Bugtraq (date)
May 31, 2005
- [Full-disclosure] A short warning on the X11 Editres protocol, Florian Weimer, 20:25
- 504T and now also 604T remote access., alessandro, 20:25
- [Full-disclosure] Reminder: XGrabKeyboard is not a security interface, Florian Weimer, 20:25
- Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4, Alberto Trivero, 20:25
- Re: Citrix security contact, security curmudgeon, 20:25
- [Full-disclosure] ISR :: Infobyte Security Research :: (ISR-form.pl), famato, 20:25
- Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Justin, 20:25
- Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Todd C. Miller, 20:25
- multiple vulnerability Calendarix Advanced, DarkBicho, 20:25
- Re: [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Ow Mun Heng, 20:25
- Wide-scale industrial espionage using Trojan horses in Israel, Gadi Evron, 20:24
- [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Xnuxer Security, 20:24
- PowerDownload Remote File Inclusion, SoulBlack Group, 20:24
- Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Marcus Meissner, 20:24
- Re: Microsoft Internet Explorer - Crash on JavaScript "window()"-calling (05/28/2005), Benton Lam, 20:24
- Nortel VPN Router Malformed Packet DoS Vulnerability, Roy Hills, 20:24
- RE: Microsoft Internet Explorer - Crash on adding sites to restri cted zone (05/28/2005), Hohn, Joerg, 20:24
- TSL-2005-0025 - binutils, Trustix Security Advisor, 20:24
- Spam exploiting MS05-016, Nick FitzGerald, 20:24
- TSL-2005-0026 - multi, Trustix Security Advisor, 20:24
- Re: Microsoft Internet Explorer - Crash on JavaScript "window()"-calling (05/28/2005), - k -, 20:24
- SyScAN'05, organiser@syscan.org, 20:24
- [Full-disclosure] [Argeniss] MS05-012 Exploit, Cesar, 20:24
- MDKSA-2005:095 - Updated gdb packages fix vulnerabilities, Mandriva Security Team, 20:23
- Multiple vulnerabilities in x-cart Gold, CENSORED, 20:23
- MyBB 1.0 RC4 XSS Bug, August Christopher, 20:23
- CYBSEC - PHPMailer Infinite Loop Denial of Service, Mariano Nuñez Di Croce, 20:23
- [Full-disclosure] Crash in Stronghold 2 1.2, Luigi Auriemma, 20:23
- Format String Vulnerability In Peercast 0.1211 And Earlier, GulfTech Security Research, 20:23
- PicoWebServer Remote Unicode Stack Overflow, Dennis Elser, 20:23
- Microsoft Internet Explorer - Crash on to many stack overflows (05/28/2005), Benjamin Tobias Franz, 20:23
- Microsoft Internet Explorer - Crash on processing embedded files with endless loop (05/28/2005), Benjamin Tobias Franz, 20:23
- Microsoft Internet Explorer - Crash on JavaScript "window()"-calling (05/28/2005), Benjamin Tobias Franz, 20:23
- Microsoft Internet Explorer - Crash on adding sites to restricted zone (05/28/2005), Benjamin Tobias Franz, 20:23
May 27, 2005
- SQL Injection Exploit for myBloggie 2.1.1 - 2.1.2, Alberto Trivero, 19:20
- Re: User32.dll Icon Size Crash, Daniel Souza, 19:10
- RE: ACROS Security: HTML Injection in BEA WebLogic Server Console (2), ACROS Security, 18:59
- Re: [SECURITY] [DSA 729-1] New PHP4 packages fix denial of service, John GALLET, 18:49
- Citrix security contact, Eyal Udassin, 18:29
- DSL-504T (and maybe many other) remote access without password bug, alessandro, 18:29
- RE: CAID 32896 - Computer Associates Vet Antivirus engine heap overflow vulnerability, Williams, James K, 18:09
- [Full-disclosure] [AppSecInc Advisory BEA05-V0100] BEA WebLogic Administration Console error page cross-site scripting vulnerability, Team SHATTER, 16:38
- [Full-disclosure] [AppSecInc Advisory BEA05-V0101] BEA WebLogic Administration Console login page cross-site scripting vulnerability, Team SHATTER, 16:38
- User32.dll Icon Size Crash, - k -, 16:08
- PostNuke Critical SQL Injection and XSS 0.750=>x, sp3x, 15:18
- PHP Stat Administrative User Authentication Bypass, SoulBlack Group, 14:57
- [Full-disclosure] [USN-136-2] Fixed packages for USN-136-1, Martin Pitt, 12:45
- [Full-disclosure] [USN-136-1] binutils vulnerability, Martin Pitt, 09:44
- [Full-disclosure] [ GLSA 200505-20 ] Mailutils: Multiple vulnerabilities in imap4d and mail, Thierry Carrez, 09:44
