGSSoftware Insight Security Research, 18:41
RealPlayer Arbitrary File Deletion Vulnerability (#NISR19012005f), NGSSoftware Insight Security Research, 18:41
[VulnWatch] MSN Heartbeat Control Buffer Overflow, NGSSoftware Insight Security Research, 18:40
[Full-Disclosure] Multiple vulnerabilities in Konversation, Wouter Coekaerts, 18:40
[VulnWatch] Multiple vulnerabilities in the AtHoc Toolbar (#NISR19012005c), NGSSoftware Insight Security Research, 18:40
[Full-Disclosure] [USN-65-1] Apache utility script vulnerability, Martin Pitt, 18:40
Re: [security] [Full-Disclosure] Novell GroupWise WebAccess error modules loading, tyron miller, 18:40
[Full-Disclosure] Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations, Markus Kern, 18:40
[Full-Disclosure] [USN-64-1] xpdf, CUPS vulnerabilities, Martin Pitt, 18:40
Re: [Full-Disclosure] grsecurity 2.1.0 release / 5 Linux kernel advisories, Marcus Meissner, 18:40
SyScAN'05 CFP, organiser@syscan.org, 18:40
[Full-Disclosure] Re: [bugtraq] Novell GroupWise WebAccess error modules loading, Pete Connolly, 18:40
Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations, Markus Kern, 18:40
PeteFinnigan.com - Oracle security advisory, Pete Finnigan, 18:39
[VulnWatch] iDEFENSE Security Advisory 01.18.05 - Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow, customer service mailbox, 18:39
[Full-Disclosure] Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations, Berend-Jan Wever, 18:39
Unrestricted I/O access vulnerability in INCA Gameguard, Ryu Connor, 18:39
UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : chroot A known exploit can break a chroot prison., please_reply_to_security, 18:39
Re: [Full-Disclosure] Shoe 1.0 - Remote Lace Overflow, Thomas Sutpen, 18:39
IE HHCTRL exploit still usable even after patch, Valentin Avram, 18:39
[SECURITY] [DSA 643-1] New queue packages fix buffer overflows, Martin Schulze, 18:39
[Full-Disclosure] [USN-62-1] imagemagick vulnerability, Martin Pitt, 18:39
[Full-Disclosure] [USN-61-1] vim vulnerabilities, Martin Pitt, 18:39
[Full-Disclosure] [USN-63-1] MySQL client vulnerability, Martin Pitt, 18:39
[Full-Disclosure] Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations, Thierry Zoller, 18:39
[VulnWatch] Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i, NGSSoftware Insight Security Research, 18:39
[SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution, Martin Schulze, 18:39
Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i, NGSSoftware Insight Security Research, 18:39
Multiple Vulnerabilities in Netgear FVS318 Router, Paul Kurczaba, 18:38
[SIG^2 G-TEC] NodeManager Professional V2.00 Buffer Overflow Vulnerability, chewkeong, 18:38
MDKSA-2005:008 - Updated cups packages fix multiple vulnerabilities, Mandrake Linux Security Team, 18:38
[Full-Disclosure] Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations, Rafel Ivgi, The-Insider, 18:38
[Full-Disclosure] Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability, Rafel Ivgi, The-Insider, 18:38
[VulnWatch] iDEFENSE Security Advisory 01.17.05: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability, customer service mailbox, 18:38
SUSE Security Announcement: php4/mod_php4 (SUSE-SA:2005:002), Ludwig Nussel, 18:38
[SECURITY] [DSA 642-1] New gallery packages fix several vulnerabilities, Martin Schulze, 18:38
[SECURITY] [DSA 641-1] New playmidi packages fix local root exploit, Martin Schulze, 18:38
[SECURITY] [DSA 640-1] New gatos packages fix arbitrary code execution, Martin Schulze, 18:38
[Full-Disclosure] Novell GroupWise WebAccess error modules loading, Marc Ruef, 18:38
