Network Security Archives

Bugtraq (date)

[Thread Index] [Top] [All Lists]

February 28, 2005

Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files, John Simpson, 21:01
[Full-Disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : A vulnerability in TCP, please_reply_to_security, 20:41
Badblue HTTP Server Exploit, Miguel Tarascó Acuña, 20:41
Firefox Software Update, Kai Howells, 20:31
Re: iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error, Miles Beck, 19:20
[SECURITYREASON.COM] PostNuke Critical SQL Injection 0.760-RC2=>x cXIb8O3.1, Maksymilian Arciemowicz, 19:20
[SECURITYREASON.COM] PostNuke Critical XSS 0.760-RC2=>x cXIb8O3.2, Maksymilian Arciemowicz, 19:10
[SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=>x cXIb8O3.3, Maksymilian Arciemowicz, 19:00
[Full-Disclosure] [ GLSA 200502-33 ] MediaWiki: Multiple vulnerabilities, Thierry Carrez, 18:50
[Hat-Squad] GFI L.N.S.S 5.0 Insecure Credential Storage, Hat-Squad Security Team, 16:38
[Full-Disclosure] Server termination in Scrapland 1.0, Luigi Auriemma, 16:38
iDEFENSE Security Advisory 02.28.05: KPPP Privileged File Descriptor Leak Vulnerability, iDEFENSE Labs, 16:38
iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error, iDEFENSE Labs, 16:38
[Full-Disclosure] [ GLSA 200502-32 ] UnAce: Buffer overflow and directory traversal vulnerabilities, Sune Kloppenborg Jeppesen, 16:38
[Full-Disclosure] [ GLSA 200502-31 ] uim: Privilege escalation vulnerability, Sune Kloppenborg Jeppesen, 16:38
Re: iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability, Rainer Schöpf, 16:38
WASC-Articles: 'The Insecure Indexing Vulnerability - Attacks Against Local Search Engines' By Amit Klein, robert, 16:38
7a69Adv#22 - UNIX unzip keep setuid and setgid files, Albert Puigsech Galicia, 16:38
Re: Office 10 applications & flashdrives can be used to browse restricted drives, Jay D. Dyson, 16:38
Re: Office 10 applications & flashdrives can be used to browse restricted drives, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], 16:38
[Full-Disclosure] [USN-89-1] XML library vulnerabilities, Martin Pitt, 16:38
Re: Google Getting (even) smarter, Jordan Wiens, 16:38
[Full-Disclosure] [USN-88-1] reportbug information disclosure, Martin Pitt, 16:37
[Full-Disclosure] [USN-87-1] Cyrus IMAP server vulnerability, Martin Pitt, 16:37
[Full-Disclosure] [USN-86-1] cURL vulnerability, Martin Pitt, 16:37
[Full-Disclosure] [HAT-SQUAD] BadBlue, Easy P2P File Sharing Remote Exploit, class 101, 16:37
Google Getting (even) smarter, Josh Zlatin-Amishav, 16:37
Re: Office 10 applications & flashdrives can be used to browse restricted drives, Jay D. Dyson, 16:37
Re: Mozilla Firefox 1.0.1 Javascript Images are Draggable, Jay D. Dyson, 16:37
Mozilla Firefox 1.0.1 Javascript Images are Draggable, Paul, 16:37
Re: Office 10 applications & flashdrives can be used to browse restricted drives, Paul, 16:37
Knet <= 1.04c Buffer Overflow Bug, CorryL, 16:37
Re: [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion, Calum Power, 16:37
-==phpBB 2.0.12 Full path disclosure==-, HaCkZaTaN, 16:37
Re: Firescrolling [Firefox 1.0], btrq, 16:37
[Full-Disclosure] More T-Mobile fall out..., pingywon, 16:37
[Full-Disclosure] RE: Firescrolling [Firefox 1.0], Andrade, Leonardo F. Buonsanti de \(BR - IT Brazil\), 16:37
[Full-Disclosure] Re: Firescrolling [Firefox 1.0], Stan Bubrouski, 16:37
Re: iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability, Stan Bubrouski, 16:36
[Full-Disclosure] [ GLSA 200502-30 ] cmd5checkpw: Local password leak vulnerability, Thierry Carrez, 16:36
CIS WebServer Directory Traversal Bug, CorryL, 16:36
iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability, iDEFENSE Labs, 16:36
RE: Firescrolling [Firefox 1.0], Beauford, Jason, 16:36

February 25, 2005

[Full-Disclosure] RE: Firescrolling [Firefox 1.0], Eric McCarty, 15:33
Re: Office 10 applications & flashdrives can be used to browse restricted drives, Denis Jedig, 15:33
AW: phpWebSite-0.10.0_exploit, webmaster, 15:22
CFP: WORM 2005, David Moore, 15:12
Announce: RSBAC v1.2.4 released, Amon Ott, 15:02
[SECURITY] [DSA 690-1] New bsmtpd packages fix arbitrary command execution, Martin Schulze, 14:52
phpWebSite 0.10.0 Full Path disclosure, HaCkZaTaN, 14:32
phpWebSite 0.10.0 Full Path disclosure, HaCkZaTaN., 14:22
[Full-Disclosure] [USN-85-1] Gaim vulnerabilities, Martin Pitt, 13:42
[Full-Disclosure] Firescrolling [Firefox 1.0], mikx, 06:08
[Full-Disclosure] [FLSA-2005:2336] Updated kernel packages fix security issues, Marc Deslauriers, 01:16

February 24, 2005

[SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4, Maksymilian Arciemowicz, 23:25
phpWebSite-0.10.0_exploit, tjomka, 20:14
MDKSA-2005:047 - Updated squid packages fix vulnerability, Mandrakelinux Security Team, 18:23
MDKSA-2005:046 - Updated uim packages fix vulnerability, Mandrakelinux Security Team, 18:12
Multiple vulns in punBB, John Gumbel, 17:52
RE: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability, PASTOR ADRIAN, 16:52
[Security Bulletin] SSRT4694 HP-UX ftpd remote unauthorized access, Boren, Rich (SSRT), 16:32
[Full-Disclosure] In-game cl_guid crash in Soldier of Fortune II 1.03, Luigi Auriemma, 15:51
Re: phpBB 2.0.12 released, bcl, 15:01
iDEFENSE Security Advisory 02.23.05: Sun Solaris kcms_configure Arbitrary File Corruption Vulnerability, iDEFENSE Labs, 14:50
RE: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability, Walton, John Michael (John), 14:50
Multiple vulnerabilities found in CSGuestbook by CoolSerlets.com, Josh884, 14:40
RE: Incorrect Classification of iDownload's Product as Spyware..., Roger A. Grimes, 14:30
[Full-Disclosure] Google as Application FireWall, Andrey Bayora, 12:58
[Full-Disclosure] Re: Incorrect Classification of iDownload's Product as Spyware..., Dave C, 08:26
[Full-Disclosure] [FLSA-2005:2005] Updated gdk-pixbuf packages fix security flaws, Marc Deslauriers, 02:14
[Full-Disclosure] [FLSA-2005:2343] Updated vim packages fix security issues, Marc Deslauriers, 02:14
[Full-Disclosure] [FLSA-2005:2043] Updated zlib package fixes security issues, Marc Deslauriers, 01:53

