Network Security Archives

Bugtraq (date)

[Thread Index] [Top] [All Lists]

August 31, 2005

Ariba password exposure vulnerability, gerald626, 20:41
Vulnerability in Symantec Anti Virus Corporate Edition v9.x, golovast, 19:51
CMS Made Simple <= 0.10 - PHP injection, groszynskif, 19:41
RE: secure client-side platform, Beauford, Jason, 19:00
Flatnuke 2.5.6 (possibly prior versions) Underlying system information disclosure / Administrative & users credentials disclosure, retrogod, 17:30
Re: ICMP attacks against TCP: Conclusions, Damien Miller, 17:19
Simple Machine Forum 1-0-5 (possibly prior versions) user IP address / information disclosure, retrogod, 17:09
Obsidis #1 Call for Papers, angelo, 16:59
XSS in GreyMatter blog, poizon, 16:49
[security bulletin] SSRT051003 rev.0 - HP-UX Java Web Start remote unauthorized privileged access, security-alert, 16:19
secure client-side platform, liudieyu, 15:08
Indiatimes Messenger 6.0 Buffer Overflow (Remote), ViPeR, 14:58
[security bulletin] SSRT051004 rev.0 - HP-UX Java Runtime Environment (JRE) Untrusted Applet Elevates Privilege, security-alert, 14:48
Call for new mailing lists @ SecurityFocus, Alfred Huger, 14:17
[Full-disclosure] [ GLSA 200508-22 ] pam_ldap: Authentication bypass vulnerability, Sune Kloppenborg Jeppesen, 12:56
[Full-disclosure] [ GLSA 200508-21 ] phpWebSite: Arbitrary command execution through XML-RPC and SQL injection, Sune Kloppenborg Jeppesen, 12:46
[Full-disclosure] Re: Tool for Identifying Rogue Linksys Routers, Gregory Boyce, 12:05
[Full-disclosure] [USN-173-4] PCRE vulnerabilities, Martin Pitt, 10:45
[Full-disclosure] Re: BNBT EasyTracker Remote Denial of Service Vulnerability, Sowhat ., 07:13
Re: Vulnerability in Helpdesk software Hesk 0.92, Thomas Krüger, 01:10
MS05-042 Security Update Problems, Andrew McCullough, 01:00

August 30, 2005

Re: Vulnerability in Helpdesk software Hesk 0.92, not, 23:59
Re: PunBB BBCode IMG Tag Script Injection Vulnerability, Aaron Horst, 23:39
Fetchmail 6.2.5 exploit for Bugtraq ID: 14349, bannedit, 23:29
Re: ICMP attacks against TCP: Conclusions, Dan Yefimov, 21:48
phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions) system disclosure,, retrogod, 16:14
SUSE Security Announcement: pcre integer overflows (SUSE-SA:2005:048), Marcus Meissner, 15:24
BNBT EasyTracker Remote Denial of Service Vulnerability, Sowhat ., 15:03
SUSE Security Announcement: php4/php5 Pear::XML_RPC code injection and PCRE integer overflow problems (SUSE-SA:2005:049), Marcus Meissner, 14:53
[Full-disclosure] [ GLSA 200508-20 ] phpGroupWare: Multiple vulnerabilities, Thierry Carrez, 13:22
[Full-disclosure] [ GLSA 200508-19 ] lm_sensors: Insecure temporary file creation, Thierry Carrez, 12:42
[Full-disclosure] [UNTRUE] Gadu-Gadu supposedly fixed the invisible detection vulnerability?, Maciej Soltysiak, 10:00
[Full-disclosure] e107 0.6 forum_post.php create new topics in non-existing forums, Marc Ruef, 08:40
[Full-disclosure] [USN-173-3] Fixed apache2 packages for USN-173-2, Martin Pitt, 06:19
[Full-disclosure] BNBT EasyTracker Remote Denial of Service Vulnerability, Sowhat ., 01:26

August 29, 2005

AutoLinks Pro 2.1, none, 20:34
Member.php SQL Injection in MyBB, W7ED, 19:53
[Full-disclosure] iDEFENSE Security Advisory 08.29.05: Symantec AntiVirus 9 Corporate Edition Local Privilege Escalation Vulnerability, iDEFENSE Labs, 19:43
[Full-disclosure] iDEFENSE Security Advisory 08.29.05: Adobe Version Cue VCNative Arbitrary File Overwrite Vulnerability, iDEFENSE Labs, 19:43
[Full-disclosure] iDEFENSE Security Advisory 08.29.05: Adobe Version Cue VCNative Arbitrary Library Loading Vulnerability, iDEFENSE Labs, 19:43
PunBB BBCode IMG Tag Script Injection Vulnerability, y3dips, 19:43
WASC-Articles: 'Preventing Log Evasion in IIS', contact, 19:23
Vulnerability in Helpdesk software Hesk 0.92, s2b, 19:13
Re: unload event in ie/mozilla/opera, gegegz, 18:43
SimplePHPBlog Arbitrary File Deletion and Sample Exploit, 'ken'@FTU, 18:33
Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities, h4cky0u . org, 18:23
[cosmoshop <= 8.10.78] be the shopadmin in one step, innate, 17:52
Multiple CMS/Forum Vulnablilties, pacifico\", 0] //--></script>a, 17:32
Land Down Under, bendeniz_avci, 16:52
[Full-disclosure] Multiple vulnerabilities in BFCommand & Control for Battlefield 1942 and Vietnam, Luigi Auriemma, 16:42
FUD Forum < 2.7.1 PHP code injection vurnelability, riklaunim, 16:21
PHP-Fusion <= v6.00.107 XSS exploit, slacker4ever_1, 16:21
[Full-disclosure] Secunia Research: SqWebMail HTML Emails Script Insertion Vulnerability, Secunia Research, 10:18
[Full-disclosure] Xcon2005 papers released, alert7, 01:54