[Full-Disclosure] Netegrity SiteMinder smpwservicescgi.exe target specification, Marc Ruef, 18:38
[Full-Disclosure] [gentoo-announce] [ GLSA 200501-25 ] Squid: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 18:37
[Full-Disclosure] phpGiftReq SQL Injection, Madelman, 18:37
[Full-Disclosure] Minis directory traversal vulnerability, Madelman, 18:37
exim dns_buld_reverse() proof-of-concept, Rafael San Miguel Carrasco, 18:37
Apple Airport WDS DoS, Dylan Griffiths, 18:37
RE: Various Vulnerabilities in SparkleBlog, Alan W. Rateliff, II, 18:37
iDefense iTunes advisory., nemo, 18:37
Various Vulnerabilities in SparkleBlog, Kovács László, 18:37
Re: rssh and scponly arbitrary command execution, Derek Martin, 18:37
[Full-Disclosure] Various Vulnerabilities in SparkleBlog, Kovács László, 18:37
[Full-Disclosure] XSS in the nested BB tag in many forum, pigrelax, 18:37
[SECURITY] [DSA 639-1] New mc packages fix several vulnerabilities, Martin Schulze, 18:36
Re: Multiple Firewall Products Bypass Vulnerability, Ansgar -59cobalt- Wiechers, 18:36
new tool : the first remote PHP vulnerability scanner, bad boy, 18:36
Re: Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack, shadown, 18:36
Re: [Full-Disclosure] Multi-vendor AV gateway image inspection bypass vulnerability, Trog, 18:36
MDKSA-2005:005 - Updated nfs-utils packages fix 64bit vulnerability, Mandrake Linux Security Team, 18:36
[VulnWatch] iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer Overflow Vulnerability, customer service mailbox, 18:36
Re: Is DEP easily evadable?, Ben Pfaff, 18:36
Paper: How to exploit overflow vulnerability under Fedora Core 2, vangelis vangelis, 18:36
XSS Vulnerability in Siteman v1.1.9, Pedram hayati, 18:36
Re: Is DEP easily evadable?, John Richard Moser, 18:36
[CLA-2005:918] Conectiva Security Announcement - twiki, Conectiva Updates, 18:36
[VulnWatch] iDEFENSE Security Advisory 01.13.05: SGI IRIX inpview Design Error Vulnerability, customer service mailbox, 18:35
[VulnWatch] iDEFENSE Security Advisory 01.13.05: MySQL MaxDB WebAgent websql logon Buffer Overflow Vulnerability, customer service mailbox, 18:35
[Full-Disclosure] [USN-60-0] Linux kernel vulnerabilities, Martin Pitt, 18:35
[Full-Disclosure] Internet Explorer valid JavaScript-file successfull load detection local file enumeration, Berend-Jan Wever, 18:35
[Full-Disclosure] Internet Explorer (SP2) - Remote File Download Information Bar Bypass, Rafel Ivgi, The-Insider, 18:35
[Full-Disclosure] [gentoo-announce] [ GLSA 200501-24 ] tnftp: Arbitrary file overwriting, Luke Macken, 18:35
STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities, advisory, 18:35
iDEFENSE Security Advisory 01.13.05 - Apple iTunes Playlist Parsing Buffer Overflow Vulnerability, customer service mailbox, 18:35
Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack, Hammud_Saway, 18:35
MDKSA-2005:007 - Updated imlib packages fix vulnerability, Mandrake Linux Security Team, 18:35
SB2005002: pron to bypass APF checking uid(0) routine, x90c, 18:35
[Full-Disclosure] Server crash in Breed patch #1, Luigi Auriemma, 18:35
Re: Is DEP easily evadable?, Ben Pfaff, 18:35
MDKSA-2005:006 - Updated hylafax packages fix vulnerability, Mandrake Linux Security Team, 18:35
Re: Is DEP easily evadable?, John Richard Moser, 18:35
Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack, CIRT Advisory, 18:35
Re: Is DEP easily evadable?, Florian Weimer, 18:35
IE issue with percent 20, RSnake, 18:35
TSLSA-2005-0001 - multi, Trustix Security Advisor, 18:35
Cross Site Scripting holes found in Horde 3.0, Hyperdose Security, 18:35
