Network Security Archives

Bugtraq (date)

[Thread Index] [Top] [All Lists]

March 31, 2005

Security holes in the iTunes Music Store, Charles M. Hannum, 22:17
Reverse shell using netcat on AS/400, Shalom Carmel, 21:56
[Full-disclosure] (Paper) Programming: The Heart of Web Security, Sumy, 21:46
[Full-disclosure] RE: [ISN] How To Save The Internet, Nuno Costa, 21:16
(PAPER) "Vision of danger: The Firefox Greasemonkey", Piotr Bania, 21:16
Re: cPanel/WHM demo account problems, Beau Henderson, 21:06
RE: eBay Account Phishing with eBay Redirect - Ebay fixed this + related XSS hole, Rager, Anton (Anton), 20:56
RE: Invision Power Board v2.0.3 XSS vulnerabilities, alex, 20:45
WindowsXP malformed .wmf files DoS, liquid, 20:35
Re: DoS of LAN via D-Link switches, Scott Nelson, 20:25
Re: Bay Technical Associates telnet server logon bypass, Michael Brennen, 20:15
Bay Technical Associates telnet server logon bypass, nolimit bugtraq, 19:25
MDKSA-2005:063 - Updated htdig packages fix vulnerability, Mandrakelinux Security Team, 19:14
[Full-disclosure] [HV-HIGH] Microsoft Jet DB engine vulnerabilities, vuln, 19:04
MDKSA-2005:062 - Updated ipsec-tools packages fix vulnerability, Mandrakelinux Security Team, 17:52
MX Shop 1.1.1 and MX Kart 1.1.2 are vulnerable to multiple SQL injection vulnerabilities, dcrab, 17:42
MDKSA-2005:064 - Updated libexif packages fix vulnerability, Mandrakelinux Security Team, 17:21
RE: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS, Paul J Docherty, 16:50
Re: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS, Chris Paget, 16:40
Vendor Response to Portculis Advisory 05-002: Spectrum Cash Receipting System, Paul J Docherty, 16:19
cPanel/WHM demo account problems, Richard Stanway, 16:09
Re: DoS of LAN via D-Link switches, Joel Maslak, 15:58
bzip2 TOCTOU file-permissions vulnerability, Imran Ghory, 15:38
[CLA-2005:945] Conectiva Security Announcement - kernel, Conectiva Updates, 15:17
[Full-disclosure] [gentoo-announce] [ GLSA 200503-37 ] LimeWire: Disclosure of sensitive information, Thierry Carrez, 09:18
[Full-disclosure] [gentoo-announce] [ GLSA 200503-36 ] netkit-telnetd: Buffer overflow, Thierry Carrez, 08:58
[Full-disclosure] [ GLSA 200503-37 ] LimeWire: Disclosure of sensitive information, Thierry Carrez, 08:47
[Full-disclosure] [ GLSA 200503-36 ] netkit-telnetd: Buffer overflow, Thierry Carrez, 08:47

March 30, 2005

Multiple sql injection, and xss vulnerabilities in Pay pal Storefront, Diabolic Crab, 20:37
PaFileDB Version 3.1 and below are exploitable via a XSS and a SQL injection vulnerability, dcrab, 19:06
Re: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS, Kurt Seifried, 18:45
Re: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software., dcrab, 18:15
Re: DoS of LAN via D-Link switches, Neil Watson, 18:15
RE: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS, Paul J Docherty, 18:05
Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL Attack, Cisco Systems Product Security Incident Response Team, 13:52
MDKSA-2005:061 - Updated krb5 packages fix telnet client vulnerability, Mandrakelinux Security Team, 13:42
[Full-disclosure] [gentoo-announce] [ GLSA 200503-35 ] Smarty: Template vulnerability, Thierry Carrez, 12:11
[Full-disclosure] [ GLSA 200503-35 ] Smarty: Template vulnerability, Thierry Carrez, 12:01

March 29, 2005

Portcullis Security Advisory 05-011 ACPI 1.6 BIOS, Paul J Docherty, 21:52
[PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior Multiple Vulnerbilities, PersianHacker Team, 21:52
Multiple phpCoin Vulnerabilities, GulfTech Security Research, 21:31
Re: DoS of LAN via D-Link switches, Tarmo Mamers, 21:21
Multiple XSS vulnerabilities in ACS Blog, Dan Crowley, 21:11
abuse & security issues > Israel, Gadi Evron, 20:51
Code insertion in Blogger comments, Antone Roundy, 20:31
[Full-disclosure] Hacked: Who Else Is Using Your Computer?, Paul Laudanski, 20:11
RE: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software., GulfTech Security Research, 20:11
[PersianHacker.NET 200503-12]Chatness 2.5.1 and prior XSS Vulnerabilities, PersianHacker Team, 20:01
Re: Security Flaw with Digital signatures in Microsoft Outlook, dori, 19:51
Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability, Ga=EBl?= Delalleau, 19:41
[SECURITY] [DSA 697-1] New netkit-telnet packages fix arbitrary code execution, Martin Schulze, 19:30
Code insertion in Blogger comments, Antone Roundy, 19:10
Multiple sql injection, and xss vulnerabilities in PortalApp, dcrab, 19:00
Invision Power Board v2.0.3 XSS vulnerabilities, hoang yen, 18:50
Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability, Tavis Ormandy, 18:50
Re: TCP timestamp & advanced fingerprinting, Erwan Arzur, 18:40
Multiple sql injection, and xss vulnerabilities in AspApp, dcrab, 18:30
directory traversal in FastStone 4in1 Browser 1.2, Donato Ferrante, 18:30
MITKRB5-SA-2005-001: buffer overflows in telnet client, Tom Yu, 18:10
RE: DoS of LAN via D-Link switches, David Gillett, 17:49
[SECURITY] [DSA 699-1] New netkit-telnet-ssl packages fix arbitrary code execution, Martin Schulze, 17:49
Multiple Sql injection, and multiple XSS vulnerabilities in Easy Community Management System Forum (E-XOOPS), dcrab, 17:19
Re: phishing sites report - March/2005, Gadi Evron, 16:58
Re: phishing sites report - March/2005, Paul Laudanski, 16:48
THai's Shoutbox XSS (Spoofing URL) BUG, CorryL, 16:48
[SECURITY] [DSA 698-1] New mc packages fix buffer overflow, Martin Schulze, 16:38
DoS of LAN via D-Link switches, Frank Bures, 16:18
[Full-disclosure] [USN-102-1] shar vulnerabilities, Martin Pitt, 09:23