August 28, 2005

[Full-disclosure] Re: Sophos Antivirus Library Remote Heap Overflow, list, 10:28

August 27, 2005

Re: Tool for Identifying Rogue Linksys Routers, Tony Rall, 17:41
Re: Tool for Identifying Rogue Linksys Routers, Paul Halliday, 17:21
Re: ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users, Nicholas Knight, 17:10
XSS security hole in phpwebnotes., nf2, 16:40
MDKSA-2005:153 - Updated gnumeric packages fix integer overflow vulnerability, Mandriva Security Team, 16:30
Re: Tool for Identifying Rogue Linksys Routers, Mike Kershaw, 16:30
MDKSA-2005:154 - Updated python packages fix integer overflow vulnerability, Mandriva Security Team, 16:20
Re: Tool for Identifying Rogue Linksys Routers, Volker Tanger, 16:10
Looking Glass v20040427 arbitrary commands execution / cross site scripting, retrogod, 15:39
[Full-disclosure] Re: Tool for Identifying Rogue Linksys Routers, Paul, 15:39
[Full-disclosure] RE: Sophos Antivirus Library Remote Heap Overflow, Dowling, Gabrielle, 03:24
MDKSA-2005:149 - Updated lm_sensors packages fix temporary file vulnerability, Mandriva Security Team, 02:54
Re: Tool for Identifying Rogue Linksys Routers, Dave Hull, 02:44
DMA[2005-0826a] - 'Nokia Affix Bluetooth btsrv poor use of popen()', KF (lists), 01:53
Multiple PHP Images Galleries EXIF Metadata XSS Vulnerabilities, Cedric Cochin, 00:53
Re: unload event in ie/mozilla/opera, Michael Shigorin, 00:23
MDKSA-2005:151 - Updated pcre packages fix integer overflow vulnerability, Mandriva Security Team, 00:02

August 26, 2005

MDKSA-2005:150 - Updated bluez-utils packages fix vulnerability, Mandriva Security Team, 23:22
RE: Tool for Identifying Rogue Linksys Routers, Matt Mercer, 23:12
[security bulletin] SSRT051023 rev.0 - HP Openview Network Node Manager (OV NNM) Remote Unauthorized Access, Boren, Rich (HP SSRT), 23:02
AWstats Path Disclosure Vulnerability, fournaux, 22:52
Re: [ GLSA 200508-14 ] TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC, Cangrejito Playero, 22:32
MDKSA-2005:152 - Updated php packages fix integer overflow vulnerability, Mandriva Security Team, 22:12
Re: Tool for Identifying Rogue Linksys Routers, Graham Wilson, 21:51
Re: Tool for Identifying Rogue Linksys Routers, Joshua Wright, 21:01
Re: unload event in ie/mozilla/opera, Godwin Stewart, 20:40
RE: Tool for Identifying Rogue Linksys Routers, Thomas Guyot-Sionnest, 20:30
Re: Tool for Identifying Rogue Linksys Routers, Mike Frantzen, 20:20
22nd Chaos Communication Congress 2005: Call for Papers, fukami, 14:58
[Full-disclosure] [USN-174-1] courier vulnerability, Martin Pitt, 12:16
[Full-disclosure] Re: MS05_039 Exploitation (different languages), Roman Medina-Heigl Hernandez, 10:55
[Full-disclosure] Sophos Antivirus Library Remote Heap Overflow, list, 10:55
[Full-disclosure] Re: MS05_039 Exploitation (different languages), Sanjay Rawat, 10:05
[Full-disclosure] [ GLSA 200508-18 ] PhpWiki: Arbitrary command execution through XML-RPC, Thierry Carrez, 08:04
[Full-disclosure] Simple PHP Blog File Upload and User Credentials Exposure Vulnerabilities, Scott Dewey, 06:03

August 25, 2005

[Full-disclosure] Re: MS05_039 Exploitation (different languages), Fabrice MOURRON, 23:30
CORRECTION: Remote IIS 5.x and IIS 6.0 Server Name Spoof, Mark Burnett, 22:19
Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness, oliver karow, 21:39
Tool Announcement: AIRT -- the Advanced Incident Response Tool 0.4.2 released, madsys, 21:29
Re: unload event in ie/mozilla/opera, Tobias Boonstoppel, 21:09
Re: unload event in ie/mozilla/opera, Niels Bakker, 20:48
Re: unload event in ie/mozilla/opera, Stefan Kelm, 20:38
Re: LeapFTP .lsq Buffer Overflow Vulnerability, Kaveh Razavi, 20:28
ssl-login-checkbox faked in Lycos webmail-frontend, Fischer, Andreas, 20:18
Re: [NOBYTES.COM: #8] Naxtor Shopping Cart 1.0 - Information Disclosure & Possible SQL Injection, devfreedom, 19:58
Re: [Full-disclosure] MS05_039 Exploitation (different languages), ad, 19:48
RE: unload event in ie/mozilla/opera, Early, Clint, 19:48
Re: ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users, Nick Boyce, 19:48
An Illustrated Guide to IPSec, Steve Friedl, 19:27
Quake 2 Lithium Mod V 1.24 Macro Expansion Vuln?, nukemmeister, 19:17
Tool for Identifying Rogue Linksys Routers, Martin Mkrtchian, 19:07
Re: Portcullis Security Advisory 05-014 HP Openview Remote Command Execution Vulnerability, David Litchfield, 18:57
[security bulletin] SSRT4702 rev.0 - HP-UX running Veritas 3.3/3.5 unauthorized data access, Boren, Rich (HP SSRT), 18:47
[Full-disclosure] [ GLSA 200508-17 ] libpcre: Heap integer overflow, Stefan Cornelius, 16:56
Portcullis Security Advisory 05-014 HP Openview Remote Command Execution Vulnerability, Paul J Docherty, 15:45
Re: unload event in ie/mozilla/opera, Drew Haven, 15:35
[Full-disclosure] MS05_039 Exploitation (different languages), Roman Medina-Heigl Hernandez, 14:55
[Full-disclosure] Advisory: iTAN not as secure as claimed, release, 11:33
[Full-disclosure] Re: LeapFTP .lsq Buffer Overflow Vulnerability, Damien Palmer, 10:02
[Full-disclosure] [ GLSA 200508-16 ] Tor: Information disclosure, Sune Kloppenborg Jeppesen, 03:29
[Full-disclosure] [ GLSA 200508-15 ] Apache 2.0: Denial of Service vulnerability, Sune Kloppenborg Jeppesen, 03:29