[CLA-2005:917] Conectiva Security Announcement - krb5, Conectiva Updates, 18:34
[Full-Disclosure] (no subject), The Insider, 18:34
XSS Vulnerability in ForumKIT, tom cruise, 18:34
[CLA-2005:916] Conectiva Security Announcement - ethereal, Conectiva Updates, 18:34
[SECURITY] [DSA 637-1] New exim-tls packages fix arbitrary code execution, Martin Schulze, 18:34
[CLA-2005:915] Conectiva Security Announcement - php4, Conectiva Updates, 18:34
[SECURITY] [DSA 638-1] New gopher packages fix several vulnerabilities, Martin Schulze, 18:34
RE: [Full-Disclosure] MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER, ALD, Aditya, Aditya Lalit Deshmukh, 18:34
[Full-Disclosure] InternetExploiter 3.2, Berend-Jan Wever, 18:34
RE: [Full-Disclosure] MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER, Paul Kurczaba, 18:34
[waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNuke, Janek Vind, 18:34
Windows ANI File Parsing Proof Of Concept (MS05-002), assaf404, 18:34
Is DEP easily evadable?, John Richard Moser, 18:34
[ GLSA 200501-23 ] Exim: Two buffer overflows, Matthias Geerdsen, 18:34
[SECURITY] [DSA 636-1] New libc6 packages fix insecure temporary files, Martin Schulze, 18:34
[SECURITY] [DSA 635-1] New exim packages fix arbitrary code execution, Martin Schulze, 18:33
Security Advisory: BiTBOARD xss, Martin Heistermann, 18:33
Arkeia Possible remote root & information leakage, Maciej Bogucki, 18:33
Linux kernel i386 SMP page fault handler privilege escalation, Paul Starzetz, 18:33
[Full-Disclosure] MailMonitor for Exchange has processed a suspicious mail, MailMonitor, 18:33
[Full-Disclosure] (no subject), Berend-Jan Wever, 18:33
[Full-Disclosure] UPDATE: [ GLSA 200412-25 ] CUPS: Multiple vulnerabilities, Thierry Carrez, 18:33
RE: [Full-Disclosure] MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER, ALD, Aditya, Aditya Lalit Deshmukh, 18:33
[Full-Disclosure] TFTPD32 Long FileName Remote Denial of Service, Sowhat ., 18:33
RE: [Full-Disclosure] MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER, Paul Kurczaba, 18:32
Re: [Full-Disclosure] MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER, Andrew Farmer, 18:32
Portcullis Security Advisory 05-008, Paul J Docherty, 18:32
WMV (Windows Media Player) trojan in wild, Marc Bejarano, 18:32
Squirrelmail vacation v0.15 local root exploit, LSS Security, 18:32
[Full-Disclosure] UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : mountd remote denial of service, please_reply_to_security, 18:32
Re: The Misuse of RC4 in Microsoft Word and Excel, Brendan Dolan-Gavitt, 18:32
[NILESA-20050101]: Denial of Service vulnerability due to the mountd bug, Jonglim Yun, 18:32
Re: [Full-Disclosure] Multi-vendor AV gateway image inspection bypass vulnerability, Darren Bounds, 18:32
Re: DSL- Router Teledat 530 DoS, Stefan S., 18:32
[Full-Disclosure] MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER, Team Pwnge, 18:32
IlohaMail Insecure Configuration Files, wang, 18:32
Fwd: APPLE-SA-2005-01-11 iTunes 4.7.1, David Ahmad, 18:32
Security Contact for Nokia Mobile phone softwares, rohit, 18:32
Portcullis Security Advisory 05-009, Paul J Docherty, 18:32
Woltlab Burning Book addentry.php SQL Injection, Martin Heistermann, 18:32
Apache mod_auth_radius remote integer overflow, LSS Security, 18:32
Metasploit Framework v2.3, H D Moore, 18:32
Portcullis Security Advisory 05-004, Paul J Docherty, 18:32
[SECURITY] [DSA 633-1] New bmv package fixes insecure temporary file creation, Martin Schulze, 18:32
Portcullis Security Advisory 05-003, Paul J Docherty, 18:32