March 28, 2005

Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software, dcrab, 21:28
phishing sites report - March/2005, Gadi Evron, 20:37
Multiple XSS issues in Sun AnswerBook2, B00B00, 20:27
RE: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off, Eitan Caspi, 20:07
Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability, Solar Designer, 20:07
Multiple XSS vulnerabilities in ACS Blog, Dan Crowley, 19:57
Re: smail remote and local root holes (really, it is exploitable), sean, 19:06
Multiple Sql injection, and multiple XSS vulnerabilities in Easy Community Management System Forum (E-XOOPS), dcrab, 18:56
Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software., dcrab, 18:36
Multiple sql injection, and xss vulnerabilities in Vladersoft Shopping Cart v.3.0, dcrab, 18:26
Buffer-overflow in Tincat 2 minor than 2.0.28 (Sacred, Settlers 5 and others), Luigi Auriemma, 18:06
[CLA-2005:942] Conectiva Security Announcement - ethereal, Conectiva Updates, 17:46
iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability, iDEFENSE Labs, 17:35
[Full-disclosure] [VulnWatch] Re: ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6[Scanned], Paul Laudanski, 17:35
iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client env_opt_add() Buffer Overflow Vulnerability, iDEFENSE Labs, 17:35
FreeBSD Security Advisory FreeBSD-SA-05:01.telnet, FreeBSD Security Advisories, 17:25
[Full-disclosure] [USN-101-1] telnet vulnerabilities, Martin Pitt, 15:34
[Full-disclosure] [ GLSA 200503-34 ] mpg321: Format string vulnerability, Sune Kloppenborg Jeppesen, 10:52

March 27, 2005

[Full-disclosure] local root security bug in linux >= 2.4.6 <= 2.4.30-rc1 and 2.6.x.y <= 2.6.11.5, advisories, 11:52

March 26, 2005

Re: smail remote and local root holes (no, really ;-), sean, 18:55
Brute-Force scanning the entire 32-bit IP space using Javascript., cyber_flash, 17:04
RE: TCP timestamp & advanced fingerprinting, Bruce Klein, 16:54
Re: smail remote and local root holes (no, not really ;-), Greg A. Woods, 16:44
Re: Secure Science issues preview of their upcoming block cipher, devnull, 16:34
Re: Security Flaw with Digital signatures in Microsoft Outlook, Anthony G. Atkielski, 16:34
File inclusion and XSS vulnerability in E-Store Kit-2 PayPal Edition, dcrab, 16:24
Re: New Whitepaper: Anti Brute Force Resource Metering, Luca Berra, 16:14
RE: [bugtraq] Security Flaw with Digital signatures in Microsoft Outlook, Lyal Collins, 16:04
QuickTime malformed JPEG buffer overflow, liquid, 16:04
AS/400 LDAP user accounts disclosure, Shalom Carmel, 15:53
[Full-disclosure] Re: ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6, Paul Laudanski, 15:43
ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6, Gerardo Astharot Di Giacomo, 15:43

March 25, 2005

phpbb 2.0.13 Exploit (bug), tOnk3r, 16:42
Re: Secure Science issues preview of their upcoming block cipher, Ralf-Philipp Weinmann, 16:22
TCP timestamp & advanced fingerprinting, Erwan Arzur, 16:02
Re: [FLSA-2005:2129] Updated mysql packages fix security issues, Ventsislav Genchev, 15:42
[Full-disclosure] [ GLSA 200503-33 ] IPsec-Tools: racoon Denial of Service, Matthias Geerdsen, 15:42
Re: [FLSA-2005:2129] Updated mysql packages fix security issues, Ventsislav Genchev, 15:32
Re: [bugtraq] Security Flaw with Digital signatures in Microsoft Outlook, Erwann ABALEA, 15:01
RE: Security Flaw with Digital signatures in Microsoft Outlook, Adrian Floarea, 14:51
Re: Secure Science issues preview of their upcoming block cipher, David Covin, 14:51
Re: Secure Science issues preview of their upcoming block cipher, Jerrold Leichter, 14:41
Netcomm 1300NB DSL Modem Denial of Service, Chris Rock, 14:31
RX250305 - OpenMosixView : Multiple Race conditions - advisory and exploit, rexolab, 14:21
smail remote and local root holes, sean, 14:21
Re: New Whitepaper: Anti Brute Force Resource Metering, Amit Klein (AKsecurity), 14:11
Re: New Whitepaper: Anti Brute Force Resource Metering, Joachim Schipper, 14:01
phpMyDirectory 10.1.3-rel Cross site scripting, mircia mircia, 13:51
Re: Secure Science issues preview of their upcoming block cipher, Adam Shostack, 13:51
Security Flaw with Digital signatures in Microsoft Outlook, Roberto Franceschetti, 13:40
[Full-disclosure] [ GLSA 200503-32 ] Mozilla Thunderbird: Multiple vulnerabilities, Thierry Carrez, 10:39
[Full-disclosure] [ GLSA 200503-31 ] Mozilla Firefox: Multiple vulnerabilities, Thierry Carrez, 10:19
[Full-disclosure] [ GLSA 200503-30 ] Mozilla Suite: Multiple vulnerabilities, Thierry Carrez, 10:09
Re: [Full-disclosure] o2 Germany promotes SMS-Phishing, Ádám Szilveszter dr., 04:47
[Full-disclosure] Re: [lists] Which anti-spyware cleaner is the best?, Elliott Bäck, 01:15
[Full-disclosure] Re: [lists] Which anti-spyware cleaner is the best?, Paul Laudanski, 00:35

March 24, 2005

LogicLibrary BugScan VSR,Trillian 2.0, 3.0 and 3.1, Matt Hargett, 22:44
Re: Firescrolling 2 [Firefox 1.0.1], John Madden, 21:34
Secure Science issues preview of their upcoming block cipher, BugTraq, 21:24
[Full-disclosure] [FLSA-2005:2268] Updated spamassassin package fixes security issues, Marc Deslauriers, 20:23
[Full-disclosure] [FLSA-2005:2129] Updated mysql packages fix security issues, Marc Deslauriers, 20:23
[Full-disclosure] [FLSA-2005:2155] Updated sharutils package fixes security issues, Marc Deslauriers, 20:23
Re: New Whitepaper: Anti Brute Force Resource Metering, Jason W, 19:53
[Full-disclosure] [ GLSA 200503-29 ] GnuPG: OpenPGP protocol attack, Thierry Carrez, 19:12
[Full-disclosure] [ GLSA 200503-28 ] Sun Java: Web Start argument injection vulnerability, Thierry Carrez, 18:52
[Full-disclosure] Which anti-spyware cleaner is the best?, Paul Laudanski, 18:01
SUSE Security Announcement: MySQL vulnerabilities (SUSE-SA:2005:019), Marcus Meissner, 15:50
SUSE Security Announcement: several kernel security problems (SUSE-SA:2005:018), Marcus Meissner, 14:49
Oracle Reports Server 10g Vulnerable to XSS, Paolo Paolo, 14:29
[Full-disclosure] o2 Germany promotes SMS-Phishing, pentest, 14:19
Firescrolling 2 [Firefox 1.0.1], mikx, 14:19
Hashcash in mail (was: New Whitepaper: Anti Brute Force Resource Metering), Peter J. Holzer, 14:09
Black Hat Briefings & Trainings: Registration now open!, Jeff Moss, 13:58
Multiple vulnerabilities in Topic Calendar 1.0.1 for phpBB, Alberto Trivero, 13:48
[Full-disclosure] [USN-100-1] cdrecord vulnerability, Martin Pitt, 07:45
[Full-disclosure] [USN-99-2] Fixed php4 packages for USN-99-1, Martin Pitt, 06:04
[Full-disclosure] Re: [ISN] How To Save The Internet, Devdas Bhagat, 04:34