August 24, 2005

Re: Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users, 3APA3A, 21:06
RE: unload event in ie/mozilla/opera, David Gillett, 20:25
unload event in ie/mozilla/opera, Tobias Boonstoppel, 18:54
[Full-disclosure] [ GLSA 200508-14 ] TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC, Thierry Carrez, 18:03
[Full-disclosure] Re: LeapFTP .lsq Buffer Overflow Vulnerability, Kaveh Razavi, 18:03
RE: Remote IIS 5.x and IIS 6.0 Server Name Spoof, Sacha Faust, 17:53
Re: ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users, Allen Parker, 17:42
Foojan PHP Weblog Information Disclosure - Refferer Html Injection, ali202, 17:42
Re: Beehive Forum Multiple Vulnerabilities, wibble, 17:02
PaFileDB 3.1 - SQL-Injection, astovidatu, 16:42
Cross-site scripting vulnerability in BEA WebLogic administration console, GomoR, 16:12
New Whitepaper - The Pharming Guide, NGSSoftware Insight Security Research, 15:51
[RLSA_01-2005] QNX inputtrap arbitrary file read vulnerability, julio, 15:41
[Full-disclosure] [USN-173-2] PCRE vulnerability, Martin Pitt, 13:45
[Full-disclosure] (no subject), Donato Ferrante, 13:15
[Full-disclosure] Secunia Research: SqWebMail Attached File Script Insertion Vulnerability, Secunia Research, 11:34
[Full-disclosure] Secunia Research: HAURI Anti-Virus ACE Archive Handling Buffer Overflow, Secunia Research, 11:34
[Full-disclosure] LeapFTP .lsq Buffer Overflow Vulnerability, Sowhat ., 09:03
[Full-disclosure] [ GLSA 200508-13 ] PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability, Thierry Carrez, 07:12

August 23, 2005

MDKSA-2005:147 - Updated slocate packages fix vulnerability, Mandriva Security Team, 22:58
Re: Interspire ArticleLive 2005 (php version) is vulnerable to XSS, eddie, 21:48
ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users, kozan, 21:27
Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users, kozan, 20:27
Oracle Password Checker, ak, 19:46
Re: ELM < 2.5.8 Remote Exploit POC, skulls_phantoms_1, 19:06
MDKSA-2005:148 - Updated vim packages fix vulnerability, Mandriva Security Team, 17:55
MDKSA-2005:146 - Updated php-pear packages fix more PEAR XML-RPC vulnerabilities, Mandriva Security Team, 17:05
[Full-disclosure] Server crash in Ventrilo 2.3.0, Luigi Auriemma, 16:45
MDKSA-2005:145 - Updated openvpn packages fix several vulnerabilities, Mandriva Security Team, 15:54
[Full-disclosure] [USN-173-1] PCRE vulnerability, Martin Pitt, 14:13
[Full-disclosure] [USN-172-1] lm-sensors vulnerability, Martin Pitt, 14:13
Re: Remote IIS 5.x and IIS 6.0 Server Name Spoof, 3APA3A, 13:53
[Full-disclosure] [ GLSA 200508-12 ] Evolution: Format string vulnerabilities, Stefan Cornelius, 07:50

August 22, 2005

32919 - Computer Associates Message Queuing (CAM/CAFT) multiple vulnerabilities, Williams, James K, 22:56
Re: RE: Cisco Clean Access Agent (Perfigo) bypass, cdmiller-bugtraq, 20:55
Remote IIS 5.x and IIS 6.0 Server Name Spoof, inge_eivind . henriksen, 20:05
[SECURITYREASON.COM] Multiple vulnerabilities in PostNuke 0.760-RC4b=>x cXIb8O3.15, max, 19:54
SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1, phuket, 19:14
RE: Cisco Clean Access Agent (Perfigo) bypass, Dario Ciccarone (dciccaro), 18:43
DMA[2005-0818a] - 'Apple OSX dsidentity privilege abuse', KF (lists), 17:02
RE: Cisco Clean Access Agent (Perfigo) bypass, Dario Ciccarone (dciccaro), 16:42
ELM < 2.5.8 Remote Exploit POC, c0ntexb, 15:11
SUSE Security Announcement: Adobe Reader Plugin buffer overflow (SUSE-SA:2005:047), Marcus Meissner, 14:50
Nephp Publisher Enterprise 3.04 Cross Site Scripting, bl2k, 14:40
[Full-disclosure] [ Suresec Advisories ] - Several MacOS X vulnerabilities, Suresec Advisories, 13:40
Re: BBCode [IMG] [/IMG] Tag Vulnerability, Paul Laudanski, 08:14

August 21, 2005

[Full-disclosure] Re: Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal, Andreas Marx, 17:05

August 20, 2005

ToorCon 7 Lineup Finalized & Pre-Registration Ending, h1kari@toorcon.org, 20:16
Bugs Land Down Under v800, bl2k, 16:45
Woltlab Burning Board <= 2.2.2/2.3.3 modcp.php SQL injection, admin, 16:25
IBM Lotus Notes multiple disclosures of password hashes, Shalom Carmel, 16:14
[Full-disclosure] [USN-171-1] PHP4 vulnerabilities, Martin Pitt, 13:33
RE: anti-phishing implementation, Lyal Collins, 06:30