February 23, 2005

[Full-Disclosure] Re: Incorrect Classification of iDownload's Product as Spyware..., Paul Laudanski, 20:19
Office 10 applications & flashdrives can be used to browse restricted drives, Discini, Sonny, 19:49
[Full-Disclosure] RE: Incorrect Classification of iDownload's Product as Spyware..., Paul Kurczaba, 17:27
[Fwd: [arkeia-announce] Release of Arkeia Network Backup 5.3.5 fixes security issue], Maciej Bogucki, 16:17
Release of Arkeia Network Backup 5.3.5 fixes security issue [bugtraq id 12594], Arnaud Spicht, 16:17
[Full-Disclosure] [ GLSA 200502-29 ] Cyrus IMAP Server: Multiple overflow vulnerabilities, Matthias Geerdsen, 14:36
[Full-Disclosure] Robustness patch for TWiki, vulnerability in ImageGalleryPlugin, Florian Weimer, 14:16
[SECURITY] [DSA 689-1] New mod_python packages fix information leak, Martin Schulze, 14:15
[SECURITY] [DSA 688-1] New squid packages fix denial of service, Martin Schulze, 14:05
Re: phpBB 2.0.12 released, bcl, 13:55
Re: Cross Site Scripting exploitation via malformed files, http-equiv@excite.com , 13:45
Re: Knox Arkeia remote root/system exploit, Arnaud Spicht, 13:35
Re: Arkeia Network Backup Client Remote Access, Arnaud Spicht, 13:25
Software PBLang 4.65 pm.php XSS vulnerability, Raven, 13:25
Software PBLang 4.65 pmpshow.php XSS vulnerability, Raven, 13:15
Software PBLang 4.65 search.php XSS vulnerability, Raven, 13:05
[Full-Disclosure] Incorrect Classification of iDownload's Product as Spyware..., Paul Laudanski, 10:54

February 22, 2005

iDEFENSE Security Advisory 02.22.05: phpBB Group phpBB2 Arbitrary File Unlink Vulnerability, iDEFENSE Labs, 18:43
Cross Site Scripting exploitation via malformed files, Jerome ATHIAS, 18:33
paNews v2.0b4 - PHP Injection, tjomka, 18:23
[SCAN Associates Security Advisory] vbulletin 3.0.6 and below php code injection, pokley, 18:13
The WebConnect 6.4.4 and 6.5 contains several vulnerabilities, CIRT Advisory, 18:03
Re: Combining Hashes, Joel Maslak, 18:03
RE: Windows Firewall Has A Backdoor, Thor Larholm, 17:53
Re: Windows Firewall Has A Backdoor, Thor (Hammer of God), 17:43
[NOBYTES.COM: #5] iGeneric eShop 1.2 - Information Disclosure & Possible SQL Injection, John Cobb, 17:33
SD Server 4.0.70 Directory Traversal Bug, CorryL, 17:23
Re: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability, grutz, 17:13
Re: Arkeia Network Backup Client Remote Access, H D Moore, 15:52
iDEFENSE Security Advisory 02.22.05: phpBB Group phpBB Arbitrary File Disclosure Vulnerability, iDEFENSE Labs, 15:22
Re: Arkeia Network Backup Client Remote Access, Vincent Archer, 15:11
Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability, m123303, 15:01
phpBB 2.0.12 released, Snapdragon, 14:51

February 21, 2005

Re: SHA-1 broken, Peter J. Holzer, 21:23
Re: SHA-1 broken, Peter Jeremy, 20:33
iDEFENSE Security Advisory 02.21.05: Multiple Unix/Linux Vendor cURL/libcURL Kerberos Authentication Buffer Overflow Vulnerability, iDEFENSE Labs, 20:02
iDEFENSE Security Advisory 02.21.05: Multiple Unix/Linux Vendor cURL/libcURL NTLM Authentication Buffer Overflow Vulnerability, iDEFENSE Labs, 19:12
iDEFENSE Security Advisory 02.21.05: Multiple PuTTY SFTP Client Packet Parsing Integer Overflow Vulnerabilities, iDEFENSE Labs, 19:02
RE: Windows Firewall Has A Backdoor, Chris Goodwin, 19:02
Re: Joint encryption?, peter zulu, 18:42
Re: SHA-1 broken, Paul Johnston, 18:02
Re: Joint encryption?, John Richard Moser, 17:51
Re: SHA-1 broken, Damian Menscher, 17:41
Re: Windows Firewall Has A Backdoor, Chris Wysopal, 17:31
Re: Joint encryption?, Ruud H.G. van Tol, 17:31
[Full-Disclosure] [ GLSA 200502-28 ] PuTTY: Remote code execution, Luke Macken, 17:31
Re: SHA-1 broken, Denis Jedig, 17:21
Re: Joint encryption?, Valdis . Kletnieks, 17:11
Re: SHA-1 broken, peeon+securityfocus, 16:51
Re: SHA-1 broken, exon, 16:51
Re: Joint encryption?, John Richard Moser, 16:41
RE: Joint encryption?, David Schwartz, 16:31
Re: Joint encryption?, Gandalf The White, 16:21
[Full-Disclosure] SD Server 4.0.70 Directory Traversal Bug, CorryL, 16:21
Re: Joint encryption?, Robert C. Helling, 16:21
RE: SHA-1 broken, Frank Knobbe, 16:11
Re: Combining Hashes, Frank Knobbe, 16:01
Re: SHA-1 broken, Michael Silk, 16:01
Re: Combining Hashes, Ivan Krstic, 15:40
Windows Firewall Has A Backdoor, Jay Calvert, 15:10
ADP Elite System Max 9000 Series Login Vulnerability, rootfiend, 15:00
Gigafast/CompUSA router (model EE400-R) vulnerabilities, Gary H. Jones II, 14:50
Re: Knox Arkeia remote root/system exploit, H D Moore, 14:40
Arkeia Network Backup Client Remote Access, H D Moore, 14:30
[SECURITY] [DSA 674-3] New mailman packages really fix several vulnerabilities, Martin Schulze, 14:20
[Full-Disclosure] [USN-84-1] Squid vulnerabilities, Martin Pitt, 11:28