March 23, 2005

RE: Details of Sybase ASE bugs withheld, Evans, Arian, 20:00
RE: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off, Scrimsher, John P, 20:00
Re: [ISN] How To Save The Internet, Derek Martin, 19:50
[Full-disclosure] RE: [ISN] How To Save The Internet, Michael Wojcik, 18:29
RE: [Full-disclosure] RE: [ISN] How To Save The Internet, Glenn_Everhart, 17:59
[SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities cXIb8O3.11, Maksymilian Arciemowicz, 17:59
[Full-disclosure] Re: [ISN] How To Save The Internet, Ben Vaisvil, 17:49
RE: Java Web Start argument injection vulnerability, James C Slora Jr, 17:49
RE: Possible windows+python bug, Peter Oswald, 17:08
Re: New Whitepaper: Anti Brute Force Resource Metering, Gunter Ollmann, 16:58
Vortex Portal, Francisco Alisson, 16:58
Re: osCommerce File Manager Directory Traversal Vulnerability, Aikanáro Calaelen, 16:48
Interspire ArticleLive 2005 (php version) is vulnerable to XSS, mircia mircia, 16:37
Re: [ISN] How To Save The Internet, Thor (Hammer of God), 16:27
[Full-disclosure] Re: [ISN] How To Save The Internet, Jason Coombs, 16:17
Re: Possible windows+python bug, Kinnell, 16:17
Notacon: Apr. 8-10, 2005 in Cleveland, OH, Froggy, 16:07
[Full-disclosure] RE: [ISN] How To Save The Internet, Arndt . WA, 15:57
SUSE Security Announcement: ImageMagick problems (SUSE-SA:2005:017), Marcus Meissner, 15:57
Re: Details of Sybase ASE bugs withheld, Jay Libove, 15:47
Backdoors in AS/400 emulations allow the server to attack connected PC workstations, Shalom Carmel, 15:47
Re: Possible windows+python bug, liquid, 15:37
Re: [VulnWatch] Details of Sybase ASE bugs withheld, Peter J. Holzer, 15:27
RE: [VulnWatch] Details of Sybase ASE bugs withheld, http-equiv@excite.com , 15:27
Re: New Whitepaper: Anti Brute Force Resource Metering, Peter J. Holzer, 15:17
[SIG^2 G-TEC] SurgeMail Webmail Attachment Upload and XSS Vulnerabilities, chewkeong, 14:56
Re: [VulnWatch] Details of Sybase ASE bugs withheld, Simple Nomad, 13:36

March 22, 2005

Security Development Lifecycle Whitepaper Available, Michael Howard, 21:08
Re: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off, Eitan Caspi, 20:38
Re: Possible windows+python bug, azurIt, 20:18
[Full-disclosure] root-equivalent groups, psz, 19:27
[Full-disclosure] Re: [ISN] How To Save The Internet, Jason Coombs, 19:17
RE: [VulnWatch] Details of Sybase ASE bugs withheld, Marchand, Tom, 18:57
Re: Possible windows+python bug, Neil Schemenauer, 18:47
RE: [VulnWatch] Details of Sybase ASE bugs withheld, Chris Wysopal, 18:47
Re: [VulnWatch] Details of Sybase ASE bugs withheld, sean, 18:37
[Full-disclosure] RE: [ISN] How To Save The Internet, Marchand, Tom, 18:16
osCommerce File Manager Directory Traversal Vulnerability, Megasky, 17:46
RE: [VulnWatch] Details of Sybase ASE bugs withheld, Marchand, Tom, 17:26
RE: [Full-disclosure] Re: CISSP Test, Forbes, Robert R, 16:35
Black Hat Briefings & Trainings: Registration now open!, Jeff Moss, 16:15
[ Positive Technologies #SA] Phorum "location" HTTP Response Splitting Vulnerability, Alexander Anisimov, 15:55
Re: New Whitepaper: Anti Brute Force Resource Metering, Amit Klein (AKsecurity), 15:55
Re: [Full-disclosure] Re: CISSP Test, Andre Ludwig, 15:55
RE: [Full-disclosure] CISSP Test, David Chastain, 15:45
Nortel VPN Client Issue: Clear-text password stored in memory, Roy Hills, 15:45
Possible windows+python bug, liquid, 15:45
[Full-disclosure] Re: CISSP Test, robert, 15:35
[SECURITY] [DSA 696-1] New perl packages fix privilege escalation, Martin Schulze, 15:35
Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off, BoneMachine, 15:25
RUXCON 2005 Call for Papers, RUXCON Call for Papers, 15:14
RE: [Full-disclosure] CISSP Test, Forbes, Robert R, 15:14
Mac OSX[CF_CHARSET_PATH]: local root exploit., Vade 79, 15:04
Kayako eSupport Cross Site Scripting, GulfTech Security Research, 14:54
MDKSA-2005:060 - Updated MySQL packages fix multiple vulnerabilities, Mandrakelinux Security Team, 14:44
[Full-disclosure] RE: [ISN] How To Save The Internet, David Gillett, 14:34
Re: Thoughts and a possible solution on homograph attacks, Nick FitzGerald, 14:24
Re: [Full-disclosure] CISSP Test, David Chastain, 14:24
Re: [Full-disclosure] CISSP Test, Vladamir, 13:23
RE: [Full-disclosure] CISSP Test, Wade Woolwine, 13:03
RE: [Full-disclosure] CISSP Test, Forbes, Robert R, 12:53
[Full-disclosure] CISSP Test, Vladamir, 12:53
[Full-disclosure] Re: [ISN] How To Save The Internet, Scott Berinato, 12:13
[Full-disclosure] Re: [ISN] How To Save The Internet, Scott Berinato, 12:13
[Full-disclosure] Re: [ISN] How To Save The Internet, Keith Oxenrider, 12:13
[Full-disclosure] Re: [ISN] How To Save The Internet, Scott Berinato, 12:13

March 21, 2005

SecurityForest Exploitation Framework Beta has been released!, Alon Swartz, 20:26
Re: [VulnWatch] Details of Sybase ASE bugs withheld, sean, 20:16
iDEFENSE Security Advisory 03.21.05: Mac OS X CF_CHARSET_PATH Buffer Overflow Vulnerability, iDefense Customer Service, 19:55
Re: [VulnWatch] Details of Sybase ASE bugs withheld, David Litchfield, 19:45
[Full-disclosure] Re: [ISN] How To Save The Internet, Jason Coombs, 19:35
Re: [VulnWatch] Details of Sybase ASE bugs withheld, Halvar Flake, 18:25
New Whitepaper: Anti Brute Force Resource Metering, Gunter Ollmann (NGS), 17:44
phpMyFamily 1.4.0 SQL vulnerabilities, kre0n, 17:34
[VulnWatch] Details of Sybase ASE bugs withheld, NGSSoftware Insight Security Research, 17:14
Re: Thoughts and a possible solution on homograph attacks, Duncan Simpson, 16:13
phpMyFamily 1.4.0 SQL vulnerabilities, kreon, 15:53
-==PVDasm Long Name Debug Vulnerability==-, HaCkZaTaN, 15:33
Re: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability, Sheldon King, 15:33
Fw: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability, Sheldon King, 15:23
Fw: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability, Sheldon King, 15:02
[Full-disclosure] [gentoo-announce] [ GLSA 200503-27 ] Xzabite dyndnsupdate: Multiple vulnerabilities, Thierry Carrez, 14:52
[SECURITY] [DSA 695-1] New xli packages fix several vulnerabilities, Martin Schulze, 14:52
Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off, Eitan Caspi, 14:42
TSL-2005-0009 - multi, Trustix Security Advisor, 14:32
2 vulnerabilities in BetaParticle, farhad koosha, 14:32
[CLA-2005:940] Conectiva Security Announcement - curl, Conectiva Updates, 14:22
-==CoolForum Path Disclosure & Possible SQL Injection==-, HaCkZaTaN, 14:22
Re: Few remote bugs in zPanel, Kris Anderson, 14:01