August 19, 2005

Re: [Fwd: anti-phishing implementation], Bjorn Borg, 22:26
Vul in MyBB, s2b, 20:05
Fwd: Tor security advisory: DH handshake flaw, Chris Palmer, 18:04
Cisco Clean Access Agent (Perfigo) bypass, llhansen-bugtraq, 17:03
WinAce Temporary File Parsing Buffer Overflow Vulnerability, atmaca, 16:53
Re: anti-phishing implementation, Saqib Ali, 15:13
anti-phishing implementation, Bjorn Borg, 14:19
[Full-disclosure] [USN-170-1] gnupg vulnerability, Martin Pitt, 13:29
[Full-disclosure] Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal, Secunia Research, 12:18
Re: [Full-disclosure] Internet Explorer 6 Meta Refresh Parsing Weakness, Moritz Naumann, 12:07
[Full-disclosure] [USN-169-1] Linux kernel vulnerabilities, Martin Pitt, 12:07
[Full-disclosure] Re: Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product, Zow, 11:57
[Full-disclosure] [ GLSA 200508-11 ] Adobe Reader: Buffer Overflow, Thierry Carrez, 08:46
[Full-disclosure] [ GLSA 200508-10 ] Kismet: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 03:33

August 18, 2005

ATutor 1.5.1 and prior multiple XSS Vulnerabilities, h4cky0u, 20:40
w-agora 4.2.0 and prior Remote Directory Travel Vulnerability, h4cky0u, 19:49
MDKSA-2005:144 - Updated wxPythonGTK packages several vulnerabilities, Mandriva Security Team, 18:39
DevC++ V.4.9.9.2 NULL BYTE INSERTION / OBFUSCATION FLAW (by rgod), retrogod, 18:29
[Full-disclosure] UnixWare 7.1.4 UnixWare 7.1.3 : cpio race condition and directory traversal issues fixed., please_reply_to_security, 18:29
Re: Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product, Jay D. Dyson, 18:18
PHPFreeNews V1.40 and prior Multiple Vulnerabilities, h4cky0u, 17:37
runcms highlight.php hole, Security Lists, 17:27
Bluez hcid popen() explained., KF (lists), 17:17
MDKSA-2005:141 - Updated evolution packages fixes format string vulnerabilities, Mandriva Security Team, 17:17
MDKSA-2005:142 - Updated libtiff packages fixes vulnerability, Mandriva Security Team, 17:17
MDKSA-2005:143 - Updated kdegraphics packages fix kfax vulnerability, Mandriva Security Team, 17:07
BBCaffe 2.0 cross site scripting poc, retrogod, 16:57
Re: [SECURITY] [DSA 777-1] New Mozilla packages fix frame injection spoofing vulnerability, Douglas Duckworth, 16:37
Password Disclosure in Whisper32, Alexey Agapov, 16:26
Zorum 3.5 remote code execution poc exploit, retrogod, 16:16
Re: [Full-disclosure] Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product, Sam Evans, 14:45
Juniper Netscreen VPN Username Enumeration Vulnerability, Roy Hills, 14:15
[Full-disclosure] Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product, Jason Coombs, 13:44
Re: [Full-disclosure] mutt buffer overflow, Frank Denis \(Jedi/Sector One\), 09:02
[Full-disclosure] mutt buffer overflow, Peter Valchev, 07:31
[Full-disclosure] Bypassing the new /GS protection in VC++ 7.1, D K, 07:21
[Full-disclosure] COM objects and MSIE vulnerabilities recap + additional fix, Berend-Jan Wever, 07:21
Re: [Full-disclosure] Internet Explorer 6 Meta Refresh Parsing Weakness, tuytumadre, 01:08

August 17, 2005

Internet Explorer 6 Meta Refresh Parsing Weakness, Moritz Naumann, 20:26
MSN Messenger Password Decrypter for WinXP/2003, ViPeR, 20:16
[PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple vulnerabilities, Matteo Beccati, 19:56
PHPTB Topic Board <= 20: Multiple PHP injection vulnerabilities, goszynskif, 19:45
SQL injection in mediabox404 v1.2, cedric, 19:25
Re: SQL injection in Persianblog, nummish, 19:25
[SECURITYREASON.COM] phpAdsNew/phpPgAds 2.0.5 Local file inclusion cXIb8O3.16, max, 19:05
NOVL-2005010098073 GroupWise Password Caching, Ed Reed, 19:05
[Full-disclosure] Buffer-overflow in Chris Moneymaker's World Poker Championship 1.0, Luigi Auriemma, 16:33
[Full-disclosure] [ GLSA 200508-09 ] bluez-utils: Bluetooth device name validation vulnerability, Sune Kloppenborg Jeppesen, 14:32
Re: Win32 Port of Nessusd, Michael Boman, 13:01
[Full-disclosure] Unicode Buffer Overflow in WinFtp Server 1.6.8, Donato Ferrante, 12:01

August 16, 2005

[security bulletin] SSRT4874 rev.0 - HP-UX Ignite-UX Remote Unauthorized Access, Boren, Rich (HP SSRT), 19:12
RE: Serious flaw in Linksys wireless AP password security, Robert Thompson Jr., 18:41
Re: Serious flaw in Linksys wireless AP password security, Steve Scherf, 17:21
Win32 Port of Nessusd, Tom Stracener, 17:11
Hummingbird FTP Weak Password Encryption, nnposter, 16:20
RE: Vulnerability found in CPAINT Ajax Toolkit, Thor Larholm, 16:10
SQL injection in Persianblog, alireza hassani, 16:00
RE: Serious flaw in Linksys wireless AP password security, Robert Thompson Jr., 15:40
[NOBYTES.COM: #9] ECW Shop 6.0.2 - Multiple Vulnerabilities, John Cobb, 15:30
SUSE Security Announcement: apache, apache2 request smuggling problem (SUSE-SA:2005:046), Marcus Meissner, 15:09
Corsaire Security Advisory: HP Ignite-UX filesystem permissions issue, advisories, 13:46
249bytes reverse shellcode with "nooil tricks methods", msuiche, 13:36
MDKSA-2005:140 - Updated proftpd packages fix format string vulnerabilities, Mandriva Security Team, 13:25
Corsaire Security Advisory: HP Ignite-UX passwd file disclosure issue, advisories, 13:15
MDKSA-2005:139 - Updated gaim packages fix yet more vulnerabilities, Mandriva Security Team, 13:04
[Full-disclosure] [ GLSA 200508-08 ] Xpdf, Kpdf, GPdf: Denial of Service vulnerability, Sune Kloppenborg Jeppesen, 03:39
[Full-disclosure] [ GLSA 200508-07 ] AWStats: Arbitrary code execution using malicious Referrer information, Sune Kloppenborg Jeppesen, 03:39