January 11, 2005

Portcullis Security Advisory 05-006, Paul J Docherty, 17:35
Mod_dosevasive symlink and race vulnerability, LSS Security, 17:25
Portcullis Security Advisory 05-007, Paul J Docherty, 17:25
[Full-Disclosure] Re: Firespoofing [Firefox 1.0], Pavel Kankovsky, 17:25
[Full-Disclosure] [ GLSA 200501-22 ] poppassd_pam: Unauthorized password changing, Thierry Carrez, 17:15
Portcullis Security Advisory 05-005, Paul J Docherty, 17:15
Portcullis Security Advisory 05-001, Paul J Docherty, 17:15
Portcullis Security Advisory 05-010, Paul J Docherty, 16:45
Re: [Full-Disclosure] Multi-vendor AV gateway image inspection bypass vulnerability, Danny, 16:34
VERITAS Backup Exec 8.x/9.x Remote Universal Exploit, class 101, 16:34
EEYE: Windows ANI File Parsing Buffer Overflow, Derek Soeder, 16:24
applicable exploit for winxp-sp2-uptodate Internet Explorer, Liu Die Yu, 16:14
HylaFAX hfaxd unauthorized login vulnerability, Lee Howard, 16:04
The Misuse of RC4 in Microsoft Word and Excel, Hongjun Wu, 16:04
UPDATED: the insider exploit( = the latest ie 0day which involves SHOWMODALDIALOG), Liu Die Yu, 15:44
Multi-vendor AV gateway image inspection bypass vulnerability, Darren Bounds, 15:44
[SECURITY] [DSA 634-1] New hylafax packages fix unauthorised access, Martin Schulze, 15:34
[Full-Disclosure] [ GLSA 200501-21 ] HylaFAX: hfaxd unauthorized login vulnerability, Thierry Carrez, 14:13
[Full-Disclosure] [gentoo-announce] [ GLSA 200501-20 ] o3read: Buffer overflow during file conversion, Thierry Carrez, 13:53
[Full-Disclosure] [ GLSA 200501-19 ] imlib2: Buffer overflows in image decoding, Dan Margolis, 13:23
Re: [Full-Disclosure] Shoe 1.0 - Remote Lace Overflow, stonersavant, 12:53
RE: [Full-Disclosure] Firespoofing [Firefox 1.0], Soderland, Craig, 12:22
[Full-Disclosure] [gentoo-announce] [ GLSA 200501-18 ] KDE FTP KIOslave: Command injection, Sune Kloppenborg Jeppesen, 11:42
[Full-Disclosure] [ GLSA 200501-16 ] Konqueror: Java sandbox vulnerabilities, Sune Kloppenborg Jeppesen, 10:52
[Full-Disclosure] [ GLSA 200501-17 ] KPdf, KOffice: More vulnerabilities in included Xpdf, Sune Kloppenborg Jeppesen, 10:42
[Full-Disclosure] VERITAS Backup Exec 8.x/9.x Remote Universal Exploit, class 101, 09:11
RE: [Full-Disclosure] UPDATED: the insider exploit( = the latest ie0day which involves SHOWMODALDIALOG), Ferruh Mavituna, 08:21
RE: [Full-Disclosure] UPDATED: the insider exploit( = the latest ie 0day which involves SHOWMODALDIALOG), Rafel Ivgi, The-Insider, 06:20