March 20, 2005

[Full-disclosure] [ GLSA 200503-26 ] Sylpheed, Sylpheed-claws: Message reply overflow, Luke Macken, 21:04
[Full-disclosure] [ GLSA 200503-25 ] OpenSLP: Multiple buffer overflows, Thierry Carrez, 18:53
[Full-disclosure] [ GLSA 200503-24 ] LTris: Buffer overflow, Sune Kloppenborg Jeppesen, 17:22
[Full-disclosure] [ GLSA 200503-23 ] rxvt-unicode: Buffer overflow, Sune Kloppenborg Jeppesen, 17:22
RE: [Full-disclosure] Re: Social Engineering: You Have Been A Victim, Allan, 17:02

March 19, 2005

OllyDbg long process Module debug Vulnerability, ATmaCA ATmaCA, 15:52
[PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability, PersianHacker Team, 15:42
Ciamos Highlight.php Security Hole(IHS), Majid NT, 15:32
Ciamos Installation path(IHS), Majid NT, 15:32
[Full-disclosure] [ GLSA 200503-22 ] KDE: Local Denial of Service, Sune Kloppenborg Jeppesen, 05:48

March 18, 2005

RE: [phpbb <= 2.0.13 full path disclosure & directory listing], Paul S. Owen, 21:04
IceCast up to v2.20 multiple vulnerabilities, Patrick, 20:14
Re: SAV9 Functionality Hole - misses virus files, secure, 19:53
Re: [Full-disclosure] Social Engineering: You Have Been A Victim, bkfsec, 19:43
Re: [Full-disclosure] Truth, Justice and the Ordinary Person, Paul Laudanski, 19:33
[phpbb <= 2.0.13 full path disclosure & directory listing], JoCaNoR SeCuRiTy TeaM, 17:32
Re: [Full-disclosure] Truth, Justice and the Ordinary Person, Valdis . Kletnieks, 17:22
Java Web Start argument injection vulnerability, Jouko Pynnonen, 16:42
PHP-Post Exploit, Terencentanio Enache, 16:22
runcms highlight.php hole, Majid NT, 16:12
runcms installation path, Majid NT, 16:02
[Full-disclosure] Re: Social Engineering: You Have Been A Victim, Tomas Piling, 15:11
Re: [Full-disclosure] Social Engineering: You Have Been A Victim, Jay D. Dyson, 14:41
[Full-disclosure] Truth, Justice and the Ordinary Person, Paul Laudanski, 14:41
Re: [Full-disclosure] Social Engineering: You Have Been A Victim, Paul Laudanski, 14:31
Re: [Full-disclosure] Social Engineering: You Have Been A Victim, Paul Laudanski, 14:31
Re: SAV9 Functionality Hole - misses virus files, patrickwm71, 14:31
Re: Linux ISO9660 handling flaws, Dan Yefimov, 14:21
possible SQL injection in Subdreamer, GHC team, 14:10
myPHP Forum v1, 2 & 3, Terencentanio Enache, 13:50
[PersianHacker.NET 200503-09]PHPOpenChat v3.x XSS Multiple Vulnerability, PersianHacker Team, 13:40
[Full-disclosure] [USN-99-1] PHP4 vulnerabilities, Martin Pitt, 11:39
[Full-disclosure] Security Contact at RSA?, Gary O'leary-Steele, 08:48
[Full-disclosure] Cain & Abel PSK Sniffer Heap overflow, Gary O'leary-Steele, 08:28
Re: [Full-disclosure] Social Engineering: You Have Been A Victim, Ron DuFresne, 01:15
[Full-disclosure] Re: Windows Security Checklists - 10 Parts, Paul Laudanski, 01:05
[Full-disclosure] Social Engineering: You Have Been A Victim, Paul Laudanski, 00:55

March 17, 2005

Linux ISO9660 handling flaws, Michal Zalewski, 20:23
Kevin Walsh: LimeWire Gnutella client two vulnerabilities, Ill will, 18:02
LLSSRV Redux, Dave Aitel, 17:52
Another includer.cgi problem?, cout, 17:32
Re: PlatinumFTPserver format string vulnerability ( IHSTeam ), Gary H. Jones II, 17:22
MDKSA-2005:058 - Updated kdelibs packages fix multiple vulnerabilities, Mandrakelinux Security Team, 17:22
PHP mcNews arbitrary file inclusion, Jonathan Whiteley, 17:12
XSS in ACS blog, farhad koosha, 17:01
Windows 2000 GDI32.DLL GetEnhMetaFilePaletteEntries() API specially crafted EMF file DOS vulnerability, Hongzhen Zhou, 16:41
[CLA-2005:937] Conectiva Security Announcement - cyrus-imapd, Conectiva Updates, 16:21
See-security Advisory: Format string vulnerability in MailEnable 1.8, a a, 16:11
[Full-disclosure] [USN-98-1] OpenSLP vulnerabilities, Martin Pitt, 15:10
[Full-disclosure] [ GLSA 200503-21 ] Grip: CDDB response overflow, Luke Macken, 15:00
MDKSA-2005:059 - Updated evolution packages fix crasher, Mandrakelinux Security Team, 14:50
LLSSRV Clarifications <Immunity>, Dave Aitel, 14:40
Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Tomasz Papszun, 12:59

March 16, 2005

Re: GoodTech Telnet Server Buffer Overflow Vulnerability [EXPLOIT], cybertronic, 21:22
Re: Thoughts and a possible solution on homograph attacks, Riccardo Murri, 20:52
RE: Denial of Service Vulnerability in MySQL Server for Windows, BugTrap, 20:01
RE: SAV9 Functionality Hole - misses virus files, batchelornpe, 18:05
Servers Alive: Local Privilege Escalation, Michael Starks, 17:24
ASPjar Tell-a-Friend, farhad koosha, 17:04
PlatinumFTPserver format string vulnerability ( IHSTeam ), c0d3r, 16:54
SAV9 Functionality Hole - misses virus files, secure, 16:54
[USN-97-1] libxpm vulnerability, Martin Pitt, 16:34
[CLA-2005:934] Conectiva Security Announcement - kdenetwork, Conectiva Updates, 16:14
Re: Thoughts and a possible solution on homograph attacks, khockenb, 16:04
SUSE Security Announcement: multiple Mozilla Firefox vulnerabilities (SUSE-SA:2005:016), Marcus Meissner, 15:53
MDKSA-2005:057 - Updated gnupg packages fix vulnerability, Mandrakelinux Security Team, 15:53
Multiple KDE Security Advisories (2005-03-16), Waldo Bastian, 15:43
MDKSA-2005:056 - Updated koffice packages fix vulnerabilities on 64 bit platforms, Mandrakelinux Security Team, 15:33
MDKSA-2005:055 - Updated openslp packages fix multiple vulnerabilities, Mandrakelinux Security Team, 15:23
MDKSA-2005:054 - Updated cyrus-sasl packages fix vulnerability, Mandrakelinux Security Team, 15:13
MDKSA-2005:053 - Updated ethereal packages fix multiple vulnerabilities, Mandrakelinux Security Team, 15:03
[Full-disclosure] [ GLSA 200503-20 ] curl: NTLM response buffer overflow, Sune Kloppenborg Jeppesen, 14:01
[Full-disclosure] [ GLSA 200503-19 ] MySQL: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 13:11
RE: [Full-disclosure] Re: Av issues, Sean Crawford, 13:11
[Full-disclosure] ADVISORY: DataRescue Interactive Disassembler Pro Debugger Format String Vulnerability, Piotr Bania, 12:50
[Full-disclosure] Re: Av issues, bipin gautam, 12:20
[Full-disclosure] Re: Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Dr. Peter Bieringer, 07:08
[Full-disclosure] [USN-96-1] mySQL vulnerabilities, Martin Pitt, 05:38