August 15, 2005

Serious flaw in Linksys wireless AP password security, Steve Scherf, 19:15
Re: FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover,possible remote code execution, colin, 19:15
Serious flaw in Linksys wireless AP password security, Steve Scherf, 18:34
Technical Note by Amit Klein: Detecting and Preventing HTTP Response Splitting and HTTP Request Smuggling Attacks at the TCP Le, Amit Klein (AKsecurity), 16:11
drone armies C&C report - July/2005, Gadi Evron, 15:50
Vulnerability found in CPAINT Ajax Toolkit, wiley14, 15:29
Re: [Full-disclosure] Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3), sec-list, 14:28
Re: [Full-disclosure] Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3), Reed Arvin, 14:08
[Full-disclosure] Advisory 15/2005: PHPXMLRPC Remote PHP Code Injection Vulnerability, Stefan Esser, 11:06
[Full-disclosure] Advisory 14/2005: PEAR XML_RPC Remote PHP Code Injection Vulnerability, Stefan Esser, 11:06
Re: [Full-disclosure] Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3), NoBrain NoPain, 08:15
[Full-disclosure] [ GLSA 200508-06 ] Gaim: Remote execution of arbitrary code, Sune Kloppenborg Jeppesen, 03:43
[Full-disclosure] [DRUPAL-SA-2005-004] Drupal 4.6.3 / 4.5.5 fixes critical XML-RPC issue, Uwe Hermann, 00:52

August 14, 2005

[Full-disclosure] (TOOL ANNOUNCEMENT) Efilter - automatic exception reporting utility, Piotr Bania, 11:36
[Full-disclosure] XSS www.jg-tc.com, Jeff Peadro, 11:36
[Full-disclosure] XSS Nordstroms.com, Jeff Peadro, 11:36

August 13, 2005

SQL in PHPTB Topic Boards 2.0, almaster, 16:55
JaguarControl Activex Buffer Overflow, Tacettin Karadeniz, 13:44
Low security hole affecting Mentor's ADSLFR4II router, Tim Brown, 13:34

August 12, 2005

Grandstream Budge Tone 101/102 DoS Vulnerability, Kroma Pierre, 19:26
Bluetooth: Theft of Link Keys for Fun and Profit?, KF (lists), 19:16
Re: Xoops 2.2.1 Full Path Disclosure, kato, 19:06
Privilege escalation in Linksys WLAN Monitor v2.0, Reed Arvin, 18:56
Insecure directory permissions of default installation of Kaspersky Anti-Virus for Unix/Linux File Servers will lead to local root exploit, Dr. Peter Bieringer, 18:35
My Bulletin Board RC 4 Vulnerabilities, phuket, 17:55
(MS05-039) Microsoft Windows Plug-and-Play Service Remote Overflow (Universal Exploit + no crash shellcode), houseofdabus, 16:04
Xoops 2.2.1 Full Path Disclosure, none, 14:23
[Full-disclosure] FW: Updated Version & Exploit - Privilege escalation in Nortel Contivity VPN Client V05_01.030, Jeff Peadro, 13:22
[Full-disclosure] [USN-168-1] Gaim vulnerabilities, Martin Pitt, 12:32

August 11, 2005

MDKSA-2005:134 - Updated xpdf packages fix vulnerability, Mandriva Security Team, 21:15
[Full-disclosure] Windows 2000 universal exploit for MS05-039, sl0ppy, 21:05
MDKSA-2005:136 - Updated gpdf packages fix vulnerability, Mandriva Security Team, 20:55
MDKSA-2005:135 - Updated kdegraphics packages fix vulnerability, Mandriva Security Team, 19:24
[Full-disclosure] Fudforum: incompletely check of user rights in tree view gaining access to all messages, Alexander Heidenreich, 19:14
MDKSA-2005:137 - Updated ucd-snmp packages fix a DoS vulnerability, Mandriva Security Team, 19:14
remote DOS on Wyse thin client 1125SE, Josh Zlatin-Amishav, 19:04
MDKSA-2005:138 - Updated cups packages fix vulnerability, Mandriva Security Team, 18:54
[Full-disclosure] Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3), Reed Arvin, 17:53
SUSE Security Announcement: Mozilla various security problems (SUSE-SA:2005:045), Marcus Meissner, 17:02
High Risk Vulnerability in Novell eDirectory Server, NGSSoftware Insight Security Research, 14:51
[Full-disclosure] Re: ISS vs. Cisco: Chapter 2, Florian Weimer, 14:10
ms05038 exploit poc (down&execute), zwell, 13:28
[Full-disclosure] [USN-165-1] heartbeat vulnerability, Martin Pitt, 11:57
[Full-disclosure] [USN-166-1] Evolution vulnerabilities, Martin Pitt, 11:46
[Full-disclosure] [USN-164-1] netpbm vulnerability, Martin Pitt, 11:16
[Full-disclosure] Re: Compromising pictures of Microsoft Internet Explorer!, Michal Zalewski, 09:35
[Full-disclosure] ISS vs. Cisco: Chapter 2, FX, 08:55