February 20, 2005

[Full-Disclosure] [FLSA-2005:1945] Updated sox packages fix buffer overflows, Marc Deslauriers, 19:40
[Full-Disclosure] [FLSA-2005:2058] Updated cdrtools packages fix a security issue, Marc Deslauriers, 19:40
[Full-Disclosure] [FLSA-2005:1944] GNOME VFS updates address extfs vulnerability, Marc Deslauriers, 19:20
Re: [Full-Disclosure] Thomson TCW690 Denial Of Service Vulnerability, MurDoK, 08:24
Re: Combining Hashes, exon, 06:54
Re: SHA-1 broken, Michael Cordover, 06:23
Re: Dangers of discarding duplicated messages, David F. Skoll, 05:33
Re: Possible phpBB <=2.0.11 bug or sql injection?, Giacomo Rizzo, 05:13
Re: Dangers of discarding duplicated messages, Gene Rackow, 04:43
Re: SHA-1 broken, exon, 03:22
Re: SHA-1 broken, Brian May, 02:42
Re: Dangers of discarding duplicated messages, Jon Keating, 01:52
Re: Combining Hashes, Felix Cuello, 01:42
Re: SHA-1 broken, securityfocus, 01:31
Re: SHA-1 broken, Anatole Shaw, 01:21
Re: SHA-1 broken, Michael Silk, 01:11
Re: Joint encryption?, John Richard Moser, 01:01
Re: Joint encryption?, John Richard Moser, 00:51
3com 3CDaemon FTP Unauthorized "USER" Remote BOverflow, class 101, 00:51
Re: [lists] Combining Hashes, Elliott Bäck, 00:41
Re: Combining Hashes, unmanarc, 00:21
Re: SHA-1 broken, Tollef Fog Heen, 00:11
Re: Possible phpBB <=2.0.11 bug or sql injection?, kaosone+[ONE]+, 00:11
Re: Joint encryption?, devnull, 00:01
Re: Phishing hole found in IE and OE, cyberpixl, 00:01

February 19, 2005

Re: Joint encryption?, Casper . Dik, 23:51
cfengine rsa heap remote exploit: part of PTjob project, yan feng, 23:41
webfsd fun. opensource is god .lol windows, yan feng, 23:30
[Hat-Squad] Findjmp2 Tool, Hat-Squad Security Team, 23:20
exwormshoucast part of PTjob project: SHOUTcast v1.9.4 remote exploit, yan feng, 23:10
Re: Joint encryption?, Damian Menscher, 22:50
Re: Joint encryption?, John Richard Moser, 22:30
Multiples vulnerability in ZeroBoard,, albanian haxorz, 17:18
Re: SHA-1 broken, Darren Reed, 16:47
Re: SHA-1 broken, dullien, 16:07
Re: [Full-Disclosure] Thomson TCW690 Denial Of Service Vulnerability, Andres Tarasco, 15:07
[Full-Disclosure] [ GLSA 200502-27 ] gFTP: Directory traversal vulnerability, Matthias Geerdsen, 14:16
Joint encryption?, John Richard Moser, 07:34
[Full-Disclosure] Thomson TCW690 Denial Of Service Vulnerability, MurDoK, 07:34
[Full-Disclosure] Thomson TCW690 POST Password Validation Vulnerability, MurDoK, 07:24
Multiple vulnerabilities in Glftpd v1.26 - v2.00 default zip based plug-ins, headpimp, 06:53
MDKSA-2005:041 - Updated cups packages fix vulnerabilities on 64 bit platforms, Mandrakelinux Security Team, 06:33
MDKSA-2005:040 - Updated PostgreSQL packages fix multiple vulnerabilities, Mandrakelinux Security Team, 06:13
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, newbug Tseng, 04:53
MDKSA-2005:044 - Updated tetex packages fix vulnerabilities on 64 bit platforms, Mandrakelinux Security Team, 04:12
Re: SHA-1 broken, Dan Harkless, 03:42
Adobe Reader invalid root page node Count value DOS, Hongzhen Zhou, 02:42
Re: SHA-1 broken, Michael Silk, 02:01
Combining Hashes, Kent Borg, 01:31
MDKSA-2005:045 - Updated kdelibs packages fix vulnerabilities, Mandrakelinux Security Team, 01:11
Re: Phishing hole found in IE and OE, David Nichols, 00:21
RE: Possible phpBB <=2.0.11 bug or sql injection?, Miguel Angel Rodríguez Jódar, 00:11

February 18, 2005

Re: SHA-1 broken, D.J. Capelis, 23:50
Re: Phishing hole found in IE and OE, Greg Merideth, 23:30
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Rainer Duffner, 23:20
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Riccardo Murri, 23:20
3com 3CDaemon FTP "USER" Remote BOverflow POC, Hat-Squad Security Team, 23:00
MDKSA-2005:042 - Updated gpdf packages fix vulnerabilities on 64 bit platforms, Mandrakelinux Security Team, 22:20
[SECURITY] [DSA 687-1] New bidwatcher packages fix format string vulnerability, Martin Schulze, 22:09
MDKSA-2005:043 - Updated xpdf packages fix vulnerabilities on 64 bit platforms, Mandrakelinux Security Team, 21:19
Re: Possible phpBB <=2.0.11 bug or sql injection?, Exoduks, 21:09
RE: SHA-1 broken, Michael Silk, 20:39
Re: Dangers of discarding duplicated messages, Maciej Soltysiak, 20:29
BizMail 2.1 Spam Exploit, Jason Frisvold, 19:58
Re: SHA-1 broken, dullien, 19:38
Re: SHA-1 broken, dullien, 19:18
[Full-Disclosure] Knox Arkeia remote root/system exploit, John Doe, 19:18
Re: [Full-Disclosure] Multiple vulnerabilities in TrackerCam 5.12, morning_wood, 17:27
[Full-Disclosure] Multiple vulnerabilities in TrackerCam 5.12, Luigi Auriemma, 16:06
[Full-Disclosure] [ GLSA 200502-26 ] GProFTPD: gprostats format string vulnerability, Sune Kloppenborg Jeppesen, 13:55
[Full-Disclosure] [gentoo-announce] [ GLSA 200502-25 ] Squid: Denial of Service through DNS responses, Sune Kloppenborg Jeppesen, 13:35
Re: NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+, Vade 79, 00:50
RE: SHA-1 broken, Scovetta, Michael V, 00:19
Phishing hole found in IE and OE, Jay Calvert, 00:09