January 10, 2005

[Full-Disclosure] [ GLSA 200501-14 ] mpg123: Buffer overflow, Dan Margolis, 21:46
[Full-Disclosure] [ GLSA 200501-15 ] UnRTF: Buffer overflow, Dan Margolis, 21:36
[Full-Disclosure] Firespoofing [Firefox 1.0], mikx, 20:56
[Full-Disclosure] [AppSecInc Team SHATTER Security Advisory] Microsoft Windows LPC heap overflow, Team SHATTER (Application Security, Inc.), 19:55
[Full-Disclosure] [AppSecInc Team SHATTER Security Advisory] Microsoft Windows Improper Token Validation, Team SHATTER (Application Security, Inc.), 19:55
[Full-Disclosure] Multi-vendor AV gateway image inspection bypass vulnerability, Darren Bounds, 18:15
[Full-Disclosure] [USN-59-1] mailman vulnerabilities, Martin Pitt, 16:24
SQL Injection Vulnerability in Invision Community Blog, darkhawk matrix, 15:54
[Full-Disclosure] UPDATED: the insider exploit( = the latest ie 0day which involves SHOWMODALDIALOG), Liu Die Yu, 15:33
[SECURITY] [DSA 631-1] New kdlibs packages fix arbitrary FTP command execution, Martin Schulze, 15:23
[Full-Disclosure] applicable exploit for winxp-sp2-uptodate Internet Explorer, Liu Die Yu, 15:13
[SECURITY] [DSA 632-1] New linpopup packages fix arbitrary code execution, Martin Schulze, 15:03
SUSE Security Announcement: libtiff/tiff (SUSE-SA:2005:001), Thomas Biege, 14:23
[Full-Disclosure] Encrypted Messenger DoS Vulnerability, Adam Baldwin, 14:03
[SECURITY] [DSA 630-1] New lintian packages fix insecure temporary directory, Martin Schulze, 13:43
Security Advisory: Woltlab Burning Board Lite formmail.php XSS, Martin Heistermann, 13:32
[Full-Disclosure] [USN-58-1] MIT Kerberos server vulnerability, Martin Pitt, 11:21
[Full-Disclosure] [ GLSA 200501-13 ] pdftohtml: Vulnerabilities in included Xpdf, Thierry Carrez, 06:46
[Full-Disclosure] [ GLSA 200501-12 ] TikiWiki: Arbitrary command execution, Matthias Geerdsen, 06:25

January 09, 2005

Re: [Full-Disclosure] Re: Bluetooth: BlueSnarf and BlueBug Full Disclusore, Scott Renna, 21:45
[Full-Disclosure] Re: Bluetooth: BlueSnarf and BlueBug Full Disclusore, Eric Detoisien, 20:13
[Full-Disclosure] [ GLSA 200501-11 ] Dillo: Format string vulnerability, Thierry Carrez, 19:22
[Full-Disclosure] [USN-57-1] Linux kernel vulnerabilities, Martin Pitt, 10:02

January 07, 2005

[Full-Disclosure] Outsch... Sorry..., Stefan Esser, 22:52
[Full-Disclosure] Kindergarten on vacation (was: Obvious fake mail...), Stefan Esser, 22:22
iDEFENSE Security Advisory [IDEF0731] Exim auth_spa_server() Buffer Overflow Vulnerability, customer service mailbox, 22:02
Troj/Winser-A malware analysis, Steve Friedl, 21:11
iDEFENSE Security Advisory [IDEF0725] Exim host_aton() Buffer Overflow Vulnerability, customer service mailbox, 19:51
Linux kernel uselib() privilege elevation, corrected, Paul Starzetz, 19:00
[Full-Disclosure] Re: grsecurity 2.1.0 release / 5 Linux kernel advisories, Greg Ahmad, 17:50
[SECURITY] [DSA 629-1] New kerberos packages fix arbitrary code execution, Martin Schulze, 17:40
Mozilla XBM Image Vulnerability, Luca Ercoli, 16:49
grsecurity 2.1.0 release / 5 Linux kernel advisories, Brad Spengler, 15:38
grsecurity 2.1.0 release / 5 Linux kernel advisories, Brad Spengler, 15:28
[Full-Disclosure] Linux kernel uselib() privilege elevation, corrected, Paul Starzetz, 14:07
[Full-Disclosure] [USN-56-1] exim4 vulnerabilities, Martin Pitt, 13:37
[Full-Disclosure] [iSEC] [Dailydave] Advisory 1/2005 - Linux Kernel arbitrary code execution (fwd), Paul Starzetz, 13:26
[Full-Disclosure] Linux kernel sys_uselib local root vulnerability, Paul Starzetz, 13:06
[Full-Disclosure] Simple PHP Blog directory traversal vulnerability, Madelman, 12:56
RE: [Full-Disclosure] WinHKI - ARC File Extraction of 1KB to 1.56GB, ALD, Aditya, Aditya Lalit Deshmukh, 12:16
[Full-Disclosure] WinHKI BH File Incorrect Filename Handeling Leads to 100 CPU%, Rafel Ivgi, The-Insider, 02:22