August 10, 2005

[Full-disclosure] [FLSA-2005:129284] Updated spamassassin package fixes security issue, Marc Deslauriers, 22:09
[Full-disclosure] [FLSA-2005:152889] Updated mc packages fix security issues, Marc Deslauriers, 22:09
[Full-disclosure] [FLSA-2005:157696] Updated gzip package fixes security issues, Marc Deslauriers, 22:09
[Full-disclosure] [FLSA-2005:157701] Updated Apache httpd packages fix security issues, Marc Deslauriers, 22:09
Re: [Full-disclosure] Re: Help put a stop to incompetent computer forensics, Technica Forensis, 21:59
Re: [Full-disclosure] Help put a stop to incompetent computer forensics, Technica Forensis, 21:29
[Full-disclosure] Re: Help put a stop to incompetent computer forensics, Jason Coombs, 19:17
Privilege escalation in Nortel Contivity VPN Client V05_01.030, Jeff Peadro, 19:17
[Full-disclosure] Re: Operation Site-Key computer forensic searches ruled illegal, Jason Coombs, 19:07
[Full-disclosure] Privilege escalation in Linksys WLAN Monitor v2.0., Reed Arvin, 18:36
MDKSA-2005:133 - Updated netpbm packages fix temporary file vulnerabilities, Mandriva Security Team, 18:04
MDKSA-2005:132 - Updated heartbeat packages fix temporary file vulnerabilities, Mandriva Security Team, 17:54
CoolWebSearch found in massive spyware ring, Paul Laudanski, 17:12
Re: SQL IN Open Bulletin Board, security curmudgeon, 17:01
Full path disclosure in CaLogic 1.22 and possible in older versions., gb . network, 16:51
[KDE Security Advisory] kpdf temp file writing DoS vulnerability, Dirk Mueller, 16:30
[security bulletin] SSRT5998 rev.1 - HP System Management Homepage (v2.0.x) Denial of Service (DoS) and XSS, security-alert, 16:09
[security bulletin] SSRT5957 rev.0 - HP Tru64 UNIX IPSEC Tunnel ESP Mode Remote Unauthorized Disclosure of Encrypted Data, Security Alert, 15:59
[security bulletin] SSRT051005 rev.0 - HP ProLiant DL585 Servers Unauthorized Remote Access, security-alert, 15:48
[Full-disclosure] Evolution multiple remote format string bugs, sitic, 12:15
Re: [Full-disclosure] Help put a stop to incompetent computer forensics, James Tucker, 08:13
[VulnWatch] NSFOCUS SA2005-02 : Microsoft IE Devenum.dll COM Instantiation Remote Code Execution Vulnerability, NSFOCUS Security Team, 03:30
Design Flaw at Microsoft's AntiSpyware, manolisgavriil, 02:20
Re: Defeating Citi-Bank Virtual Keyboard Protection, AsTriXs, 02:10
RE: [Full-disclosure] Help put a stop to incompetent computer forensics, Christopher Day, 00:49

August 09, 2005

[Full-disclosure] Re: Mozilla Firefox up to 1.0.6 and Mozilla Thunderbird up to 1.0 url string obfuscation, Alessandro Amici, 22:38
[Full-disclosure] Help put a stop to incompetent computer forensics, Jason Coombs, 22:18
[security bulletin] SSRT5940 rev.1 - HP-UX Mozilla remote, unauthorized user may execute privileged code, security-alert, 19:05
BID 14355, VERITAS NetBackup 5.1 Time Stamp Vulnerability, secure, 18:45
Re: tar preserves setuid bit, Jeremy C. Reed, 18:25
RE: Creating a secret web site on IIS 5.x using Alternative Data Streams, James C Slora Jr, 18:04
Bugtraq ID: 14460 : Coldfusion Fusebox V4.1.0 Vulnerability, Adrocknaphobia, 17:54
Sql injection and global variables poisoning in XMB Forum 1.9.1, heintz, 17:44
Apple Safari & Javascript - KERN_INVALID_ADDRESS (0x0001), Patrick Webster, 17:34
FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover,possible remote code execution, retrogod, 16:03
Re: [Full-disclosure] (no subject), Stan Bubrouski, 15:43
[Full-disclosure] tool release: n.bug, Felix Lindner, 15:22
[Full-disclosure] iDEFENSE Security Advisory 08.09.05: AWStats ShowInfoURL Remote Command Execution Vulnerability, iDEFENSE Labs, 14:42
Re: [DCC SPAM] Defeating Citi-Bank Virtual Keyboard Protection, Secure Science Corporation Bugtraq, 14:32
Re: [Full-disclosure] (no subject), KF (lists), 14:22
Re: GNU tar and the setuid bit, David Watson, 14:22
Re: GNU tar and the setuid bit, David Watson, 14:12
Re: Trillian Ver 3.1 saves password's in plain Text, Suramya Tomar, 14:02
[Full-disclosure] (no subject), kartoffelguru, 14:02
Re: tar preserves setuid bit, Sean Comeau, 14:02
[Full-disclosure] (no subject), kartoffelguru, 14:02
Re: Defeating Citi-Bank Virtual Keyboard Protection, Daniel Bonekeeper, 13:51
Re: tar preserves setuid bit, Imran Ghory, 13:41
Re: Zip 2,31 bad default file-permissions vulnerability, Imran Ghory, 13:31
[Full-disclosure] [USN-163-1] xpdf vulnerability, Martin Pitt, 13:31
Re: tar preserves setuid bit, Neil McKellar, 13:31
nbSMTP v0.99 remote format string exploit, coki, 13:21
Re: Cisco IOS Shellcode - McAfee IPS Protection, Darren Reed, 13:11
Nate User Password Disclosed By Anonymous, saintlinu, 13:01
Re: Scanning Software Bugs, Hugo van der Kooij, 12:51
Creating a secret web site on IIS 5.x using Alternative Data Streams, inge_eivind . henriksen, 12:51
Re: Kent's Guestbook database exploit, security curmudgeon, 11:50
[Full-disclosure] Mozilla Firefox up to 1.0.6 and Mozilla Thunderbird up to 1.0 url string obfuscation, Marc Ruef, 11:40
[Full-disclosure] Re: [AppSecInc Advisory MYSQL05-V0002] Buffer Overflow in MySQL User Defined Functions, David Litchfield, 00:15