February 17, 2005

Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec, 23:59
RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., David Schwartz, 23:49
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec, 23:39
Re: IE6 SP1 - Click N Crash, Robert ONeal, 23:39
RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., David Schwartz, 23:29
hpm_guestbook.cgi JavaScript-Injection, Christoph Burchert, 23:09
[SECURITY] [DSA 686-1] New gftp packages fix directory traversal vulnerability, Martin Schulze, 22:59
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec, 22:59
Re: SHA-1 broken, Jonathan G. Lampe, 22:49
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec, 22:39
[SECURITY] [DSA 685-1] New emacs21 packages fix arbitrary code execution, Martin Schulze, 22:18
Possible phpBB <=2.0.11 bug or sql injection?, jtm297, 22:18
[PersianHacker.NET 200505-07] paFAQ Beta4 Sql Injection, PersianHacker Team, 22:08
RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Tosoni, 21:58
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Vincent Archer, 21:48
Remote Windows Kernel Exploitation - Step Into the Ring 0, Marc Maiffret, 21:38
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Thor (Hammer of God), 21:28
Re: Permission problem in Skype BETA for linux, Peter Conrad, 21:28
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Ron DuFresne, 21:18
[ SCL-2005.001 ] - WebCalendar: SQL Injection from encoded cookie, Scovetta Labs, 21:08
RE: BrightStor ARCserve Backup buffer overflow PoC (fixes available), Williams, James K, 20:58
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec, 20:47
Dangers of discarding duplicated messages, Adrian Bunk, 20:37
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, Matt Wilder, 20:37
Invision Power Boards 1.3.1 FINAL XSS Exploit, Daniel A., 20:27
[Full-Disclosure] [FLSA-2005:2137] Updated cyrus-sasl resolves security vulnerabilities, Dominic Hargreaves, 20:17
RECON 2005 CFP [Montreal, Canada], dataworm, 20:17
Re: xprobe2 v0.2.2 released, Stan Bubrouski, 20:07
MDKSA-2005:039 - Updated rwho packages fix vulnerability, Mandrakelinux Security Team, 19:57
RE: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, Michael Scheidell, 19:47
XSS vulnerabilty in ASP.Net [with details], Andir Andir, 19:37
Re: SHA-1 broken, Steve Friedl, 19:37
Re: SHA-1 broken, Robert Sussland, 19:26
RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., David Schwartz, 19:16
RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Nick FitzGerald, 19:16
Re: SHA-1 broken, Michael Cordover, 19:06
RE: BrightStor ARCserve Backup buffer overflow PoC (fix available), Williams, James K, 18:56
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Stefan Paletta, 18:46
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Stefan Paletta, 18:46
RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Benjamin Franz, 18:36
Re: SHA-1 broken, Kent Borg, 18:26
[Full-Disclosure] [ GLSA 200502-24 ] Midnight Commander: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 18:26
[Full-Disclosure] iDEFENSE Labs Website Launch, iDEFENSE Labs, 17:46
[Full-Disclosure] Advisory: Multiple Vulnerabilities in BibORB, Patrick Hof, 11:01
[Full-Disclosure] [USN-66-2] PHP vulnerability, Martin Pitt, 08:59
[Full-Disclosure] [USN-78-2] Fixed mailman packages for USN-78-1, Martin Pitt, 08:49
NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+, TAC, 07:19
[PersianHacker.NET 200505-06] paNews v2.0b4 XSS Vulnerability, PersianHacker Team, 06:18
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Seth Breidbart, 05:48
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., lyal.collins, 03:37
RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185 Correction, Threlkeld, Richard, 03:17
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec, 01:06
[Security Bulletin] SSRT5893 rev.0 - HP Web-enabled Management Software Remote Buffer Overflow, Boren, Rich (SSRT), 00:46

February 16, 2005

SHA-1 broken, Gadi Evron, 22:35
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, Micah Brandon, 21:24
RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., David Schwartz, 21:24
Update Your Bookmarks, Amit Klein (AKsecurity), 21:14
[SECURITY] [DSA 684-1] New typespeed packages fix arbitrary group games code execution, Martin Schulze, 21:04
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Bill Brown, 20:54
Re: vbulletin 3.0.x PHP code execution, pokley, 20:34
RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., David Schwartz, 20:03
[Full-Disclosure] RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185 Correction, Joe Granto, 19:53
Blind Sql-Injection in MySQL Databases, Zeelock, 19:43
xprobe2 v0.2.2 released, Ofir Arkin, 18:43
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Gwendolynn ferch Elydyr, 18:43
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec, 18:33
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Gwendolynn ferch Elydyr, 18:23
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec, 18:13
[Full-Disclosure] [ GLSA 200502-23 ] KStars: Buffer overflow in fliccd, Sune Kloppenborg Jeppesen, 18:02
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Janusz A. Urbanowicz, 18:02
[KDE Security Advisory] Buffer overflow in fliccd of kdeedu/kstars/indi, Dirk Mueller, 17:42
[hackgen-2005-#003] - SQL injection bugs in DCP-Portal, Exoduks, 17:32
[KDE Security Advisory] Buffer overflow in fliccd of kdeedu/kstars/indi, Dirk Mueller, 17:22
MDKSA-2005:038 - Updated emacs/xemacs packages fix vulnerability, Mandrakelinux Security Team, 17:12
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, K-OTiK Security, 17:02
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., George Capehart, 16:52
[Full-Disclosure] [ GLSA 200502-22 ] wpa_supplicant: Buffer overflow vulnerability, Matthias Geerdsen, 16:52
Re: BrightStor ARCserve Backup buffer overflow PoC, Williams, James K, 16:42
Re: vbulletin 3.0.x PHP code execution, AL3NDALEEB., 16:32
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Thor (Hammer of God), 16:22
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, Thom Craver, 16:12
[CLA-2005:925] Conectiva Security Announcement - evolution, Conectiva Updates, 15:51
[Full Disclosure] Using DHTML XSS to launch HHCTRL exploit, Valentin Avram, 15:41
[Full-Disclosure] [USN-83-1] LessTif 2 vulnerabilities, Martin Pitt, 12:29
Re: [Full-Disclosure] RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB886185, Thor \(Hammer of God\), 11:39
[Full-Disclosure] [NORTHSHOREINTERNET.COM.AU: #1] amihotornot.com.au vulnerability, North Shore Internet, 11:39
[Full-Disclosure] RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB886185, Harshad, 11:29
RE: [Full-Disclosure] RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB886185, Threlkeld, Richard, 11:29
Re: [Full-Disclosure] RE: Microsoft Baseline Security Analyzer no t seeing KB887742 and KB886185, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], 03:35
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, Jamie Pratt, 03:25
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, twebster, 01:55
XSS in MySpace.com RuWeb.net and Primus.com, Chris, 01:55
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, Jeffrey Wilkinson, 00:24

February 15, 2005

RE: eBay Account Phishing with eBay Redirect, Israel Torres, 23:54
RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185 Correction, James Lay, 23:14
RE: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, William Pratt, 22:43
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, Ondra Holecek, 21:13
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, Herman Sheremetyev, 21:13
Re: eBay Account Phishing with eBay Redirect, Jay Calvert, 21:03
[NOBYTES.COM: #3] osCommerce 2.2-MS2 - XSS Vulnerability, John Cobb, 21:02
Scottsave.com Trade History Exploit, Ben Efros, 20:52
RE: eBay Account Phishing with eBay Redirect, Thomas T. Evans, III, 20:42
Scottrader Application Exploit, Ben Efros, 20:32
Re: IE6 SP1 - Click N Crash is old news, Berend-Jan Wever, 20:22
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Sebastian, 20:12
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec, 20:02
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec, 19:52
[Full-Disclosure] [ GLSA 200502-21 ] lighttpd: Script source disclosure, Thierry Carrez, 19:32
[Full-Disclosure] [ GLSA 200502-20 ] Emacs, XEmacs: Format string vulnerabilities in movemail, Thierry Carrez, 19:12
IE6 SP1 - Click N Crash, ViPeR, 18:31
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Thor (Hammer of God), 18:21
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Gwendolynn ferch Elydyr, 18:21
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, Ondra Holecek, 18:11
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?, Jamie Pratt, 18:01
RE: Exploit on tcp/4128?, Mueller, Lance, 17:41
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., bkfsec, 17:21
Re: eBay Account Phishing with eBay Redirect, Jonathan Rockway, 17:11
MDKSA-2005:037 - Updated mailman packages fix directory traversal vulnerability, Mandrakelinux Security Team, 17:11
Re: vbulletin 3.0.x PHP code execution, pokley, 17:01
Re: eBay Account Phishing with eBay Redirect, Nick FitzGerald, 16:50
[SECURITY] [DSA 682-1] New awstats packages fix arbitrary command execution, Martin Schulze, 16:40
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Vincent Archer, 16:30
Re: AWStats <= 6.4 Multiple vulnerabilities, Ondra Holecek, 16:20
[SECURITY] [DSA 683-1] New postgresql packages fix arbitrary code execution, Martin Schulze, 15:30
[Full-Disclosure] ASPjar Guestbook login.asp not official patch, CorryL, 13:49
RE: [Full-Disclosure] RE: Microsoft Baseline Security Analyzer no t seeing KB887742 and KB886185, Randal, Phil, 08:16
[Full-Disclosure] RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB886185, STANESCU Ionut, 07:56
[Full-Disclosure] [USN-82-1] Linux kernel vulnerabilities, Martin Pitt, 07:15
Re: [Full-Disclosure] Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185, Vincent Archer, 06:25
[Full-Disclosure] Kayako eSupport v2.3.1 Support Tracker XSS Vulnerability, Seth Alan Woolley, 05:55