January 06, 2005

[Full-Disclosure] Again: zone transfers, a spammer's dream?, Ralf Glauberman, 23:51
[Full-Disclosure] Re: *nix data wipe tools, Pavel Machek, 23:00
Re: [Full-Disclosure] AOL website redirection scripts allow for abuse, morning_wood, 22:40
Re: [Full-Disclosure] Heap overflow in Mozilla Browser <= 1.7.3 NNTP code., Michal Zalewski, 22:00
Re: [Full-Disclosure] Re: New Santy-Worm attacks *all* PHP-skripts, Steve Wray, 21:30
[Full-Disclosure] WinHKI - ARC File Extraction of 1KB to 1.56GB, Rafel Ivgi, The-Insider, 20:59
Re: [Full-Disclosure] Re: New Santy-Worm attacks *all* PHP-skripts, Raistlin, 20:49
Santy and SSL, Ofer Shezaf, 20:39
WinAc AND WinHKI ZIP File Directory Transversal, Rafel Ivgi, The-Insider, 20:19
[Full-Disclosure] Re: Microsoft Windows LoadImage API IntegerBuffer overflow, Berend-Jan Wever, 19:48
[Full-Disclosure] [ GLSA 200501-09 ] xzgv: Multiple overflows, Thierry Carrez, 19:38
MDKSA-2005:004 - Updated nasm packages fix buffer overflow vulnerability, Mandrake Linux Security Team, 19:28
MDKSA-2005:003 - Updated vim packages fix modeline vulnerabilities, Mandrake Linux Security Team, 19:18
[Full-Disclosure] [ GLSA 200501-10 ] Vilistextum: Buffer overflow vulnerability, Thierry Carrez, 19:08
MDKSA-2005:002 - Updated wxGTK2 packages fix vulnerabilities, Mandrake Linux Security Team, 19:08
[Full-Disclosure] [ GLSA 200501-08 ] phpGroupWare: Various vulnerabilities, Luke Macken, 18:58
re: All Symantec Products All Versions Until 2005 - Remote Stack Buffer Overflow, Sym Security, 18:48
MDKSA-2005:001 - Updated libtiff packages fix multiple vulnerabilities, Mandrake Linux Security Team, 18:48
[VulnWatch] WinAce - GZIP File Directory Transversal, Rafel Ivgi, The-Insider, 18:07
[Full-Disclosure] Re: Again: zone transfers, a spammer's dream?, Bruno Wolff III, 18:07
Re: [Full-Disclosure] YET AGAIN Automatic remote compromise of InternetExplorer Service Pack 2 XP SP2, Berend-Jan Wever, 17:47
Re: [Full-Disclosure] Shoe 1.0 - Remote Lace Overflow, Nancy Kramer, 17:07
[CLA-2005:913] Conectiva Security Announcement - samba, Conectiva Updates, 16:36
[ GLSA 200501-07 ] xine-lib: Multiple overflows, Thierry Carrez, 16:06
[USN-55-1] imlib2 vulnerabilities, Martin Pitt, 15:56
[USN-54-1] TIFF library tool vulnerability, Martin Pitt, 15:46
Socket unreacheable in Amp II engine, Luigi Auriemma, 15:36
[VulnWatch] WinHKI - CAB File Directory Transversal, Rafel Ivgi, The-Insider, 15:26
RE: All Symantec Products All Versions Until 2005 - Remote Stack Buffer Overflow, Polazzo Justin, 15:06
[SECURITY] [DSA 628-1] New imlib2 packages fix arbitrary code execution, Martin Schulze, 14:45
[SECURITY] [DSA 626-1] New tiff packages fix denial of service, Martin Schulze, 14:35
[SECURITY] [DSA 627-1] New namazu2 packages fix cross-site scripting vulnerability, Martin Schulze, 14:35
RE: Paper: SQL Injection Attacks by Example, Sergey Chernyshev, 14:15
[VulnWatch] WinHKI - BH File Directory Transversal, Rafel Ivgi, The-Insider, 14:05
[VulnWatch] WinHKI - LHA File Incorrect Filename Handeling Leads to Crash/Underflow, Rafel Ivgi, The-Insider, 12:44
Re: [Full-Disclosure] New Santy-Worm attacks *all* PHP-skripts, morning_wood, 10:03
[Full-Disclosure] WinAce & WinHKI - ZIP File Directory Transversal, Rafel Ivgi, The-Insider, 08:21
[Full-Disclosure] All Symantec Products All Versions Until 2005 - Remote Stack Buffer Overflow, Rafel Ivgi, The-Insider, 07:00