August 08, 2005

[Full-disclosure] [AppSecInc Advisory MYSQL05-V0001] Improper Filtering of Directory Traversal Characters in MySQL User Defined Functions, Team SHATTER, 21:04
[Full-disclosure] [AppSecInc Advisory MYSQL05-V0003] Multiple Issues with MySQL User Defined Functions, Team SHATTER, 21:04
[Full-disclosure] [AppSecInc Advisory MYSQL05-V0002] Buffer Overflow in MySQL User Defined Functions, Team SHATTER, 20:54
[Full-disclosure] [USN-162-1] ekg and Gadu library vulnerabilities, Martin Pitt, 20:03
Re: ipb Css bug(now public), Nicolas Gregoire, 17:52
Advisory 13/2005: Remote code execution in SysCP, Christopher Kunz, 16:11
[SVadvisory#13] - SQL injection in MYFAQ 1.0, svt, 15:41
RE: CAID 33239 - Computer Associates BrightStor ARCserve/Enterprise Backup Agents buffer overflow vulnerability, Williams, James K, 15:31
XSS in forums CFBB v1.1.0, stormhacker, 15:21
Re: ipb Css bug(now public), mattmecham, 15:00
E107 + IPB XSS Exploit, edward11, 15:00
Re: [NOBYTES.COM: #8] Naxtor Shopping Cart 1.0 - Information Disclosure & Possible SQL Injection, ICool, 14:50
SQL IN Open Bulletin Board, ABDUCTER_MINDS, 14:40
Re: SQL IN PortailPHP, Steven M. Christey, 14:40
Gravity Board X v1.1 multiple vulnerabilities, retrogod, 14:30

August 07, 2005

[Full-disclosure] [ GLSA 200508-05 ] Heartbeat: Insecure temporary file creation, Sune Kloppenborg Jeppesen, 05:14

August 06, 2005

Re: On classifying attacks, Duncan Simpson, 19:30
RE: On classifying attacks, Forte Systems - Iosif Peterfi, 19:20
Re: On classifying attacks, Shwaine, 19:10
Re: On classifying attacks, Thierry Carrez, 18:50

August 05, 2005

Vulnerability in ePing and eTrace plugins of e107, os2a . bto, 21:01
Root exploits in Lantonix Secure Console Server, c0ntex, 20:31
Comdev eCommerce wce.download.php Download Vulnerability, none, 20:11
Defeating Citi-Bank Virtual Keyboard Protection, Debasis Mohanty, 20:01
[Full-disclosure] iDEFENSE Security Advisory 08.05.05: EMC Navisphere Manager Directory Traversal Vulnerability, iDEFENSE Labs, 20:00
ipb Css bug(now public), virusishacker, 19:50
tar preserves setuid bit, Imran Ghory, 19:30
Comdev eCommerce config.php Vulnerability, none, 19:20
Re: Trillian Ver 3.1 saves password's in plain Text, patrick, 19:10
Re: Zip 2,31 bad default file-permissions vulnerability, Lupe Christoph, 19:00
TSLSA-2005-0040 - multi, Trustix Security Advisor, 18:50
Re: Zip 2,31 bad default file-permissions vulnerability, Stephen C Woods, 18:40
FlatNuke 2.5.5 (possibly prior versions) remote commands execution / cross site scripting / path disclosure (by rgod), retrogod, 18:30
[HSC Security Group] Multiple XSS in phpopenchat 3.0.2, zinho, 18:19
Silvernews 2.0.3 remote command execution exploit, proxy server support!, [at], 18:09
Re: uguestbook exploit, security curmudgeon, 17:59
MDKSA-2005:131 - Updated ethereal packages fix multiple vulnerabilities, Mandriva Security Team, 17:49
Re: Scanning Software Bugs, KF (lists), 17:39
[VulnWatch] Nate User Password Disclosed By Anonymous, saintlinu, 14:07
[Full-disclosure] Re: Mozilla Firefox InstallVersion->compareTo() vulnerability lowered severity status, Aviv Raff, 09:05
[Full-disclosure] [ GLSA 200508-04 ] Netpbm: Arbitrary code execution in pstopnm, Thierry Carrez, 09:05
[Full-disclosure] Nate User Password Disclosed By Anonymous, saintlinu, 01:11

August 04, 2005

Re: On classifying attacks, Crispin Cowan, 21:39
Remote Password Compromise of Microsoft Active Sync 3.7.1, nospam, 21:29
Cisco IOS Shellcode - McAfee IPS Protection, planz 235, 21:19
Re: Zone Alarm Security Contact, security curmudgeon, 21:19
Re: ClamAV Multiple Rem0te Buffer Overflows, list, 21:09
Re: Coldfusion Fusebox V4.1.0 Vulnerability, steven, 20:59
Re: Zip 2,31 bad default file-permissions vulnerability, Lupe Christoph, 20:49
MDKSA-2005:130 - Updated apache packages fix vulnerabilities, Mandriva Security Team, 20:39
MDKSA-2005:129 - Updated apache2 packages fix vulnerabilities, Mandriva Security Team, 20:29
Re: Zip 2,31 bad default file-permissions vulnerability, Imran Ghory, 20:19
Re: Coldfusion Fusebox V4.1.0 Vulnerability, Ian Mitchell, 19:58
Re: Zip 2,31 bad default file-permissions vulnerability, Lupe Christoph, 19:58
Re: Re: Quick 'n Easy FTP Server 3.0 pro / lite (buffer overflow vulnerabilities), asierillo, 19:48
Re: Trillian Ver 3.1 saves password's in plain Text, Technica Forensis, 19:38
Re: Trillian Ver 3.1 saves password's in plain Text, Technica Forensis, 19:28
[ GLSA 200507-29 ] pstotext: Remote execution of arbitrary code, Stefan Cornelius, 19:18
RE: Trillian Ver 3.1 saves password's in plain Text, Darren Pilgrim, 19:08
SQL IN PortailPHP, ABDUCTER_MINDS, 18:58
FINAL Phrack Magazine release #63 is OUT, phrackstaff, 18:57
SUSE Security Announcement: several kernel security problems (SUSE-SA:2005:044), Ludwig Nussel, 18:47
RE: Trillian Ver 3.1 saves password's in plain Text, Keith Phillips, 18:47
Scanning Software Bugs, Dan . Creed, 18:27
[Full-disclosure] Re: Mozilla Firefox InstallVersion->compareTo() vulnerability lowered severity status, Berend-Jan Wever, 18:27
RE: On classifying attacks, Tim Nelson, 17:57
Re: Trillian Ver 3.1 saves password's in plain Text, Suramya Tomar, 17:47
[Full-disclosure] [USN-161-1] bzip2 utility vulnerability, Martin Pitt, 15:45
[Full-disclosure] Mozilla Firefox InstallVersion->compareTo() vulnerability lowered severity status, Aviv Raff, 13:34
[Full-disclosure] [USN-160-1] Apache 2 vulnerabilities, Martin Pitt, 12:54