- [Full-disclosure] [USN-135-1] gdb vulnerabilities, Martin Pitt, 09:34
- [Full-disclosure] [USN-114-2] Fixed packages for USN-114-1, Martin Pitt, 09:24
May 26, 2005
- [Full-disclosure] Mozilla 1.7.8 filehandle-error/win32, the.soylent, 18:37
- [security bulletin] SSRT5899 rev.0 - HP-UX trusted system remote unauthorized access, Boren, Rich (SSRT), 17:27
- Re: Commonly used disk imaging and wiping tools can be tricked to miss parts of a disk, Arne Vidström, 16:36
- [security bulletin] SSRT4884 rev.0 - HP-UX TCP/IP Remote Denial of Service (DoS), Boren, Rich (SSRT), 16:26
- Re: ACROS Security: HTML Injection in BEA WebLogic Server Console (2), Will Schroeder, 16:26
- [security bulletin] SSRT5954 rev.1 - HP-UX TCP/IP Remote Denial of Service (DoS), Boren, Rich (SSRT), 16:16
- Re: [Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability, jamesbug, 16:16
- Meteor FTP Server: PoC Exploit, Dim K0r0l, 15:56
- Re: Multiple Sql injection and XSS vulnerabilities in phpBB Plus v.1.52 and below and some of its modules., security curmudgeon, 15:46
- Re: PowerLink WAN Aggregator - Vunerability, preasoner, 15:46
- Invision Power Board 1.* and 2.* Exploit (BID 13529), Petey Beege, 14:55
- Re: PHP Injection in PHP Poll Creator, Michael Cordover, 14:45
- Alwil Software Avast Antivirus Device Driver Memory Overwrite Vulnerability, Piotr Bania, 14:35
- [Full-disclosure] Buffer-overflow in C'Nedra 0.4.0, Luigi Auriemma, 13:55
- [Full-disclosure] Buffer-overflow and crash in Terminator 3: War of the Machines 1.16, Luigi Auriemma, 13:45
- [Full-disclosure] [USN-134-1] Firefox vulnerabilities, Martin Pitt, 13:34
- Re: [Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability, jamesbug, 11:23
- [Full-disclosure] [USN-133-1] Apache utility vulnerability, Martin Pitt, 10:53
- [Full-disclosure] [ GLSA 200505-19 ] gxine: Format string vulnerability, Thierry Carrez, 09:22
May 25, 2005
- davfs2 does not honour Unix permissions, martin f krafft, 19:17
- High Risk Vulnerability in L-Soft's LISTSERV Server, NGSSoftware Insight Security Research, 18:46
- [Full-disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : nwprint privilege escalation, please_reply_to_security, 18:26
- PHP Injection in PHP Poll Creator, rash ilusion, 16:35
- [Full-disclosure] shtool insecure temporary file creation, ZATAZ.net, 16:05
- exim 4.40 exploit, plugger, 15:55
- [Full-disclosure] iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 imap4d Format String Vulnerability, iDEFENSE Labs, 15:35
- [Full-disclosure] iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 imap4d FETCH Command Resource Consumption DoS Vulnerability, iDEFENSE Labs, 15:35
- [Full-disclosure] iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 imap4d fetch_io Heap overflow Vulnerability, iDEFENSE Labs, 15:35
- [Full-disclosure] iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 mail header_get_field_name() Buffer Overflow Vulnerability, iDEFENSE Labs, 15:35
- [Full-disclosure] Zone Labs ZoneAlarm Vet anti-virus engine OLE processing vulnerability, Zone Labs Product Security, 14:24
May 24, 2005
- Javamail Multiple Information Disclosure Vulnerabilities, Ricky Latt, 19:46
- [Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP SELECT Command DoS Vulnerability, iDEFENSE Labs, 18:26
- [Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability, iDEFENSE Labs, 18:26
- [Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP LOGIN Remote Buffer Overflow Vulnerabilities, iDEFENSE Labs, 18:26
- [Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP STATUS Remote Buffer Overflow Vulnerability, iDEFENSE Labs, 18:16
- [Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP LSUB DoS Vulnerability, iDEFENSE Labs, 18:16
- [Full-disclosure] Re: Endless loop in Halo 1.06, Joel Esler, 17:05
- [Full-disclosure] Re: Endless loop in Halo 1.06, Joel Esler, 17:05
- ACROS Security: HTML Injection in BEA WebLogic Server Console (1), ACROS Security, 16:45