February 14, 2005

[Full-Disclosure] SecurityForest - Public Release no.2, loni@securityforest.com, 23:32
[Full-Disclosure] RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB886185, Threlkeld, Richard, 23:32
RE: Exploit on tcp/4128?, Butterworth, Jim, 20:41
RE: Exploit on tcp/4128?, Lawrence Baldwin, 20:41
Re: Exploit on tcp/4128?, James Eaton-Lee, 20:41
RE: Exploit on tcp/4128?, Jeff Mickey, 20:31
Re: eBay Account Phishing with eBay Redirect, Josh Tolley, 20:11
[NOBYTES.COM: #2] CubeCart 2.0.4 - Multiple Vulnerabilities, John Cobb, 20:01
RE: Exploit on tcp/4128?, David Gillett, 19:50
[Full-Disclosure] [gentoo-announce] [ GLSA 200502-19 ] PostgreSQL: Buffer overflows in PL/PgSQL parser, Sune Kloppenborg Jeppesen, 19:40
Exploit on tcp/4128?, Lawrence Baldwin, 19:20
Re: BrightStor ARCserve Backup buffer overflow PoC, H D Moore, 19:00
[Full-Disclosure] [ GLSA 200502-18 ] VMware Workstation: Untrusted library search path, Thierry Carrez, 18:30
[Full-Disclosure] UPDATE: [ GLSA 200501-36 ] AWStats: Remote code execution, Thierry Carrez, 18:10
[Full-Disclosure] Advisory: Cross Site Scripting Vulnerability in Openconf Conference Management Software, Maximillian Dornseif, 18:10
[Full-Disclosure] [ GLSA 200502-17 ] Opera: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 17:19
vbulletin 3.0.x PHP code execution, AL3NDALEEB, 16:18
eBay Account Phishing with eBay Redirect, Steven, 16:08
[SECURITY] [DSA 681-1] New synaesthesia packages fix unauthorised file access, Martin Schulze, 16:08
Credit Card Phishing with executable download, Gandalf The White, 15:58
[Full-Disclosure] Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185, James Lay, 15:47
RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., David Schwartz, 15:47
AWStats <= 6.4 Multiple vulnerabilities, [ru]@securityfocus.com@www.securityfocus.com, 15:37
RE: International Domain Name [IDN] support in modern browsers al lows attackers to spoof domain name URLs + SSL certs., Michael Wojcik, 14:57
[SECURITY] [DSA 680-1] New htdig packages fix cross-site scripting vulnerability, Martin Schulze, 14:37
[Full-Disclosure] ASPjar Guestbook login.asp not official patch, CorryL, 14:27
[SECURITY] [DSA 679-1] New toolchain-source package fixes insecure temporary files, Martin Schulze, 14:26
[CLA-2005:924] Conectiva Security Announcement - XFree86, Conectiva Updates, 14:16
[Full-Disclosure] The ultimate solution to phising, Stian Øvrevåge, 07:17
[Full-Disclosure] [ GLSA 200502-15 ] PowerDNS: Denial of Service vulnerability, Matthias Geerdsen, 03:24
[Full-Disclosure] [ GLSA 200502-16 ] ht://Dig: Cross-site scripting vulnerability, Luke Macken, 03:24
[Full-Disclosure] [ GLSA 200502-14 ] mod_python: Publisher Handler vulnerability, Sune Kloppenborg Jeppesen, 03:23
Re: BrightStor ARCserve Backup buffer overflow PoC, H D Moore, 03:23
Re: Advanced Guestbook 2.2 -- SQL Injection Exploit, mary, 03:23
Symantec UPX issue solution, Roger A. Grimes, 03:23
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Janusz A. Urbanowicz, 03:23

February 12, 2005

MDKSA-2005:032-1 - Updated cpio packages fix vulnerability, Mandrakelinux Security Team, 17:13
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Scott Gifford, 16:53
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Neil W Rickert, 16:43
[Full-Disclosure] Infostring crash and shutdown in the Quake 3 engine, Luigi Auriemma, 15:03
[Full-Disclosure] exim auth_spa_server() PoC exploit, Yuri Gushin, 13:12
Re: [Full-Disclosure] Fireflashing [Firefox 1.0], Jelmer Kuperus, 12:01

February 11, 2005

Zone Labs Security Alert ZL05-01: Zone Labs IPC Instability, Zone Labs Product Security, 21:26
RE: Data Mining for PIX Firewall Logs, Hill, Keith (Contractor), 20:55
RE: Data Mining for PIX Firewall Logs, Todd Towles, 20:45
[VulnWatch] iDEFENSE Security Advisory 02.11.05: ZoneAlarm 5.1 Invalid Pointer Dereference Vulnerability, iDefense Customer Service, 20:05
SYM05-003 Symantec UPX Parsing Engine Heap Overflow, secure, 20:05
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Scott Gifford, 19:04
Re: HACKING WITH JAVASCRIPT, Jim Halfpenny, 18:54
[Full-Disclosure] [ GLSA 200502-12 ] Webmin: Information leak in Gentoo binary package, Thierry Carrez, 18:54
[Full-Disclosure] [gentoo-announce] [ GLSA 200502-13 ] Perl: Vulnerabilities in perl-suid wrapper, Thierry Carrez, 18:54
Re: HACKING WITH JAVASCRIPT, Cleiton Martins, 18:44
BrightStor ARCserve Backup buffer overflow PoC, cybertronic, 18:34
[SECURITY] [DSA 677-1] New sympa packages fix potential arbitrary code execution, Martin Schulze, 16:23
[SECURITY] [DSA 676-1] New xpcd packages fix arbitrary code execution as root, Martin Schulze, 16:13
Re: Symantec UPX Parsing Engine Heap Overflow, James Riden, 16:02
insecure temporary file creation in kdelibs 3.3.2, Davide Madrisan, 15:52
[SECURITY] [DSA 674-2] New mailman packages really fix several vulnerabilities, Martin Schulze, 15:32
Remotely Controlling XSS Attacks - Announcing XSS-Proxy, Rager, Anton (Anton), 15:12
MDKSA-2005:036 - Updated MySQL packages fix temporary file vulnerability, Mandrakelinux Security Team, 15:02
MDKSA-2005:035 - Updated python packages fix vulnerability, Mandrakelinux Security Team, 14:52
MDKSA-2005:034 - Updated squid packages fix multiple vulnerabilities, Mandrakelinux Security Team, 14:42
MDKSA-2005:033 - Updated enscript packages fix multiple vulnerabilities, Mandrakelinux Security Team, 14:32
MDKSA-2005:032 - Updated cpio packages fix vulnerability, Mandrakelinux Security Team, 14:22
[SECURITY] [DSA 678-1] New netkit-rwho packages fix denial of service, Martin Schulze, 13:41
TSLSA-2005-0003 - multi, Trustix Security Advisor, 13:21
RE: Data Mining for PIX Firewall Logs, mhuston, 12:21
Re: Data Mining for PIX Firewall Logs, jkowall, 12:11
[Full-Disclosure] [USN-81-1] iptables vulnerability, Martin Pitt, 08:59
[Full-Disclosure] [USN-80-1] mod_python vulnerability, Martin Pitt, 07:28
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Peter J. Holzer, 05:27
Re: International Domain Name [IDN] support in modern browsers al lows attackers to spoof domain name URLs + SSL certs., Marcin Sochacki, 04:07
RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit, Andrew Hunter, 02:36
ASPjar guestbook (Injection in login page), farhad koosha, 02:06
Symantec UPX Parsing Engine Heap Overflow, Neil Watson, 01:36
HACKING WITH JAVASCRIPT, hictor ertd, 00:35