January 05, 2005

[VulnWatch] IBM DB2 XML functions file creation vulnerabilities (#NISR05012005I), NGSSoftware Insight Security Research, 23:44
[VulnWatch] IBM DB2 XML functions overflows (#NISR05012005H), NGSSoftware Insight Security Research, 22:54
[VulnWatch] IBM DB2 to_char and to_date Denial Of Service (#NISR05012005G), NGSSoftware Insight Security Research, 22:04
[VulnWatch] IBM DB2 Windows Permission Problems (#NISR05012005F), NGSSoftware Insight Security Research, 21:23
[VulnWatch] IBM DB2 SATADMIN.SATENCRYPT buffer overflow (#NISR05012005E), NGSSoftware Insight Security Research, 20:13
RE: Paper: SQL Injection Attacks by Example, Scovetta, Michael V, 20:03
[ GLSA 200501-06 ] tiff: New overflows in image decoding, Thierry Carrez, 19:53
[ GLSA 200501-05 ] mit-krb5: Heap overflow in libkadm5srv, Sune Kloppenborg Jeppesen, 19:42
RE: Paper: SQL Injection Attacks by Example, David Litchfield, 19:32
Re: Paper: SQL Injection Attacks by Example, Cory Foy, 19:22
[VulnWatch] IBM DB2 JDBC Applet Server buffer overflow (#NISR05012005D), NGSSoftware Insight Security Research, 19:12
RE: Paper: SQL Injection Attacks by Example, Michael Silk, 19:12
Re: Paper: SQL Injection Attacks by Example, Chip Andrews, 19:12
[VulnWatch] IBM DB2 call buffer overflow (#NISR05012005C), NGSSoftware Insight Security Research, 18:11
RE: Paper: SQL Injection Attacks by Example, Scovetta, Michael V, 17:51
IBM DB2 XML functions file creation vulnerabilities (#NISR05012005I), NGSSoftware Insight Security Research, 17:21
[VulnWatch] IBM DB2 libdb2.so buffer overflow (#NISR05012005B), NGSSoftware Insight Security Research, 17:21
IBM DB2 XML functions overflows (#NISR05012005H), NGSSoftware Insight Security Research, 17:11
RE: Paper: SQL Injection Attacks by Example, David Litchfield, 17:11
IBM DB2 to_char and to_date Denial Of Service (#NISR05012005G), NGSSoftware Insight Security Research, 17:01
IBM DB2 Windows Permission Problems (#NISR05012005F), NGSSoftware Insight Security Research, 16:51
IBM DB2 SATADMIN.SATENCRYPT buffer overflow (#NISR05012005E), NGSSoftware Insight Security Research, 16:40
IBM DB2 JDBC Applet Server buffer overflow (#NISR05012005D), NGSSoftware Insight Security Research, 16:20
[VulnWatch] IBM DB2 db2fmp buffer overflow (#NISR05012005A), NGSSoftware Insight Security Research, 16:20
IBM DB2 call buffer overflow (#NISR05012005C), NGSSoftware Insight Security Research, 16:10
IBM DB2 libdb2.so buffer overflow (#NISR05012005B), NGSSoftware Insight Security Research, 16:00
IBM DB2 db2fmp buffer overflow (#NISR05012005A), NGSSoftware Insight Security Research, 15:49
Paper: SQL Injection Attacks by Example, Steve Friedl, 15:49
DMA[2005-0103a] - 'William LeFebvre "top" format string vulnerability', KF (Lists), 15:29
[SECURITY] [DSA 625-1] New pcal packages fix arbitrary code execution, Martin Schulze, 15:09
firewall 1.4, TJ Easter, 14:48
[ GLSA 200501-04 ] Shoutcast Server: Remote code execution, Luke Macken, 14:28
[CLA-2005:910] Conectiva Security Announcement - mplayer, Conectiva Updates, 13:37
[SECURITY] [DSA 624-1] New zip packages fix arbitrary code execution, Martin Schulze, 13:27
[Full-Disclosure] [ GLSA 200501-03 ] Mozilla, Firefox, Thunderbird: Various vulnerabilities, Thierry Carrez, 09:25
[Full-Disclosure] Re: New Santy-Worm attacks *all* PHP-skripts, Paul Laudanski, 03:23
[Full-Disclosure] Re: New Santy-Worm attacks *all* PHP-skripts, Pekka Savola, 01:42
[Full-Disclosure] New Santy-Worm attacks *all* PHP-skripts, Juergen Schmidt, 01:12