- ACROS Security: HTML Injection in BEA WebLogic Server Console (2), ACROS Security, 16:25
- Gforge - viewFile.php security flaw, Filippo Spike Morelli, 16:15
- Blue Coat Reporter multiple remote vulnerabilities, Oliver Karow, 15:54
- CAID 32896 - Computer Associates Vet Antivirus engine heap overflow vulnerability, Williams, James K, 15:44
- [Full-disclosure] Endless loop in Halo 1.06, Luigi Auriemma, 14:03
May 23, 2005
- [Full-disclosure] [ GLSA 200505-18 ] Net-SNMP: fixproc insecure temporary file creation, Sune Kloppenborg Jeppesen, 18:34
- [Full-disclosure] [ GLSA 200505-17 ] Qpopper: Multiple Vulnerabilities, Sune Kloppenborg Jeppesen, 17:54
- [Full-disclosure] RE: Security issue in Microsoft Outlook, Keenan Smith, 17:44
- Meteor FTP Server v1.5 Buffer Overflow, Auston J, 15:23
- Cookie Cart Default Installation Multiple Vulnerabilities, SoulBlack Group, 15:03
- SQL injections in PortailPHP, CENSORED, 14:52
- [Full-disclosure] Format string and crash in Warrior Kings 1.3 and Battles 1.23, Luigi Auriemma, 13:42
- [Full-disclosure] Computer Associates Vet Antivirus Library Remote Heap Overflow, list, 12:41
- [Full-disclosure] [USN-132-1] ImageMagick vulnerabilities, Martin Pitt, 10:00
- [Full-disclosure] [USN-131-1] Linux kernel vulnerabilities, Martin Pitt, 07:19
May 21, 2005
- [SECURITYREASON.COM] PostNuke SQL Injection 0.750=>x, Maksymilian Arciemowicz, 19:05
- pst.advisory 2005-21: gxine remote exploitable . opensource is god .lol windows, yan feng, 18:15
- [SECURITYREASON.COM] PostNuke Non Critical SQL Injection and Include 0.760-RC3=>x, Maksymilian Arciemowicz, 18:15
- [SECURITYREASON.COM] PostNuke XSS and Full path disclosure 0.760RC3=>x, Maksymilian Arciemowicz, 18:05
- [SECURITYREASON.COM] PostNuke XSS 0.760{RC2,RC3}, Maksymilian Arciemowicz, 17:55
- [Full-disclosure] [ GLSA 200505-16 ] ImageMagick, GraphicsMagick: Denial of Service vulnerability, Thierry Carrez, 13:43
May 20, 2005
- [UPDATE] UNICODE BUFFER OVERFLOW IN MS-WORD, Bahaa Naamneh, 18:25
- [Full-disclosure] RE: Security issue in Microsoft Outlook, David Corn, 17:24
- [BuHa Security] Wordpress SQL-Injection, Thomas Waldegger, 16:54
- Security contact for Trillian, Suramya Tomar, 16:54
- Re: [Full-disclosure] Security issue in Microsoft Outlook, Dan Margolis, 16:44
- episodex guestbook security bypass & html injection, farhad koosha, 16:44
- worm "postcard" e-mail issue, M. Perri, 16:34
- picasm error handling stack overflow vulnerability, Shaun Colley, 16:24
- pst.advisory: gedit fun. opensource is god .lol windows, yan feng, 15:54
- [Full-disclosure] RE: Security issue in Microsoft Outlook, David Corn, 14:03
- [Full-disclosure] [ GLSA 200505-15 ] gdb: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 11:01
- [Full-disclosure] ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability, Sune Kloppenborg Jeppesen, 10:41
- [Full-disclosure] UPDATE: [ GLSA 200504-23 ] Kommander: Insecure remote script execution, Sune Kloppenborg Jeppesen, 10:31
- [Full-disclosure] AW: Security issue in Microsoft Outlook, Aufmuth Andreas, 08:00
May 19, 2005
- [Full-disclosure] RE: Security issue in Microsoft Outlook, Patch Now, 21:55
- [Full-disclosure] Possible proxy scan for proactive countermeasures?, the rxmr, 17:43
- phpATM arbitrary PHP code inclusion, Ingvar Gilbert, 17:43
- UNICODE BUFFER OVERFLOW IN MS-WORD, Bahaa Naamneh, 17:43
- JavaMail Information Disclosure (msgno), Ricky Latt, 17:33
- Re: [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05), deluxe, 17:23
- D-Link DSL routers authentication bypass, Francesco Orro, 16:53
- Re: [Full-disclosure] NOVELL ZENWORKS MULTIPLE REMXXTE STACK & HEAP OVERFLOWS, bart2k, 16:53
- MDKSA-2005:092 - Updated gzip packages fix several vulnerabilities, Mandriva Security Team, 16:43
- MDKSA-2005:091 - Updated bzip2 packages fix multiple vulnerabilities, Mandriva Security Team, 16:33
- MDKSA-2005:090 - Updated nasm packages fix vulnerability, Mandriva Security Team, 16:23
- MDKSA-2005:089 - Updated cdrdao packages fix local root vulnerability, Mandriva Security Team, 16:12