February 10, 2005

[VulnWatch] iDEFENSE Security Advisory 02.10.05: Computer Associates BrightStor ARCserve Backup UniversalAgent Backdoor Vulnerability, iDefense Customer Service, 21:23
[Full-Disclosure] [FLSA-2005:2352] Updated Xpdf package fixes security issues, Marc Deslauriers, 21:03
[Full-Disclosure] [FLSA-2005:2252] Updated iptables packages resolve security issues, Marc Deslauriers, 21:03
[Full-Disclosure] [FLSA-2005:2188] Updated gaim package resolves security issues, Marc Deslauriers, 20:43
[VulnWatch] Re: iDEFENSE Security Advisory 02.10.05: IBM AIX lspath Local File Access Vulnerability, Shiva Persaud, 20:43
[Full-Disclosure] [FLSA-2005:2353] Updated gpdf package fixes security issues, Marc Deslauriers, 20:43
Re: Finjan Security Advisory: Microsoft Office XP Remote Buffer Overflow Vulnerability, Derek Martin, 19:52
[VulnWatch] Re: iDEFENSE Security Advisory 02.10.05: IBM AIX netpmon Local Buffer Overflow Vulnerability, Shiva Persaud, 19:32
secure-roster script to address mailman email harvester, Neal McBurnett, 19:12
[SECURITY] [DSA 675-1] New hztty packages fix local utmp exploit, Martin Schulze, 18:32
RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit, Color Inc., 18:12
[VulnWatch] Re:iDEFENSE Security Advisory 02.10.05: IBM AIX ipl_varyon Local Buffer Overflow Vulnerability, Shiva Persaud, 18:12
RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit, Thor Larholm, 17:51
[Full-Disclosure] Crashes and socket unreacheable in Armagetron Advanced 0.2.7.0, Luigi Auriemma, 16:21
[VulnWatch] iDEFENSE Security Advisory 02.10.05: IBM AIX ipl_varyon Local Buffer Overflow Vulnerability, iDefense Customer Service, 15:40
iDEFENSE Security Advisory 02.10.05: IBM AIX netpmon Local Buffer Overflow Vulnerability, iDefense Customer Service, 15:20
[Full-Disclosure] UPDATE: [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability, Luke Macken, 15:10
[Full-Disclosure] [ GLSA 200502-11 ] Mailman: Directory traversal vulnerability, Sune Kloppenborg Jeppesen, 15:10
Re: iDEFENSE Security Advisory 02.08.05: IBM AIX auditselect Local Format String Vulnerability, Shiva Persaud, 15:10
Re: iDEFENSE Security Advisory 02.07.05: IBM AIX chdev Local Format String Vulnerability, Shiva Persaud, 14:39
iDEFENSE Security Advisory 02.10.05: IBM AIX lspath Local File Access Vulnerability, iDefense Customer Service, 14:29
Barracuda Spam Firewall <= 3.1.10 acts as open relay for whitelisted senders., Sean Sosik-Hamor, 14:19
[SECURITY] [DSA 673-1] New evolution packages fix arbitrary code execution as root, Martin Schulze, 13:59
[SECURITY] [DSA 674-1] New mailman packages fix several vulnerabilities, Martin Schulze, 13:49
[Full-Disclosure] [USN-79-1] PostgreSQL vulnerabilities, Martin Pitt, 13:29
SUSE Security Announcement: squid (SUSE-SA:2005:006), Thomas Biege, 13:29
[Security Bulletin] SSRT4861 rev.0 - HP-UX BIND9.2.0 remote Denial of Service (DoS), Boren, Rich (SSRT), 13:08
[VulnWatch] iDEFENSE Security Advisory 02.09.05: CA BrightStor ARCserve Backup v11 Discovery Service Remote Buffer Overflow, iDefense Customer Service, 12:48
[Full-Disclosure] Re: yet another DSL modem backdoor - Mentor (Conexant), Philip Barnham, 11:27
CMS Core SQL injection, foster GHC, 08:56
SQL injection in Chipmunk forums, foster GHC, 07:25
Paper: Solution to Red Hat PIE Protection, Zarul Shahrin, 06:55
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Will Kamishlian, 06:15
[SECURITY] [DSA 672-1] New xview packages fix potential arbitrary code execution, Martin Schulze, 05:35
Re: GMail / Google Groups ESMTP software b0f, Heather Adkins, 04:54
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Simon Ãstengaard, 03:24
CFP for SyScAN'05, organiser@syscan.org, 02:43
RE: International Domain Name [IDN] support in modern browsers al lows attackers to spoof domain name URLs + SSL certs., Randal, Phil, 01:43