August 03, 2005

Zone Alarm Security Contact, David Cross, 21:05
Re: ClamAV Multiple Rem0te Buffer Overflows, Steven M. Christey, 18:44
[security bulletin] SSRT4682 rev.0 - Oracle for Openview (OfO) Critical Patch Update July 2005, security-alert, 18:04
Silvernews 2.0.3 (possibly previous versions ) SQL Injection / Login Bypass / Remote commands execution / cross site scripting, retrogod, 18:04
Re: CAID 33239 - Computer Associates BrightStor ARCserve/Enterprise Backup Agents buffer overflow vulnerability, cybertronic, 17:53
Coldfusion Fusebox V4.1.0 Vulnerability, N.N.P, 17:43
MDKSA-2005:128 - Updated mozilla packages fix multiple vulnerabilities, Mandriva Security Team, 17:23
Zip 2,31 bad default file-permissions vulnerability, Imran Ghory, 16:52
Re: [NOBYTES.COM: #8] Naxtor Shopping Cart 1.0 - Information Disclosure & Possible SQL Injection, Patrick Morris, 16:42
Re: Quick 'n Easy FTP Server 3.0 pro / lite (buffer overflow vulnerabilities), brom0815, 16:32
[security bulletin] SSRT5998 Rev.0 HP System Management Homepage (v2.0.x) Denial of Service (DoS) & XSS, security-alert, 16:22
[Full-disclosure] iDEFENSE Security Advisory 08.02.05: CA BrightStor ARCserve Backup Agent for MS SQL Server Buffer Overflow, iDEFENSE Labs, 01:26

August 02, 2005

[NOBYTES.COM: #8] Naxtor Shopping Cart 1.0 - Information Disclosure & Possible SQL Injection, John Cobb, 19:43
CAID 33239 - Computer Associates BrightStor ARCserve/Enterprise Backup Agents buffer overflow vulnerability, Williams, James K, 12:56
Re: Re : [Firefox Bug 302187] New: Shared section vulnerability when opening microsoft office document resulting in DoS, Cesar, 11:45
VBZoom Cross Site Scripting Vulnerabilities, almaster, 11:35
Quick 'n Easy FTP Server 3.0 pro / lite (buffer overflow vulnerabilities), [at], 11:25
Arab Portal, ABDUCTER_MINDS, 10:55
Re: Trillian Ver 3.1 saves password's in plain Text, security curmudgeon, 10:24
unzip TOCTOU file-permissions vulnerability, Imran Ghory, 10:04
[Full-disclosure] Microsoft ActiveSync information leak and spoofing, 3APA3A, 08:13
[Full-disclosure] [ GLSA 200508-03 ] nbSMTP: Format string vulnerability, Thierry Carrez, 06:22
Re: [Full-disclosure] Did you miss us yet?, Dunceor ., 02:40

August 01, 2005

[Full-disclosure] [gentoo-announce] [ GLSA 200508-02 ] ProFTPD: Format string vulnerabilities, Sune Kloppenborg Jeppesen, 15:46
[Full-disclosure] [ GLSA 200508-02 ] ProFTPD: Format string vulnerabilities, Sune Kloppenborg Jeppesen, 14:35
Re: On classifying attacks, Daniel Weber, 14:15
[security bulletin] SSRT5931 rev.1 Apache on HP-UX Remote Denial of Service and client restriction bypass, security-alert, 13:55
ICMP attacks against TCP: Conclusions, Fernando Gont, 13:55
Re: LSS Security Advisory: Winamp remote buffer overflow vulnerability, ljuranic, 13:45
RE: uguestbook exploit, Earnhart, Benjamin J, 13:24
RE: On classifying attacks, Forte Systems - Iosif Peterfi, 12:54
Re: Peter Gutmann data deletion theaory?, Michael Sierchio, 12:44
MySQL Eventum Multiple Vulnerabilities, GulfTech Security Research, 12:24
Re: [BugTraq] Peter Gutmann data deletion theaory?, Richard Clayton, 12:03
Vulnerability in Trendmicro Officescan, sylvain . roger, 10:53
TSLSA-2005-0038 - multi, Trustix Security Advisor, 10:42
ChurchInfo Multiple Vulnerabilities, thegreatone2176, 10:32
PHPList Vunerability, ziot, 10:12
[SVadvisory] - SQL injection in OpenBook 1.2.2, svt, 09:52
[Full-disclosure] HACK IN THE BOX SECURITY CONFERENCE 2005, alphademon, 07:21
[Full-disclosure] Re: [VulnWatch] The Java applet sandbox and stateful firewalls, Florian Weimer, 05:50
[Full-disclosure] [USN-159-1] unzip vulnerability, Martin Pitt, 05:20
[Full-disclosure] [USN-158-1] gzip utility vulnerability, Martin Pitt, 04:09
[Full-disclosure] [USN-157-1] Mozilla Thunderbird vulnerabilities, Martin Pitt, 02:28
[Full-disclosure] Re: [VulnWatch] The Java applet sandbox and stateful firewalls, Dinis Cruz, 01:48
Re: [Full-disclosure] Did you miss us yet?, Dinis Cruz, 01:28
[Full-disclosure] Buffer overflow in BusinessMail email server system 4.60.00, Reed Arvin, 00:48