- [Full-disclosure] [ GLSA 200505-14 ] Cheetah: Untrusted module search path, Sune Kloppenborg Jeppesen, 14:42
- [Full-disclosure] [USN-130-1] TIFF library vulnerability, Martin Pitt, 13:11
- [Full-disclosure] Re: Security issue in Microsoft Outlook, M. Moreno, 12:10
- Re: [Full-disclosure] Re: Security issue in Microsoft Outlook, Joachim Schipper, 12:10
- [Full-disclosure] Re: Security issue in Microsoft Outlook, Kevin Martin, 12:10
- [Full-disclosure] RE: Security issue in Microsoft Outlook, Steve Bostedor, 12:00
- [Full-disclosure] Re: Security issue in Microsoft Outlook, Jens Becker, 08:58
- RE: [Active Spam - GGL Filter] [Full-disclosure] AW: Security issue in Microsoft Outlook, irfan . syed, 08:37
- [Full-disclosure] Re: Security issue in Microsoft Outlook, Harshad, 08:27
- [Full-disclosure] Re: Security issue in Microsoft Outlook, Tom Gallagher, 08:27
- [Full-disclosure] RE: Security issue in Microsoft Outlook, Simon Dever, 08:27
- [Full-disclosure] Re: Security issue in Microsoft Outlook, Jesse Morgan, 08:27
- [Full-disclosure] RE: Security issue in Microsoft Outlook, Scovetta, Michael V, 08:27
- [Full-disclosure] AW: Security issue in Microsoft Outlook, Stein, Wilhelm Michael, 08:27
- [Full-disclosure] RE: Security issue in Microsoft Outlook, Domingos Bruges, 08:17
- [Full-disclosure] [FLSA-2005:152815] Updated libtiff packages fix security issues, Marc Deslauriers, 05:06
May 18, 2005
- [Full-disclosure] Re: Security issue in Microsoft Outlook, Nick FitzGerald, 21:22
- [FLSA-2005:152771] Updated pam packages fix security issue, Marc Deslauriers, 20:22
- [FLSA-2005:152883] Updated mozilla packages fix security issues, Marc Deslauriers, 20:12
- [Full-disclosure] Security issue in Microsoft Outlook, Bakchodiya, 19:52
- [Full-disclosure] NOVELL ZENWORKS MULTIPLE REMÃTE STACK & HEAP OVERFLOWS, list, 19:21
- Re: Mac OS X - Adobe Version Cue local root exploit [c version exploit], Vade 79, 18:31
- [Full-disclosure] UnixWare 7.1.4 : Updated mozilla fixes many security issues, please_reply_to_security, 18:21
- Re: Yahoo! Messenger may be storing all session data 'Unencoded' on the local machine, Torseq Tech., 18:01
- Re: [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05), Steven M. Christey, 17:30
- Windows (XP, 2k3, Longhorn) is vulnerable to IpV6 Land attack., Konrad Malewski, 16:29
- Help Center Live Vulnerabilities, GulfTech Security Research, 15:18
- Re: Windows image size crash, cmthemc, 15:08
- Yahoo! Messenger may be storing all session data 'Unencoded' on the local machine, Torseq Tech., 14:57
- [Full-disclosure] [USN-129-1] Squid vulnerability, Martin Pitt, 11:46
- [VulnWatch] Linux kernel pktcdvd ioctl break user space limit vulnerability [corrected], bugs, 01:42
May 17, 2005
- MDKSA-2005:088-1 - Updated mozilla-firefox packages re-enable extensions, Mandriva Security Team, 21:00
- [CLA-2005:953] Conectiva Security Announcement - kde, Conectiva Updates, 20:40
- Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability, alert7, 20:30
- [Full-disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : telnet client multiple issues, please_reply_to_security, 18:18
- [Full-disclosure] [USN-128-1] nasm vulnerability, Martin Pitt, 14:16
- [Full-disclosure] [ GLSA 200505-13 ] FreeRADIUS: Buffer overflow and SQL injection vulnerability, Sune Kloppenborg Jeppesen, 12:35
- [Full-disclosure] [USN-127-1] bzip2 vulnerabilities, Martin Pitt, 11:04
- [Full-disclosure] MySQL < 4.0.12 && MySQL <= 5.0.4 : Insecure tmp file handling, ZATAZ.net, 08:53
May 16, 2005
- cdrdao exploit for mandrake 10.2 ( Mandriva 2005), newbug Tseng, 19:17
- [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05), deluxe, 19:07
- Mac OS X - Adobe Version Cue local root exploit [c version exploit], ali reza AcTiOnSpIdEr, 18:57
- Pico Server (pServ) Remote Command Injection, Claus R. F. Overbeck, 18:37
- Pico Server (pServ) Information Disclosure Of CGI Sources, Claus R. F. Overbeck, 18:17
- Pico Server (pServ) Local Information Disclosure, Claus R. F. Overbeck, 18:07