February 09, 2005

Data Mining for PIX Firewall Logs, Carey Heck, 23:42
[Full-Disclosure] [FLSA-2005:1943] Updated libpng resolves security vulnerabilities, Dominic Hargreaves, 23:32
[Full-Disclosure] [FLSA-2005:1906] Updated abiword packages fix security issue, Dominic Hargreaves, 23:32
RE: International Domain Name [IDN] - browser-level fix (not network.enableIDN), R Dicaire, 23:22
RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit, Andrew Hunter, 21:51
Some details about MS05-007 security bulletin, Jean-Baptiste Marchand, 21:51
[VulnWatch] Patch available for high risk IBM DB2 Universal Database flaw, NGSSoftware Insight Security Research, 21:01
[Full-Disclosure] yet another DSL modem backdoor - Mentor (Conexant), Adam Laurie, 20:51
Several SQL injection bugs in myPHP Forum v.1.0, foster GHC, 19:40
[Full-Disclosure] [USN-78-1] Mailman vulnerability, Martin Pitt, 19:40
MDKSA-2005:031 - Updated perl packages fix multiple vulnerabilities, Mandrakelinux Security Team, 18:20
Mercuryboard <= 1.1.1 Working Sql Injection, Zeelock, 16:58
[Full-Disclosure] Re: Re: mailman email harvester, Dave Korn, 15:37
[Security Bulletin] - SSRT4883 HP-UX ftpd remote privileged access, Boren, Rich (SSRT), 15:07
[SIG^2 G-TEC] ArGoSoft Mail Server Webmail Multiple Directory Traversal Vulnerabilities, chewkeong, 14:27
Internet Explorer zone spoofing with encoded URLs, Jouko Pynnonen, 14:17
MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit, ATmaCA ATmaCA, 14:07
[Full-Disclosure] [gentoo-announce] [ GLSA 200502-10 ] pdftohtml: Vulnerabilities in included Xpdf, Matthias Geerdsen, 13:57
GREENAPPLE Release, Dave Aitel, 06:13
[SCL-2005.002] - IDN Feature Workaround via proxy.pac, Scovetta, Michael V, 04:22
[SIG^2 G-TEC] 602LAN SUITE Web Mail Vulnerability Allows File Upload to Arbitrary Directories, chewkeong, 03:52
EEYE: Windows SMB Client Transaction Response Handling Vulnerability, Marc Maiffret, 03:22
[SECURITY] [DSA 671-1] New xemacs21 packages fix arbitrary code execution, Martin Schulze, 01:41
Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Jerome ATHIAS, 01:21
[SECURITY] [DSA 670-1] New emacs20 packages fix arbitrary code execution, Martin Schulze, 00:51
Re: [VulnWatch] iDEFENSE Security Advisory 02.08.05: IBM AIX auditselect Local Format String Vulnerability, Shiva Persaud, 00:31
SafeNet SoftRemote VPN Client Issue: Clear-text password stored in memory, Roy Hills, 00:21

February 08, 2005

[PersianHacker.NET 200502-05] WWWoard passwd, Andrew guess, 23:50
AppleFileServer Denial of Service., nemo, 23:10
RE: International Domain Name [IDN] - browser-level fix (not network.enableIDN), Scovetta, Michael V, 22:19
[Full-Disclosure] Finjan Security Advisory: Microsoft Office XP Remote Buffer Overflow Vulnerability, Rafel Ivgi, 21:49
[VulnWatch] iDEFENSE Security Advisory 02.08.05: IBM AIX auditselect Local Format String Vulnerability, iDefense Customer Service, 21:09
[Full-Disclosure] [gentoo-announce] [ GLSA 200502-09 ] Python: Arbitrary code execution through SimpleXMLRPCServer, Thierry Carrez, 19:18
[VulnWatch] CORE-2004-0819: MSN Messenger PNG Image Parsing Vulnerability, CORE Security Technologies Advisories, 18:17
[Full-Disclosure] Integer overflow and arbitrary files deletion in RealArcade 1.2.0.994, Luigi Auriemma, 15:26
php-fusion 4.x vuln, thegreatone2176, 14:15
Re: [Full-Disclosure] Re: mailman email harvester, James Longstreet, 13:55
[Full-Disclosure] Re: mailman email harvester, Dave Korn, 12:35
[VulnWatch] iDEFENSE Security Advisory 02.07.05: IBM AIX chdev Local Format String Vulnerability, iDefense Customer Service, 01:50
[Full-Disclosure] UnixWare 7.1.4 : vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands, please_reply_to_security, 00:30

February 07, 2005

[Full-Disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : enable command line buffer overflows, please_reply_to_security, 23:59
CodeCon Reminder, Len Sassaman, 23:49
International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs., Brandon Kovacs, 22:59
[SePro Bugtraq] SQL-Injection in PerlDesk 1.x, deluxe, 21:08
[Full-Disclosure] mailman email harvester, Bernhard Kuemel, 20:47
GMail / Google Groups ESMTP software b0f, Michal Zalewski, 20:27
[Full-Disclosure] UnixWare 7.1.4 : racoon multilple security issues, please_reply_to_security, 19:47
iDEFENSE Security Advisory 02.07.05: SquirrelMail S/MIME Plugin Command Injection Vulnerability, iDefense Customer Service, 18:06
[Full-Disclosure] [ GLSA 200502-08 ] PostgreSQL: Local privilege escalation, Luke Macken, 17:26
[Security Bulletin] HP Tru64 Unix Mozilla Application Suite 1.7.3 Remote Denial of Service (DoS), Boren, Rich (SSRT), 17:26
Re: [Contact] Motorola broadband appliance team?, Grzegorz Cegielski, 17:05
[Full-Disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : Vulnerabilities in long-lived TCP connections / Rose attack, please_reply_to_security, 16:25
DMA[2005-0131b] - 'Setuid Perl PERLIO_DEBUG buffer overflow', KF (lists), 16:25
[Full-Disclosure] UnixWare 7.1.3 UnixWare 7.1.1 : Vulnerabilities in long-lived TCP connections / Rose attack, please_reply_to_security, 16:25
Vulnerability in 3Com 3CServer v1.1, mandragore, 16:15
DMA[2005-0131a] - 'Setuid Perl PERLIO_DEBUG root owned file creation', KF (lists), 16:05
[Full-Disclosure] Fireflashing [Firefox 1.0], mikx, 15:45
[OSX Finder] DS_Store arbitrary file overwrite vulnerability., Vade 79, 15:45
[Full-Disclosure] Firetabbing [Firefox 1.0], mikx, 15:35
[Full-Disclosure] Firedragging [Firefox 1.0], mikx, 15:35
New version of ike-scan (IPsec IKE scanner) available - v1.7, Roy Hills, 15:35
VOIPSEC, VoIP Security Aliance, 15:25
XSS Vulnerability at thefacebook.com, Jonathan Rockway, 15:14
[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities, Martin Schulze, 15:04
[Full-Disclosure] [USN-77-1] Squid vulnerabilities, Martin Pitt, 14:14
[Full-Disclosure] [gentoo-announce] [ GLSA 200502-07 ] OpenMotif: Multiple vulnerabilities in libXpm, Thierry Carrez, 10:12
[Full-Disclosure] [USN-76-1] Emacs vulnerability, Martin Pitt, 09:31

February 06, 2005

[Full-Disclosure] [ GLSA 200502-06 ] LessTif: Multiple vulnerabilities in libXpm, Thierry Carrez, 18:43

February 05, 2005

Re: [Full-Disclosure] Re: [USN-74-1] Postfix vulnerability, FRLinux, 23:38
[Full-Disclosure] Re: [USN-74-1] Postfix vulnerability, Wietse Venema, 21:46
[Full-Disclosure] Multiple SQL injection in Chipmunk forum, GHC vision, 17:13
[PersianHacker.NET 200502-05] WWWoard passwd, Pedram Hayati, 17:03
Foxmail Server Remote Buffer Overflow Vulnerability, Xin Ouyang, 16:53
Re: Wireless networks/Default Admin username security problem in Croatia, Denis Jedig, 16:43
Re: Input Validation Vulnerability in Apple Safari version 1.2.4 v125.12, Nicolas Gregoire, 16:33
[Full-Disclosure] NGircd <= 0.8.1 Remote DoS (exploit), CorryL, 16:02
[Full-Disclosure] directory traversal in RaidenHTTPD 1.1.27, Donato Ferrante, 11:20
[SECURITY] [DSA 667-1] New squid packages fix several vulnerabilities, Martin Schulze, 01:16
[Full-Disclosure] Webroot Software Resigns from COAST, Paul Laudanski, 00:36