March 15, 2005

Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Rodrigo Barbosa, 22:24
[Full-disclosure] Re: Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Michael J. Pomraning, 21:34
Re: Thoughts and a possible solution on homograph attacks, Valdis . Kletnieks, 21:34
Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Nigel Horne, 21:34
Re: Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Thierry Zoller, 21:33
[Full-disclosure] Re: Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Thierry Zoller, 21:33
[Full-disclosure] Re: Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Thierry Zoller, 21:33
RE: SAV9 Functionality Hole - misses virus files, Dewyngaert Brian Contr ANG/C4, 21:33
[Full-disclosure] Re: Av issues, Thierry Zoller, 21:33
Re: Thoughts and a possible solution on homograph attacks, Riccardo Murri, 21:33
[Full-disclosure] Re: Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Dr. Peter Bieringer, 21:33
Re: SAV9 Functionality Hole - misses virus files, Ben Blakely, 21:33
RE: SAV9 Functionality Hole - misses virus files, Polazzo Justin, 21:33
[ISR] - Novell iChain Mini FTP Server Bruteforce Problem, Francisco Amato, 21:33
Re: Av issues, Yves Belle-Isle, 21:33
Denial of Service Vulnerability in MySQL Server for Windows, Luca Ercoli, 21:33
[Full-disclosure] GoodTech Telnet Server Buffer Overflow Vulnerability, Komrade, 21:33
Re: SAV9 Functionality Hole - misses virus files, Harry Hoffman, 21:33
[ISR] Insecure communication and Reproduce the Session authentication, Francisco Amato, 21:33
[ISR] - Novell iChain Mini FTP Server Unauthorized Remote Path Disclosure Vulnerability, Francisco Amato, 21:33
[ISR] - Novell iChain Mini FTP Server Valid User Disclosure Vulnerability, Francisco Amato, 21:33
Virginity Security Advisory 2005-002 : Hola CMS - Another File destruction and System access, Virginity Security, 21:33
Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Rodrigo Barbosa, 21:33
RE: [Full-disclosure] Unfiltered escape sequences in filenamescontained in ZIP archives wouldn't be escaped on displaying orlogging, and can also lead to bypass AV scanning, Debasis Mohanty, 21:33
Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Dr. Peter Bieringer, 21:33
Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, bipin gautam, 21:33
Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, bipin gautam, 21:33
Few remote bugs in zPanel, Mik-, 21:33
Re: PlantinumFTP server <= 1.0.18 Remote DOS exploit, Gary H. Jones II, 21:33
SAV9 Functionality Hole - misses virus files, me3, 21:33
[Full-disclosure] UPDATE: [ GLSA 200501-38 ] Perl: rmtree and DBI tmpfile vulnerabilities, Thierry Carrez, 21:33
[Full-disclosure] [ GLSA 200503-18 ] Ringtone Tools: Buffer overflow vulnerability, Luke Macken, 21:33
[Full-disclosure] [USN-95-1] Linux kernel vulnerabilities, Martin Pitt, 21:33
Re: html code include in phpnuke news crash IE 6, Berend-Jan Wever, 21:32
phpbb cookie admin access, pureone, 21:32
Re: Av issues, Thierry Zoller, 21:32
phpbb <= 2.0.12 uid vuln + admin_styles.php php code injection exploit, bad boy, 21:32
PlantinumFTP server <= 1.0.18 Remote DOS exploit, Exoduks, 21:32
html code include in phpnuke news crash IE 6, WoRmZ Web, 21:32
RE: Av issues, David Webster, 21:32
Not SQL injection and XSS in paFileDB?, saudi linux, 21:32
iDEFENSE Security Advisory 03.14.05: MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities, iDEFENSE Labs, 21:32
DMA[2005-0310a] - 'Frank McIngvale LuxMan buffer overflow', Kevin Finisterre, 21:32
"Drop to STARTUP Folder II" published on 2005/02/08, Liu Die Yu, 21:32
YaBB2 rc1 XSS, alireza hassani, 21:32
[SECURITYREASON.COM] phpAdsNew 2.0.4-pr1 Multiple vulnerabilities cXIb8O3.9, Maksymilian Arciemowicz, 21:32
Ethereal 0.10.9 and below remote root exploit, Diego Giagio, 21:31
Re: [Full-disclosure] Re: iDownload/iSearch responds to Spyware Critics, bkfsec, 21:31
...::: hotforum.nl XSS exploit :::..., Rebyte Security, 21:31
Master RPC program number data base (/etc/rpc), Eilon Gishri, 21:31
SimpGB SQL Injection Vulnerability, Alexander Müller, 21:31
[XSS] paBox 2.0, Rift, 21:31
[ZH2005-02SA] Insecure tmp file creation in Wine, Giovanni Delvecchio, 21:31
[HAT-SQUAD] SafeNet Sentinel LM, UDP License Manager Exploit, class 101, 21:31
New Version of WinBlox is Available, Liu Die Yu, 21:31
LimeWire Gnutella client two vulnerabilities, Kevin Walsh, 21:31
[SECURITY] [DSA 693-1] New luxman packages fix local root exploit, Martin Schulze, 21:31
SUSE Security Announcement: openslp (SUSE-SA:2005:015), Sebastian Krahmer, 21:31
[CLA-2005:933] Conectiva Security Announcement - gaim, Conectiva Updates, 21:31
[SECURITY] [DSA 662-2] New squirrelmail package fixes regression, Martin Schulze, 21:31
[Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Dr. Peter Bieringer, 21:30
Re: [Full-disclosure] Re: iDownload/iSearch responds to Spyware Critics, Valdis . Kletnieks, 21:30
RE: [Full-disclosure] Multiple AVVendorIncorrectCRC32BypassVulnerability., Steve Scholz, 21:30
[Full-disclosure] Re: iDownload/iSearch responds to Spyware Critics, King Fuddler, 21:29
[Full-disclosure] 3 XSS Vulnerabilities in Phorum <= 5.0.14, Jon Oberheide, 21:29
RE: [Full-disclosure] Multiple AVVendorIncorrectCRC32BypassVulnerability., bipin gautam, 21:29
RE: [Full-disclosure] Multiple AVVendorIncorrectCRC32BypassVulnerability., Steve Scholz, 21:29
RE: [Full-disclosure] Re: [Private]Multiple AV VendorIncorrectCRC32BypassVulnerability., bipin gautam, 21:29
RE: [Full-disclosure] Re: [Private]Multiple AV VendorIncorrectCRC32BypassVulnerability., bipin gautam, 21:29
Ethereal remote buffer overflow #2, LSS Security, 21:29
Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, exon, 21:29
Re: [SECURITYREASON.COM] PostNuke Critical SQL Injection 0.760-RC2=>x cXIb8O3.1, Linux php, 21:29
Av issues, Bipin Gautam, 21:29
KnowledgeBase, Francisco Alisson, 21:29
[SECURITYREASON.COM] Mass Full Path Disclosure in paFileDB, SecurityReason, 21:29
aeNovo Database Content Disclosure Vulnerability, farhad koosha, 21:29
RE: Windows Server 2003 and XP SP2 LAND attack vulnerability, Miguel Angel Rodríguez Jódar, 21:29
Virginity Security Advisory 2005-001 : Hola CMS - File destruction and System access, Virginity Security, 21:29
PlatinumFTP 1.0.18 remote DoS, ports, 21:29
RE: Windows Server 2003 and XP SP2 LAND attack vulnerability, Daniel Cross, 21:29
Mysql CREATE FUNCTION libc arbitrary code execution., Stefano Di Paola, 21:29
Re: Thoughts and a possible solution on homograph attacks, Paul Smith, 21:29
summercon looking for speakers, louis, 21:29
[Full-disclosure] [ GLSA 200503-17 ] libexif: Buffer overflow vulnerability, Luke Macken, 21:29
[badroot.org] The Includer remote commands execution exploit, mozako, 21:29
Mysql CREATE FUNCTION mysql.func table arbitrary library injection, Stefano Di Paola, 21:29
[badroot.org] The Includer remote commands execution exploit, Federico Ozak, 21:29
PhotoPost PHP 5.0 RC3, and later, multiple vulnerabilities, Igor Franchuk, 21:29
[SECURITYREASON.COM] SQL injection and XSS in paFileDB, SecurityReason, 21:29
RE: [Full-disclosure] Re: [Private]Multiple AV VendorIncorrectCRC32BypassVulnerability., Steve Scholz, 21:29
[Full-disclosure] Re: [Private]Multiple AV Vendor IncorrectCRC32BypassVulnerability., bipin gautam, 21:29
[Full-disclosure] [ GLSA 200503-16 ] Ethereal: Multiple vulnerabilities, Luke Macken, 21:29
[Full-disclosure] [ GLSA 200503-15 ] X.org: libXpm vulnerability, Matthias Geerdsen, 21:29
[Full-disclosure] [Fwd: Re: Web security breach changes the lives of 119 people], Jason Coombs, 21:28
Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability., secure, 21:28
[Full-disclosure] Re: iDownload/iSearch responds to Spyware Critics, bkfsec, 21:28
[SECURITYREASON.COM][phpBB 2.0.13 SQL error in session cXIb8O3.8], Maksymilian Arciemowicz, 21:28
Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability, Atom Smasher, 21:28
Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability, Ryan Cummings, 21:28
Security Masters Dojo, Dragos Ruiu, 21:28
UBB.threads 6 SQL Injection, kre0n, 21:28
Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability, Atom Smasher, 21:27
Re: houghts and a possible solution on homograph attacks, Nick FitzGerald, 21:27
iDownload/iSearch responds to Spyware Critics, Paul Laudanski, 21:27
RE: Windows Server 2003 and XP SP2 LAND attack vulnerability, Evans, Arian, 21:27