- Woltlab Burning Board SQL Injection Vulnerability, GulfTech Security Research, 17:57
- DotNetNuke (Multiple XSS), Mark Woan, 17:47
- Multiple Vulnerabilities in MetaCart e-Shop, dedi dwianto, 17:26
- [Full-disclosure] Re: Postnuke 0.750 - 0.760rc4 local file inclusion, Paul Laudanski, 14:15
- [Full-disclosure] Postnuke 0.750 - 0.760rc4 local file inclusion, pokley, 03:20
May 14, 2005
- MDKSA-2005:088 - Updated mozilla packages fix multiple vulnerabilities, Mandriva Security Team, 17:56
- Skull-Splitter's Guestbook Multiple XXS/HTML injection, Morinex Eneco, 17:26
- Re: Windows image size crash, Bernhard Mitterer, 17:06
- Gaim 1.2.1 -- PoC Stack Overflow, Ron, 16:15
- [Full-disclosure] [ GLSA 200505-10 ] phpBB: Cross-Site Scripting Vulnerability, Sune Kloppenborg Jeppesen, 12:04
May 13, 2005
- Yahoo! Chat Add Buddy Without Consent Privacy Issue, Torseq Tech., 20:58
- PHPHeaven PHPMyChat Cross-site Scripting Vulnerablitiy, Megasky, 19:57
- Re: Windows image size crash, Oliver J. Morais, 19:37
- Re: Windows image size crash, Giuseppe `lan` Marocchio, 19:37
- Yahoo! Messenger URL Handler Remote DoS Vulnerability, Torseq Tech., 19:27
- Re: Linux kernel ELF core dump privilege elevation, codeQ, 19:17
- OpenBB SQL Injection & Cross-site Scripting Vulnerability, Megasky, 19:07
- Re: Linux kernel ELF core dump privilege elevation (kernel module workaround), chris, 18:57
- Re: phpbb 2.0.15 released - patches high critical vuln, Paul Laudanski, 18:47
- cross-domain cookie theft: who's to blame?, Tim Tompkins, 18:36
- Windows image size crash, RSnake, 18:36
- Willings WebCam - Password Disclosure Issue, SecuBox fRoGGz, 18:16
- Ultimate PHP Board (UPB) Security Advisory, Morinex Eneco, 14:54
- [Full-disclosure] OpenServer 5.0.7 UnixWare 7.1.4 UnixWare 7.1.3 : Hyper-Threading information leakage, please_reply_to_security, 14:44
- Re: Linux kernel ELF core dump privilege elevation, Pedro Venda, 14:44
- 32-bit qmail fun (qmail-pop3d) (fwd), Lars Olsson, 14:34
- ITU 2005 Call For Papers, Michal Szymanski, 14:24
- FreeBSD Security Advisory FreeBSD-SA-05:09.htt [REVISED], FreeBSD Security Advisories, 14:04
- [Full-disclosure] OllyDbg "INT3 AT" Format String Vulnerability, Piotr Bania, 11:33
- [Full-disclosure] [FLSA-2005:155508] Updated cvs package fixes security issues, Marc Deslauriers, 08:51
- [Full-disclosure] [USN-126-1] GNU TLS library vulnerability, Martin Pitt, 08:01
- [Full-disclosure] [FLSA-2005:152871] Updated nfs-utils package fixes security issue, Marc Deslauriers, 05:00
- [Full-disclosure] [FLSA-2005:152912] Updated imap packages fix security issues, Marc Deslauriers, 05:00
- [Full-disclosure] [FLSA-2005:154988] Updated openoffice.org packages fix security issues, Marc Deslauriers, 04:50
- [Full-disclosure] [FLSA-2005:152763] Updated qt packages fixes security issues, Marc Deslauriers, 03:19
- [Full-disclosure] [FLSA-2005:152768] Updated ruby package fixes security issues, Marc Deslauriers, 03:19
- [Full-disclosure] [FLSA-2005:152804] Updated openmotif packages fix image vulnerability, Marc Deslauriers, 03:19
- [Full-disclosure] [FLSA-2005:152856] Updated sudo packages fix security issue, Marc Deslauriers, 03:19
May 12, 2005
- [Full-disclosure] Netvault Remote Heap Overflow (another one), nolimit bugtraq, 22:05
- [Full-disclosure] Re: phpbb 2.0.15 released - patches high critical vuln, Paul Laudanski, 20:24
- htdigest exploit code [bid 13537], K sPecial, 19:24
- Re: Linux kernel ELF core dump privilege elevation, antoine, 19:04
- Re: Linux kernel ELF core dump privilege elevation (kernel module workaround), Andrew Griffiths, 18:54
- MDKSA-2005:084 - Updated gnutls packages fix vulnerabilities, Mandriva Security Team, 17:53
- MDKSA-2005:085 - Updated kdelibs packages fix vulnerabilities, Mandriva Security Team, 17:43
- MDKSA-2005:086 - Updated gaim packages fix multiple vulnerabilities, Mandriva Security Team, 17:33
- MDKSA-2005:087 - Updated tcpdump packages fix multiple vulnerabilities, Mandriva Security Team, 17:23