January 04, 2005

[Full-Disclosure] [ GLSA 200501-01 ] LinPopUp: Buffer overflow in message reply, Thierry Carrez, 22:21
[Full-Disclosure] [ GLSA 200501-02 ] a2ps: Insecure temporary files handling, Thierry Carrez, 20:50
QWikiwiki directory traversal vulnerability, Madelman, 17:09
Socket termination, format string and XSS in Soldner Secret Wars 30830, Luigi Auriemma, 16:28
MyBB SQL Injection, scottm, 16:18
[KDE Security Advisory] ftp kioslave command injection, Dirk Mueller, 16:08
Re: [Full-Disclosure] Microsoft Windows BMP file buffer overflow, SysAdminKC, 15:48
[Full-Disclosure] Re: Bluetooth: BlueSnarf and BlueBug Full Disclusore, Przemyslaw Frasunek, 15:38
Multiple PhotoPost Pro Vulnerabilities, GulfTech Security, 15:18
Serious Vulnerabilities In PhotoPost ReviewPost, GulfTech Security, 14:17
[SECURITY] [DSA 623-1] New nasm packages fix arbitrary code execution, Martin Schulze, 14:07
3Com 3CDaemon Multiple Vulnerabilities, Sowhat ., 13:57

January 03, 2005

[Full-Disclosure] Multiple Firewall Products Bypass Vulnerability, Ferruh Mavituna, 21:10
[Full-Disclosure] Microsoft Windows BMP file buffer overflow, Chenghuai Lu, 20:00
Multiple Firewall Products Bypass Vulnerability, Ferruh Mavituna, 18:29
Multiple Vulnerabilities in FlatNuke, Pierquinto Manco, 16:28
STG Security Advisory: [SSA-20041224-21] File extensions restriction bypass vulnerability in GNUBoard, advisory, 15:37
Remote DoS in GFI MailEssentials due to a bug in Microsoft HTML parser, Peter Kruse, 15:17
[SECURITY] [DSA 622-1] New htmlheadline package fixes insecure temporary files, Martin Schulze, 15:07
Re: [Full-Disclosure] YEY AGAIN Automatic remote compromise of InternetExplorer Service Pack 2 XP SP2, morning_wood, 07:44
[Full-Disclosure] New Santy-Worm attacks *all* PHP-skripts, Gary E. Miller, 06:43
[Full-Disclosure] Re: New Santy-Worm attacks *all* PHP-skripts, Paul Laudanski, 06:23
[Full-Disclosure] BUG FIX Remote compromise of Internet Explorer Service Pack 2 XP SP2, Michael Evanchik, 06:23
[Full-Disclosure] Re: New Santy-Worm attacks *all* PHP-skripts, Raistlin, 06:23

January 01, 2005

Two Vulnerabilities in ViewCVS, Joxean Koret, 19:34
Cross Site Scripting Vulnerabilities and Possible Code Execution in SugarCRM, Joxean Koret, 19:23
Various Vulnerabilities in OWL Intranet Engine, Joxean Koret, 19:03
7a69Adv#17 - Internet Explorer FTP download path disclosure, Albert Puigsech Galicia, 18:23
Windows LoadImage API Heapoverflow exploit, Berend-Jan Wever, 17:01
Windows Media files allow opening any url in Internet Explorer, Berend-Jan Wever, 16:51
[Full-Disclosure] AOL's Online Password Reset feature does not fully validate user information, Steven, 16:30
Jacks FormMail.php remote file access vulnerability, Hack Hawk, 14:58
[Full-Disclosure] ArGoSoft FTP Server reveals valid usernames and allows for brute force attacks, Steven, 05:51
Re: [Full-Disclosure] Re: Re: Microsoft Windows LoadImage API Integer Buffer overflow, Valdis . Kletnieks, 04:10