RE: Windows Server 2003 and XP SP2 LAND attack vulnerability, Detection Services - IS Security, 21:27
Wfsection 1.07 vulnerabilities, kreon, 21:27
iDEFENSE Security Advisory 03.10.05: Ipswitch Collaboration Suite IMAP EXAMINE Buffer Overflow Vulnerability, iDEFENSE Labs, 21:27
XCode 1.5 and distcc 2.x Exploit, Ray Slakinski, 21:26
Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability., Bipin Gautam, 21:26
[Full-disclosure] RE: [USN-94-1] Perl vulnerability, secalert, 21:26
[Full-disclosure] Multiple Vulnerabilities of PY Software Active Webcam WebServer, Sowhat ., 21:26
[Full-disclosure] [Updated][FLSA-2005:2344] Updated php packages fix security issues, Marc Deslauriers, 21:25
Update: MS05-011 EEYE: Windows SMB Client Transaction Response Handling Vulnerability, Marc Maiffret, 21:25
[Security Bulletin] SSRT4891 rev.0 HP Tru64 UNIX message queue local denial of service (DoS), Boren, Rich (SSRT), 21:25
Re: Ethereal remote buffer overflow, Diego Giagio, 21:25
Re: Ethereal remote buffer overflow, Gerald Combs, 21:25
RE: Ethereal remote buffer overflow - addon, LSS Security, 21:25
[Full-disclosure] [USN-94-1] Perl vulnerability, Martin Pitt, 21:24
[Full-disclosure] linux break in challenge, Joel Jose, 21:24
[Full-disclosure] Yahoo! Messenger Offline Mode Status Remote Buffer Overflow Vulnerability, Rudra Kamal Sinha Roy, 21:24
Ethereal remote buffer overflow, LSS Security, 21:23
Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, killer_loop@mail.com, 21:23
Re: houghts and a possible solution on homograph attacks, Sven Putteneers, 21:23
Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, caldcv, 21:22
[SECURITY] [DSA 692-1] New kppp packages fix privileged file descriptor leak, Martin Schulze, 21:22
failles dans ProjectBB v0.4.5.1, [hacktinium]@securityfocus.com@www.securityfocus.com, 21:22
ArGoSoft FTP Server 1.4.2.8 Buffer Overflow, CorryL, 21:22
Multiple vulnerabilities in paFileDB, sp3x, 21:22
[CLA-2005:931] Conectiva Security Announcement - squid, Conectiva Updates, 21:22
Re: thoughts and a possible solution on homograph attacks, Mike Nice, 21:22
Re: thoughts and a possible solution on homograph attacks, Michael Roitzsch, 21:22
Re: thoughts and a possible solution on homograph attacks, Denis Jedig, 21:22
Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, Miroslav Kubik, 21:22
Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, Grndahl, 21:22
Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, paul14075, 21:22
Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, Patrick Chipman, 21:21
Re: Remote Command Execution, BoI base, 21:21
Re: thoughts and a possible solution on homograph attacks, Dmitry Yu. Bolkhovityanov, 21:21
Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability, Atom Smasher, 21:21
Re: thoughts and a possible solution on homograph attacks, Dmitry Yu. Bolkhovityanov, 21:21
[SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file extension validation, pokley, 21:21
RE: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability, Walton, John Michael (John), 21:21
Re: Remote Command Execution, BoI base, 21:20
PE Multiple Remote Access Validation Vulnerabilities (Participate Systems Inc. / Outstart Inc.), Altrus Wollesen, 21:20
Re: [Full-Disclosure] Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2, Andrey Bayora, 21:20
Multiples Vulnerabilities, Francisco Alisson, 21:20
[Full-disclosure] Multiple vulnerabilities in paFileDB, SecurityReason, 21:18
[Full-disclosure] [USN-93-1] Squid vulnerability, Martin Pitt, 21:15
Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit, comsatcat, 21:13
Re: Gene6 FTP Server Local Privilege Escalation Vulnerability, Matthieu, 21:13
iDEFENSE Labs Releases IDA RPC Enumerator, iDEFENSE Labs, 21:13
RE: thoughts and a possible solution on homograph attacks, Scovetta, Michael V, 21:13
Re: thoughts and a possible solution on homograph attacks, Benjamin Franz, 21:13
UnixWare 7.1.4 : squid updated package fixes several security issues, please_reply_to_security, 21:13
Re: thoughts and a possible solution on homograph attacks, Thomas Wana, 20:47
Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit, comsatcat, 20:47
Re: thoughts and a possible solution on homograph attacks, James Youngman, 20:47
Re: thoughts and a possible solution on homograph attacks, Kevin Day, 20:47
Re: thoughts and a possible solution on homograph attacks, Michael Silk, 20:47
Hosting Controller Multiple Unauthenticated information disclose, small mouse, 20:47
UnixWare 7.1.4 : Samba multiple security issues, please_reply_to_security, 20:47
Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability, Hubert Chan, 20:47
phpWebLog <= 0.5.3 arbitrary file inclusion (VXSfx), Filip Groszynski, 20:47
Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, Jon O., 20:47
[CLA-2005:930] Conectiva Security Announcement - kernel, Conectiva Updates, 20:47
PHP mcNews <= 1.3 arbitrary file inclusion (VXSfx), Filip Groszynski, 20:47
[Full-disclosure] [FLSA-2005:2404] Updated less package fixes security issue, Marc Deslauriers, 20:47
[Full-disclosure] - Argeniss - Oracle Database Server Directory transversal, Cesar, 20:46
See-security advisory: Trillian Basic 3.0 PNG Processing Buffer overflow, tal zeltzer, 20:46
Re: phpGiftReq SQL Injection, Ryan Walberg, 20:46
drone armies C&C report - Feb/2005, Gadi Evron, 20:46
PHP-FUSION 5.* XSS VULNERABILITY, FireSt0rm, 20:46
[Full-disclosure] [ GLSA 200503-14 ] KDE dcopidlng: Insecure temporary file creation, Sune Kloppenborg Jeppesen, 20:46
phpBB 2.0.13 - user level exploit, Some one, 20:46
vBulletin Worm - perl.Santy variant, The Prohacker, 20:46
[Full-disclosure] [USN-92-1] LessTif vulnerabilities, Martin Pitt, 20:46
PHP Form Mail Script <= 2.3 arbitrary file inclusion exploit exploit, mozako, 20:46
Remote Testing SocialMPN Remote File Inclusion by y3dips, echo staff, 20:46
Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability, Atom Smasher, 20:46
Re: GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability, Hongzhen Zhou, 20:46
Gene6 FTP Server Local Privilege Escalation Vulnerability, Sowhat, 20:46
Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-, Matthias, 20:46
thoughts and a possible solution on homograph attacks, Michael Roitzsch, 20:46
phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit, thephuket, 20:46
[USN-91-1] EXIF library vulnerability, Martin Pitt, 20:46
Re: [Full-Disclosure] Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2, Trog, 20:46
CIRT.DK Advisory - SafeNet Inc Sentinel License Manager 7.2.0.2 Buffer Overflow, CIRT Advisory, 20:46
[Hat-Squad] Computer-Associates, License Manager POC Exploit, Hat-Squad Security Team, 20:46
Remote Command Execution, Francisco Alisson, 20:46
[SECURITY] [DSA 691-1] New abuse packages fix local root exploit, Martin Schulze, 20:46
[VulnWatch] Real Realplayer 10 .smil local buffer overflow POC, nolimit bugtraq, 20:46
[Full-disclosure] [ GLSA 200503-13 ] mlterm: Integer overflow vulnerability, Luke Macken, 20:45
[Full-disclosure] [FLSA-2005:2344] Updated php packages fix security issues, Marc Deslauriers, 20:45
[Full-disclosure] [FLSA-2005:1748] Updated subversion packages fix security issues, Marc Deslauriers, 20:45
RE: [Full-Disclosure] [ GLSA 200503-12 ] Hashcash: Format stringvulnerability, Michael Scheidell, 20:44
[Full-Disclosure] [gentoo-announce] [ GLSA 200503-11 ] ImageMagick: Filename handling vulnerability, Thierry Carrez, 20:44
[Full-Disclosure] [ GLSA 200503-12 ] Hashcash: Format string vulnerability, Thierry Carrez, 20:44
[Full-Disclosure] [HAT-SQUAD] new exploit code, class 101, 20:44
[Full-Disclosure] Re: Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2, "Vincent DUVERNET (Nolmë Informatique)", 20:44
Re: Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php, Some one, 20:44
Windows Server 2003 and XP SP2 LAND attack vulnerability, Dejan Levaja, 20:44
MDKSA-2005:050 - Updated gftp packages fix vulnerability, Mandrakelinux Security Team, 20:44
MDKSA-2005:052 - Updated kdegraphics packages fix vulnerabilities, Mandrakelinux Security Team, 20:44
MDKSA-2005:051 - Updated cyrus-imapd packages fix vulnerabilities, Mandrakelinux Security Team, 20:44
MDKSA-2005:049 - Updated gaim packages fix multiple vulnerabilities, Mandrakelinux Security Team, 20:44
MDKSA-2005:048 - Updated curl packages fix vulnerability, Mandrakelinux Security Team, 20:44