- Acrowave AAP-3100AR authetication bypass, Martin Tornwall, 17:13
- Directtopics Multiple Vulnerabilities (Security Advisory), Morinex Eneco, 17:03
- Re: Commonly used disk imaging and wiping tools can be tricked to miss parts of a disk, Thor Arne Johansen, 16:22
- Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks, Anton Ivanov, 16:12
- Security Advisory for Bugzilla 2.18, 2.19.2, and 2.16.8, Max Kanat-Alexander, 16:02
- Firefox 1.0.4 released. Several vulnerabilities fixed, Paul, 15:52
- [Full-disclosure] [USN-125-1] Gaim vulnerabilities, Martin Pitt, 14:52
- [Full-disclosure] [USN-124-2] Fixed packages for USN-124-1, Martin Pitt, 14:42
- Re: [Full-disclosure] [DR018] Quartz Composer / QuickTime 7 information leakage, adf--at--Code511.com, 09:29
- [Full-disclosure] [ GLSA 200505-09 ] Gaim: Denial of Service and buffer overflow vulnerabilties, Sune Kloppenborg Jeppesen, 02:36
- RE: TCP/IP implementations do not adequately validate ICMP error messages, David Schwartz, 01:16
- Yappa-NG Multiple Vulnerabilities, GulfTech Security Research, 01:06
- Re: SPAM-HIGH: TCP/IP implementations do not adequately validate ICMP error messages, David Nichols, 00:05
- Re: Firefox Crash??, Jeremy Kelley, 00:05
May 11, 2005
- Re: Linux kernel ELF core dump privilege elevation, Paul Starzetz, 23:55
- Re: Firefox Crash??, Joxean Koret, 22:55
- Re: Linux kernel ELF core dump privilege elevation, Greg KH, 22:55
- Re: Firefox Crash??, Christophe Lucas, 22:45
- [Full-disclosure] [DR018] Quartz Composer / QuickTime 7 information leakage, David Remahl, 22:14
- Re: Authentication bypass, sql injections and xss in ArticleLive 2005, Steven M. Christey, 21:54
- Re: Linux kernel ELF core dump privilege elevation, Bruno Lustosa, 21:34
- Ethereal <= 0.10.10 SIP dissector stack overflow DoS exploit, Shaun Colley, 21:14
- Re: TCP/IP implementations do not adequately validate ICMP error messages, Maciej Soltysiak, 20:54
- Commonly used disk imaging and wiping tools can be tricked to miss parts of a disk, Arne Vidström, 20:44
- Re: Linux kernel ELF core dump privilege elevation, Greg KH, 20:24
- Re: TCP/IP implementations do not adequately validate ICMP error messages, Peter Keel, 20:13
- [HSC Security Group] MaxWebPortal - Multiple SQL injection/XSS, Zinho, 20:13
- Re: [Full-disclosure] Which is the best anti-spyware cleaner?, Paul Laudanski, 20:13
- [Full-disclosure] Which is the best anti-spyware cleaner?, Paul Laudanski, 20:03
- [Full-disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : chroot A known exploit can break a chroot prison., please_reply_to_security, 16:21
- Metasploit Framework v2.4, H D Moore, 15:10
- MDKSA-2005:083 - Updated ethereal packages fix multiple vulnerabilities, Mandriva Security Team, 14:50
- [VulnWatch] Linux kernel ELF core dump privilege elevation, Paul Starzetz, 14:39
- Re: [Full-disclosure] BakBone NetVault last warning, class, 11:04
- [Full-disclosure] BakBone NetVault last warning, class, 10:54
- [Full-disclosure] [Scan Associates Advisory] Neteyes Nexusway multiple vulnerability, pokley, 08:53
- [Full-disclosure] [USN-124-1] Mozilla and Firefox vulnerabilities, Martin Pitt, 05:11
May 10, 2005
- [Full-disclosure] Guesbook Pro XSS & HTML Injection, SoulBlack Group, 22:49
- WowBB view_user.php SQL Injection Vulnerability, Megasky, 21:38
- CAIF 1.2 released, Oliver Goebel, 19:07
- Gamespy cd-key validation system: "Cd-key in use" DoS versus many games, Luigi Auriemma, 19:07
- Firefox Crash??, orebla Orebla, 18:46
- TCP/IP implementations do not adequately validate ICMP error messages, Alok Menghrajani - Ilion Security SA, 18:36
- TSLSA-2005-0021 - squid, Trustix Security Advisor, 18:26
- [Full-disclosure] [ GLSA 200505-08 ] HT Editor: Multiple buffer overflows, Sune Kloppenborg Jeppesen, 18:16
- [Full-disclosure] [ GLSA 200505-07 ] libTIFF: Buffer overflow, Sune Kloppenborg Jeppesen, 18:16
- New Macromedia Security Zone Bulletin Posted, Macromedia Security Zone, 18:16
- [Full-disclosure] Crash in Zoidcom 1.0 beta 4, Luigi Auriemma, 17:25