February 04, 2005

Input Validation Vulnerability in Apple Safari version 1.2.4 v125.12, Jonathan Rockway, 23:56
Re: Squirrelmail vacation v0.15 local root exploit, p dont think, 23:36
Re: [ RSTACK Public Security Advisory ] Remote DOS against Linksys PSUS4, Denis Jedig, 22:55
[SECURITY] [DSA 667-1] New PostgreSQL packages fix arbitrary library loading, Martin Schulze, 22:25
Wireless networks/Default Admin username security problem in Croatia, Radoslav Dejanović, 21:55
[SECURITY] [DSA 666-1] New Python2.2 packages fix unauthorised XML-RPC internals access, Martin Schulze, 21:05
[Full-Disclosure] Exploit For Savant Web Server 3.1 (tested on win2003), CorryL, 19:54
[Full-Disclosure] [USN-74-2] Fixed Postfix packages for USN-74-1, Martin Pitt, 14:11
[Full-Disclosure] Re: [Linux kernel ipv6_setsockopt integer overflow], qobaiashi, 13:41
[Full-Disclosure] [USN-75-1] cpio vulnerability, Martin Pitt, 07:49
[Full-Disclosure] [USN-74-1] Postfix vulnerability, Martin Pitt, 06:38

February 03, 2005

Re: [Linux kernel ipv6_setsockopt integer overflow], Dan Yefimov, 20:44
[ RSTACK Public Security Advisory ] Remote DOS against Linksys PSUS4, laurent oudot, 20:24
Python Security Advisory PSF-2005-001 - SimpleXMLRPCServer.py, Guido van Rossum, 18:13
ngIRCd <= v0.8.2 Format String Vulnerability, CoKi, 18:03
RE: SECURITEY.NNOV.RU NewsPost buffer overflow [EXPLOIT], cybertronic, 17:53
RE: Google getting smarter ?!?!, Scott Jacobson, 17:43
New presentation: Advanced SQL Injection in Oracle databases, Esteban Martínez Fayó, 17:33
MDKSA-2005:029 - Updated vim packages fix vulnerabilities, Mandrakelinux Security Team, 17:23
[Full-Disclosure] DoS in LANChat Pro Revival 1.666c, Donato Ferrante, 16:12
[Full-Disclosure] [Linux kernel ipv6_setsockopt integer overflow], qobaiashi, 15:12
[Full-Disclosure] [USN-73-1] Python vulnerability, Martin Pitt, 14:01
SV: Zyxel / Netgear and probably other routers leaking information., Jens Kalvik, 00:14

February 02, 2005

[Full-Disclosure] [ GLSA 200502-05 ] Newspost: Buffer overflow vulnerability, Luke Macken, 22:03
Re: [Full-Disclosure] [ GLSA 200501-40 ] ngIRCd: Buffer overflow, qobaiashi, 21:53
[Full-Disclosure] PayPal /webscr currency substitution exploit?, 2600hz, 21:43
Google getting smarter ?!?!, John Madden, 20:43
Re[2]: WinAmp POC: How to get 900+ shellcodespace!?, Viktor E Larionov, 20:32
Portcullis Advisory 05-009 Update, Webseries Payment Application, Paul J Docherty, 20:22
Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues, exon, 20:12
Windows Security Checklists - 10 Parts, Paul Laudanski, 19:52
Gallery is still vulnerable to Cross-site Scripting attacks, Jon Keating, 19:12
Portcullis Advisory 05-008 Update, Webseries Payment Application, Paul J Docherty, 18:52
Portcullis Advisory 05-007 Update, Webseries Payment Application, Paul J Docherty, 18:42
[VulnWatch] High Risk Vulnerabilities in Eudora Mail Client, NGSSoftware Insight Security Research, 18:32
Portcullis Advisory 05-006 Update, Webseries Payment Application, Paul J Docherty, 18:31
[Full-Disclosure] UNIX Tar Security Advisory from TEAM PWN4GE, Team Pwnge, 18:21
Portcullis Advisory 05-001 Update, Webseries Payment Application, Paul J Docherty, 18:21
Portcullis Advisory 05-005 Update, Webseries Payment Application, Paul J Docherty, 18:01
[Full-Disclosure] [ GLSA 200502-04 ] Squid: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 17:51
[SIG^2 G-TEC] DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities, chewkeong, 17:51
7a69Adv#21 - WinRAR unpack one-folder path disclosure, Albert Puigsech Galicia, 17:41
7a69Adv#20 - ZipGenius unpack one-folder path disclosure, Albert Puigsech Galicia, 17:21
Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues, Trog, 16:10
7a69Adv#19 - ZipGenius unpack path disclosure, Albert Puigsech Galicia, 16:00
MDKSA-2005:026 - Updated imap packages fix authentication vulnerability, Mandrakelinux Security Team, 15:50
MDKSA-2005:027 - Updated chbg packages fix vulnerability, Mandrakelinux Security Team, 15:30
MDKSA-2005:028 - Updated ncpfs packages fix vulnerabilities, Mandrakelinux Security Team, 15:10
[SECURITY] [DSA 664-1] New cpio packages fix insecure file permissions, Martin Schulze, 14:50
Re:WinAmp POC: How to get 900+ shellcodespace!?, lists, 14:29
[Full-Disclosure] Limited buffer-overflow in Painkiller 1.35, Luigi Auriemma, 14:09
[Full-Disclosure] [USN-72-1] Perl vulnerabilities, Martin Pitt, 11:17
Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues, Darren Bounds, 11:07
[Full-Disclosure] [ GLSA 200502-03 ] enscript: Multiple vulnerabilities, Thierry Carrez, 10:47
[Full-Disclosure] [ GLSA 200502-02 ] UW IMAP: CRAM-MD5 authentication bypass, Sune Kloppenborg Jeppesen, 07:56
[Full-Disclosure] SQL injection in EveryDNS.net Service, Calum Power, 02:54

February 01, 2005

[Full-Disclosure] [FLSA-2005:2272] Updated unarj package fixes security issue, Marc Deslauriers, 23:02
[Full-Disclosure] [FLSA-2005:2187] Updated freeradius packages fix security flaws, Marc Deslauriers, 22:52
[Full-Disclosure] [FLSA-2005:2255] Updated zip package fixes security issue, Marc Deslauriers, 22:52
Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues, Dack, 20:11
[SECURITY] [DSA 662-1] New squirrelmail package fixes several vulnerabilities, Martin Schulze, 18:20
[ GLSA 200502-01 ] FireHOL: Insecure temporary file creation, Matthias Geerdsen, 17:29
[SECURITY] [DSA 663-1] New prozilla packages fix arbitrary code execution, Martin Schulze, 17:19
[ Security Bulletin] SSRT5900 rev.0 HP-UX TGA daemon remote Denial of Service (DoS), Boren, Rich (SSRT), 11:46
[Full-Disclosure] [USN-71-1] PostgreSQL vulnerability, Martin Pitt, 11:36
Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues, Trog, 06:34
[Full-Disclosure] University of Phoenix - Outlook Express Unauthorized Configuration Manipulation, Adam Baldwin, 02:53