March 05, 2005

LOOKNMEET HTML INJECT EXPLOIT, Wesley aka PPC, 00:51
phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-, Wesley aka PPC, 00:31

March 04, 2005

[Full-Disclosure] PaX privilege elevation security bug, pageexec, 22:30
[Full-Disclosure] Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2, Andrey Bayora, 19:18
-==phpBB 2.0.13 Full path disclosure==-, HaCkZaTaN, 17:07
Re: TYPO3 SQL Injection vunerabilitie, Karsten Dambekalns, 16:57
PHP Form Mail Script (2.3) - Arbitrary File Inclusion (VXSfx), Filip Groszynski, 16:57
Re: TYPO3 SQL Injection vunerabilitie, Michael Shigorin, 16:47
[Full-Disclosure] [ GLSA 200503-10 ] Mozilla Firefox: Various vulnerabilities, Thierry Carrez, 16:47
Re: TYPO3 3rd party extension (cmw_linklist) SQL Injection vunerability, Michael Shigorin, 16:37
[Full-Disclosure] [ GLSA 200503-09 ] xv: Filename handling vulnerability, Thierry Carrez, 16:37
RE: Microsoft AntiSpyware Beta and Windows Scripting Host, alex cottle, 16:26
Re: TYPO3 SQL Injection vunerabilitie, Michael Stucki, 16:16
Re: GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability, Frank Denis (Jedi/Sector One), 15:46
Download Center Lite (DCL) - Arbitrary File Inclusion (VXSfx), Filip Groszynski, 15:36
[Full-Disclosure] [ GLSA 200503-08 ] OpenMotif, LessTif: New libXpm buffer overflows, Thierry Carrez, 14:35
GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability, Hongzhen Zhou, 13:45
RE: TYPO3 SQL Injection vunerabilitie, GulfTech Security Research, 13:35