- Esqo advisory: GeoVision Digital Video Surveillance System - Multiple authentication issues, Tirath Rai, 14:14
- [Full-disclosure] remote root security bug in ethereal 0.9.13 >= and <= 0.10.10, suresec advisories, 07:00
May 09, 2005
- Viruses can evade Sophos Anti-Virus, xerces8, 18:04
- [Full-disclosure] [ GLSA 200505-06 ] TCPDump: Decoding routines Denial of Service vulnerability, Sune Kloppenborg Jeppesen, 17:44
- [Full-disclosure] [ GLSA 200505-05 ] gzip: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 17:34
- Re: firefox 1.0.3 spoof+auto dl, Paul, 17:34
- Advanced Guestbook 2.3.1, Spy Hat, 17:24
- Firefox Remote Compromise Technical Details, Paul, 17:14
- Re: Can't trust COMODO - An Update, Gunter Ollmann, 16:43
- Firefox Remote Compromise Leaked, Paul, 16:33
- Announcement: The Web Security Mailing List, contact, 16:33
- NISCC Vulnerability Advisory IPSEC - 004033, albatross, 16:23
- Re: MegaBook V2.0 - Cross Site Scripting Exploit, Spy Hat, 15:33
- PwsPHP v1.2.2 Final - Multiples vulnerabilities, SecuBox fRoGGz, 15:23
- [Full-disclosure] [ GLSA 200505-04 ] GnuTLS: Denial of Service vulnerability, Matthias Geerdsen, 06:58
May 06, 2005
- [Full-disclosure] Re: [SEC-1 LTD] RSA SecurID Web Agent Heap Overflow, Kevin, 21:05
- 4d WebSTAR 5.x Web Server Mac OS X Buffer Overflow, Braden Thomas, 20:14
- Secure Science Corporation Advisory CSA-056, SSC Advisory Notice, 17:53
- PHP Advanced Transfer Manager v1.21, tjomi4, 16:12
- FreeBSD Security Advisory FreeBSD-SA-05:08.kmem, FreeBSD Security Advisories, 16:02
- FreeBSD Security Advisory FreeBSD-SA-05:07.ldt, FreeBSD Security Advisories, 15:52
- FreeBSD Security Advisory FreeBSD-SA-05:06.iir, FreeBSD Security Advisories, 15:42
- [Full-disclosure] [ GLSA 200505-03 ] Ethereal: Numerous vulnerabilities, Sune Kloppenborg Jeppesen, 15:42
- MDKSA-2005:081 - Updated XFree86/XOrg packages fix libXpm vulnerabilities, Mandriva Security Team, 15:32
- Multiple Vulnerabilities In Invision Power Board, GulfTech Security Research, 15:22
- Re: MegaBook V2.0 - Cross Site Scripting Exploit, Morning Wood, 15:01
- MDKSA-2005:082 - Updated OpenOffice.org packages fix heap overflow vulnerability, Mandriva Security Team, 14:41
- Sql Injection in CJ Ultra Plus v1.0.3-1.0.4, Kold, 14:21
- Multiple vulnearabilities in e107 cms, hennoj, 14:11
- Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks, Michal Zalewski, 14:01
- Mac OS 10.4: new-account-wizzard in Mail 2.0 sends clear-text passwords, Markus Wörle, 14:01
- [Full-disclosure] [USN-123-1] Xine library vulnerabilities, Martin Pitt, 12:30
- MegaBook V2.0 - Cross Site Scripting Exploit, Spy Hat, 10:29
- [Full-disclosure] [USN-122-1] Squid vulnerability, Martin Pitt, 09:08
- [Full-disclosure] [USN-121-1] OpenOffice.org vulnerability, Martin Pitt, 07:58
- [Full-disclosure] [SEC-1 LTD] RSA SecurID Web Agent Heap Overflow, Gary O'leary-Steele, 07:07
- [Full-disclosure] [USN-119-1] tcpdump vulnerabilities, Martin Pitt, 05:47
May 05, 2005
- [Full-disclosure] Re: directory traversal in SimpleCam 1.2, pingywon, 23:34
- Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks, H D Moore, 21:53
- [Full-disclosure] [ GLSA 200505-02 ] Oops!: Remote code execution, Luke Macken, 20:43
- [hackgen-2005-#004] - Multiple bugs in MidiCart PHP Shopping Cart, Exoduks, 20:13
- Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks, Michal Zalewski, 19:42
- DMA[2005-0502a] - 'Apple OSX multiple Bluetooth vulnerabilities', Kevin Finisterre, 19:32
- [Full-disclosure] Port 1025 netvenuechat, Sherwyn Williams, 18:42
- Re: AWStats <= 6.4 Multiple vulnerabilities, Laurent Destailleur, 18:22
- Multiple Vulnerabilities In osTicket, GulfTech Security Research, 17:31
- RE: ASP.NET __VIEWSTATE crypto validation prone to replay attacks, Tim Farley, 17:11
- Multiple Vulnerabilities In SitePanel2, GulfTech Security Research, 17:01
- Multiple vulnerabilities in myBloggie 2.1.1, Alberto Trivero, 17:01
- dSMTP - SMTP Mail Server 3.1b Linux Remote Root Format String Exploit, cybertronic, 16:41
- Oracle 10g DBMS_SCHEDULER SESSION_USER issue, Alexander Kornbrust, 16:31
- Oracle 9i / 10g Fine Grained Auditing Issue, Alexander Kornbrust, 16:20
- MRO Maximo v4 & v5, Felix, 15:50
- iDEFENSE Security Advisory 05.04.05: Apple Mac OS X vpnd Server_id Buffer Overflow Vulnerability, iDEFENSE Labs, 15:40
- Local file detection bug found through Adobe SVG Viewer, Hyperdose Security, 15:20
- Multiple vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, ShineShadow, 14:49
- Gossamer Threads Links SQL login XSS Vulnerability, Nathan House, 14:39
- iDEFENSE Security Advisory 05.03.05: Mac OS X Server NeST -target Buffer Overflow Vulnerability, iDEFENSE Labs, 14:19
- Golden Ftp Server Pro - Directory Traversal Vuln, Lachlan. H, 14:09
- Authentication bypass, sql injections and xss in ArticleLive 2005, dcrab, 14:09
- Multiple SQL injections and XSS in FishCart 3.1, dcrab, 13:59
- [HSC Security Group] ASP Inline Corporate Calendar SQL injection, Zinho, 13:38
May 04, 2005
- [Full-disclosure] directory traversal in SimpleCam 1.2, Donato Ferrante, 15:48
- [Full-disclosure] Gamespy cd-key validation system: Cd-key never in use, Luigi Auriemma, 15:18
- [Full-disclosure] Gamespy cd-key validation system: "Cd-key in use" DoS versus many games, Luigi Auriemma, 15:18
- [VulnWatch] leafnode security announcement leafnode-SA-2005-01, Matthias Andree, 15:07
- RE: [Full-disclosure] Re: [VulnWatch] Hotmail Advisories, Luis A. Cortes Zavala, 14:27
- [Full-disclosure] [USN-118-1] PostgreSQL vulnerabilities, Martin Pitt, 13:06
- [Full-disclosure] Local root vuln in VPN daemon on MacOS X, Pieter de Boer, 12:16
- Re: [Full-disclosure] Re: [VulnWatch] Hotmail Advisories, Jerome Athias, 10:55
- [Full-disclosure] Re: [VulnWatch] Hotmail Advisories, Sherwyn Williams, 10:25
- [Full-disclosure] Hotmail Advisories, Luis A. Cortes Zavala, 07:44
- [Full-disclosure] Hotmail Advisories, Luis A. Cortes Zavala, 07:34
- [Full-disclosure] [USN-117-1] cvs vulnerability, Martin Pitt, 07:34
- [Full-disclosure] [USN-116-1] gzip vulnerabilities, Martin Pitt, 07:34
May 03, 2005
- [VulnWatch] Advisories for 4 vulnerabilities addressed by Apple SU 2005-005, David Remahl, 20:39
- [VulnWatch] Hotmail Advisories, Luis A. Cortes Zavala, 19:38
- [Full-disclosure] [USN-115-1] Kommander vulnerability, Martin Pitt, 14:26
- ASP.NET __VIEWSTATE crypto validation prone to replay attacks, Michal Zalewski, 13:05
- [Full-disclosure] [USN-114-1] kimgio vulnerability, Martin Pitt, 10:13
- [Full-disclosure] [USN-113-1] libnet-ssleay-perl vulnerability, Martin Pitt, 09:33
May 02, 2005
- Re: Apache hacks (./atac, d0s.txt), Nick Bright, 21:57
- tHorK FrameWork Beta v0.1::: another exploit framework, gilbert nzeka, 21:47
- [CLA-2005:952] Conectiva Security Announcement - kernel, Conectiva Updates, 21:37
- Directory Traversal Vuln - RaidenFTPD 2.4 < Build 2241, Lachlan. H, 21:17
- Re: Apache hacks (./atac, d0s.txt), Steve Kemp, 21:17
- Re: Apache hacks (./atac, d0s.txt), Jay D. Dyson, 21:07
- Re: Apache hacks (./atac, d0s.txt), KF (lists), 20:57
- Re: Privilege escalation in BulletProof FTP Server v2.4.0.31 [PoC], Jerome ATHIAS, 20:36
- Re: Apache hacks (./atac, d0s.txt), Robert Zilbauer, 20:26
- Can't trust COMODO, Gunter Ollmann (NGS), 20:16
- Re: Apache hacks (./atac, d0s.txt), Skip Carter, 20:16
- Re: Apache hacks (./atac, d0s.txt), Luiz Henrique, 20:06
- Regions bank phishing scam, Ryan S, 19:56
- Re: Apache hacks (./atac, d0s.txt), Daniel Cid, 19:56
- Re: Apache hacks (./atac, d0s.txt), Sagiko, 19:46
- Re: Apache hacks (./atac, d0s.txt), Chris Umphress, 19:36
- JGS-Portal 3.0.1 SQL-Injection, admin, 19:26
- Golden FTP Server Pro Remote Buffer Overflow Exploit, mohamed amhemed, 19:16
- Re: Apache hacks (./atac, d0s.txt), a.list.address@gmail.com, 18:45
- Insecure pty permissions in OS X < 10.4, Matt Johnston, 18:45
- DMA[2005-0501a] - 'ARPUS/Ce setuid buffer overflow and file overwrite', KF (lists), 16:24
- [Full-disclosure] Multiple Vulnerabilities in Video Cam Server 1.0.0, Donato Ferrante, 10:10