March 03, 2005

Re: TYPO3 SQL Injection vunerabilitie, Sebastian Wolfgarten, 21:17
PHP News <= 1.2.4 - Remote File Inclusion Exploit, mozako, 20:36
Re: Microsoft Antispyware Beta window docking issue, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], 20:06
[ GLSA 200503-07 ] phpMyAdmin: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 20:06
Re: TYPO3 SQL Injection vunerabilitie, Dennis Shewmaker, 19:46
[ GLSA 200503-06 ] BidWatcher: Format string vulnerability, Sune Kloppenborg Jeppesen, 19:15
Re: Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php, vzmule, 18:25
My-forum.org cookies vulnerability - data bug, Black Angel, 18:05
Microsoft Antispyware Beta window docking issue, Jeroen van Rijn, 17:14
TYPO3 SQL Injection vunerabilitie, Fabian Becker, 16:54
[CLA-2005:928] Conectiva Security Announcement - clamav, Conectiva Updates, 16:34
[XSS] paBox 1.6, Rift, 16:04
Microsoft AntiSpyware Beta and Windows Scripting Host, Joe Stocker, 15:54
Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php, Paisterist, 15:33
Re: SHA-1 broken, Pavel Machek, 15:33
[Full-Disclosure] [USN-90-1] Imagemagick vulnerability, Martin Pitt, 07:39

March 02, 2005

[Full-Disclosure] OpenSSL <=3D 0.9.6m vulnerability, cyber_tal0n, 22:35
[SECURITY BULLETIN] SSRT4866 rev.0 MUP HP OpenVMS V6.x and V7.x privileged file access, Boren, Rich (SSRT), 20:55
EEYE: Computer Associates License Manager Remote Vulnerabilities, Karl Lynn, 20:24
iDEFENSE Labs Releases IDA Sync, iDEFENSE Labs, 20:04
Re: phpBB <= 2.0.12 UID Exploit, Nicob, 19:54
Security Advisory: Computalynx CProxy Server Multiple Remote Vulnerabilities, Kristof Philipsen, 19:13
Golden Ftp server 1.29 Username remote Buffer Overflow, Carlos Ulver, 19:03
Re: Firefox Software Update, Gilles DEMARTY, 18:53
Vulnerabilities in Aura CMS, echo staff, 18:33
Foxmail server "USER" command Multiple remote buffer overflow, Xin Ouyang, 17:43
RealOne Player / Real .WAV Heap Overflow File Format Vulnerability, Mark Litchfield, 17:32
[CLA-2005:926] Conectiva Security Announcement - mod_python, Conectiva Updates, 17:22
License Patches Are Now Available To Address Buffer Overflows, Williams, James K, 17:12
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client and Server Invalid Command Buffer Overflow, iDEFENSE Labs, 17:02
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client PUTOLF Buffer Overflow, iDEFENSE Labs, 16:52
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client PUTOLF Directory Traversal, iDEFENSE Labs, 16:42
[Full-Disclosure] [ GLSA 200503-05 ] xli, xloadimage: Multiple vulnerabilities, Thierry Carrez, 16:32
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client/Server GETCONFIG Buffer Overflow, iDEFENSE Labs, 16:32
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client/Server GCR Network Buffer Overflow, iDEFENSE Labs, 16:22
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client/Server GCR Checksum Buffer Overflow, iDEFENSE Labs, 16:12
[VulnWatch] RealOne Player / Real .WAV Heap Overflow File Format Vulnerability, Mark Litchfield, 13:10
[Full-Disclosure] [FLSA-2005:2127] Updated CUPS packages fix security vulnerabilities, Marc Deslauriers, 10:49

March 01, 2005

Forumwa search.php xss vulnerability, Raven, 23:24
[Full-Disclosure] [FLSA-2005:2314] Updated XFree86 packages fix security flaws, Dominic Hargreaves, 22:04
[USN-87-1] Cyrus IMAP server vulnerability, Martin Pitt, 21:33
[USN-86-1] cURL vulnerability, Martin Pitt, 21:23
[USN-88-1] reportbug information disclosure, Martin Pitt, 21:13
[USN-89-1] XML library vulnerabilities, Martin Pitt, 21:03
Re: Firefox Software Update, Kai Howells, 20:53
Re: Firefox Software Update, Stan Bubrouski, 20:13
Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files, exon, 20:03
Re: Firefox Software Update, Rainer Duffner, 20:03
PHP News <= 1.2.4 - Remote File Inclusion (VXSfx), Filip Groszynski, 19:52
[Full-Disclosure] [ GLSA 200503-04 ] phpWebSite: Arbitrary PHP execution and path disclosure, Thierry Carrez, 19:32
[VulnWatch] iDEFENSE Security Advisory 03.01.05: RealNetworks RealPlayer .smil Buffer Overflow Vulnerability, Michael Sutton, 19:22
Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files, devnull, 19:12
[ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ], Jose Pedro Andres, 18:42
Re: [ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ], Maksymilian Arciemowicz, 18:32
IObjectSafety and Internet Explorer, Shane Hird, 18:22
Software PBLang 4.63 sendpm.php reply file read vulnerability, Raven, 18:01
[Full-Disclosure] [gentoo-announce] [ GLSA 200503-03 ] Gaim: Multiple Denial of Service issues, Sune Kloppenborg Jeppesen, 17:41
427BB profile.php XSS vulnerability., Raven, 17:41
Re: Firefox Software Update, Kurt Seifried, 17:31
Re: Firefox Software Update, Adam Kane, 17:21
Software PBLang 4.63 delpm.php authentication vulnerability, Raven, 17:11
Re: Firefox Software Update, Beau Henderson, 17:01
Re: Firefox Software Update, Matt Venzke, 16:51
[KDE Security Advisory] kppp Privileged fd Leak Vulnerability, Dirk Mueller, 16:41
427BB profile.php XSS vulnerability., Raven, 16:31
Re: Firefox Software Update, Michael Hampton, 16:20
phpBB <= 2.0.12 UID Exploit, federico gonzales, 15:50
[Full-Disclosure] [ GLSA 200503-02 ] phpBB: Multiple vulnerabilities, Thierry Carrez, 15:50
[Full-Disclosure] [ GLSA 200503-01 ] Qt: Untrusted library search path, Sune Kloppenborg Jeppesen, 15:20
[SIG^2 G-TEC] RaidenHTTPD Server Buffer Overflow and CGI Source Disclosure Vulnerabilities, chewkeong, 14:19
Re: iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error, dveditz, 13:59
Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files, Han Boetes, 13:48
Re: BizMail 2.1 Spam Exploit, Jason Frisvold, 13:38
[ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ], JoCaNoR SeCuRiTy TeaM, 13:28
[Full-Disclosure] Kernelpanik Labs Digest 2005-2, Kernelpanik Labs - Security Lists, 12:28