Bugtraq (date)
September 30, 2005
- BID #14752 update, Josh Zlatin-Amishav, 21:42
- Re: IIS 5.1 allows for remote viewing of source code on FAT/FAT32 volumes using WebDAV, inge . henriksen, 21:01
- TSLSA-2005-0053 - unzip, Trustix Security Advisor, 20:31
- RE: [Full-disclosure] Re: Bypassing Personal Firewall (Zone Alarm Pro)Using DDE-IPC, Paul Laudanski, 20:21
- Announce: Bluetooth mailing list - Bluetraq, Adam Laurie, 20:01
- [Full-disclosure] UPDATE: [ GLSA 200509-11 ] Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities, Thierry Carrez, 19:10
- Citrix Metaframe Presentation Server bypassing policies, gustavog, 18:50
- Re: PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure, security curmudgeon, 18:40
- Re: PocketPC exploitation, Joel Maslak, 17:49
- [Full-disclosure] Buffer-overflow and directory traversal bugs in Virtools Web Player 3.0.0.100, Luigi Auriemma, 17:19
- Re: Serendipity: Account Hijacking / CSRF Vulnerability, kreon, 17:19
- RE: [Full-disclosure] Re: Bypassing Personal Firewall (Zone Alarm Pro)Using DDE-IPC, Debasis Mohanty, 17:09
- Multiple vulnerabilities in Merak Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, ss_contacts, 16:49
- [Full-disclosure] iDEFENSE Security Advisory 09.30.05: RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability, iDEFENSE Labs, 16:39
- Re: PocketPC exploitation, Denis Jedig, 15:48
- [Full-disclosure] [USN-192-1] Squid vulnerability, Martin Pitt, 14:07
- [Full-disclosure] [ GLSA 200509-21 ] Hylafax: Insecure temporary file creation in xferfaxstats script, Thierry Carrez, 11:26
- [Full-disclosure] apachetop insecure temporary file creation, ZATAZ Audits, 10:55
- [Full-disclosure] RE: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein, Sergey V. Gordeychik, 10:25
- [Full-disclosure] [ GLSA 200509-20 ] AbiWord: RTF import stack-based buffer overflow, Thierry Carrez, 08:04
- [Full-disclosure] Zone Labs response to "Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC", Zone Labs Security Team, 00:10
September 29, 2005
- Lucid CMS 1.0.11 SQL Injection / Login Bypass / remote code execution, retrogod, 19:58
- [Full-disclosure] Re: Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC, Paul Laudanski, 19:58
- AV == parasites? (was: PocketPC exploitation), Michael Shigorin, 19:08
- Re: PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure, Petko Petkov, 16:47
- Re: Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC, warl0ck, 16:37
- Serendipity: Account Hijacking / CSRF Vulnerability, enji, 16:06
- [Full-disclosure] [USN-191-1] unzip vulnerability, Martin Pitt, 15:16
- [Full-disclosure] [USN-190-1] SNMP vulnerability, Martin Pitt, 15:16
- [VulnWatch] [NRVA05-08] - Arbitrary file download by NateOn Messagener's ActiveX and DoS, saintlinu, 14:24
- [Full-disclosure] [USN-189-1] cpio vulnerabilities, Martin Pitt, 09:20
- [Full-disclosure] [USN-188-1] AbiWord vulnerability, Martin Pitt, 09:10
- [Full-disclosure] [NRVA05-08] - Arbitrary file download by NateOn Messagener's ActiveX and DoS, saintlinu, 01:57
- [Full-disclosure] SquirrelMail Address Add Plugin XSS, Moritz Naumann, 00:06
September 28, 2005
- Re: PocketPC exploitation, Jose Morales, 19:13
- PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure, retrogod, 18:53
- Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC, Debasis Mohanty, 18:43
- [Full-disclosure] OpenServer 5.0.7 OpenServer 6.0.0 : UnZip File Permissions Change Vulnerability, please_reply_to_security, 16:32
- Is the Bottom Line Impacted by Security Breaches?, Kenneth F. Belva, 14:21
- Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein, Amit Klein (AKsecurity), 14:01
September 27, 2005
- Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities, Joxean Guay del Paraguay, 21:21
- MDKSA-2005:169 - Updated mozilla-firefox packages fix multiple vulnerabilities, Mandriva Security Team, 20:01
- PacSec 05, Dragos Ruiu, 19:40
- RealPlayer && HelixPlayer Remote Format String Exploit, c0ntexb, 19:30
- CMS Made Simple 0.10 is susceptible to a cross site scripting attack., X1ngBox, 18:50
- [Full-disclosure] [ GLSA 200509-19 ] PHP: Vulnerabilities in included PCRE and XML-RPC libraries, Thierry Carrez, 18:50
- FreeBSD GNU Mailutils 0.6 imap4d exploit, angelo, 18:30
- [Full-disclosure] Re: [ISR] - Novell GroupWise Client Integer Overflow, Crist J. Clark, 18:10
- Nokia 7610, 3210 denial of service in OBEX., A. Ramos, 17:59
- SEO borad: SQL injection, ghc, 17:49
- ElseNot project, layne, 17:19
- lucidCMS 1.0.11 is susceptible to a cross site scripting attack, x1ngbox, 17:08
- [Full-disclosure] [ISR] - Novell GroupWise Client Integer Overflow, famato, 16:58
- Announce: RSBAC v1.2.5 released, Amon Ott, 16:58
- Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein, Yutaka OIWA, 16:38
- MDKSA-2005:170 - Updated mozilla packages fix multiple vulnerabilities, Mandriva Security Team, 16:27
- [Full-disclosure] [ISR] - Novell GroupWise Client Integer Overflow, famato, 16:27
- Re: "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein, anonymous, 16:07
- [Full-disclosure] [ISR] - Novell GroupWise Client Integer Overflow, Francisco Amato, 13:14
September 24, 2005
- Re: PocketPC exploitation, Jose Morales, 21:25
- Re: PocketPC exploitation, Ratter, 21:25
- [SECURITY] [DSA 817-1] New python2.2 packages fix arbitrary code execution, joey, 16:53
- MailGust 1.9 SQL Injection, retrogod, 16:23
- AlstraSoft E-Friends Remote Command Exucetion, khc, 16:03
- Hijacking Bluetooth Headsets for Fun and Profit?, KF (lists), 15:43
- "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein, Amit Klein (AKsecurity), 15:43
- My Little Forum 1.5 / 1.6beta SQL Injection, retrogod, 15:32
- [Full-disclosure] [ GLSA 200509-17 ] Webmin, Usermin: Remote code execution through PAM authentication, Thierry Carrez, 09:10
- [Full-disclosure] [ GLSA 200509-16 ] Mantis: XSS and SQL injection vulnerabilities, Thierry Carrez, 07:19
September 23, 2005
- [Full-disclosure] help us determine what's a Rita phish, Gadi Evron, 16:32
- [Full-disclosure] Re: Rita Scams Call to Arms - Update, Juha-Matti Laurio, 14:51
- PhpMyFAQ 1.5.1 multiple vulnerabilities, retrogod, 14:41
- Re: Remote File Inclusion in MyGuestbook, security curmudgeon, 14:31
- TSLSA-2005-0051 - clamav, Trustix Security Advisor, 14:01
- Sql injection in jPortal version 2.3.1 (module download), krasza, 13:51
- [Full-disclosure] [USN-186-1] Mozilla and Firefox vulnerabilities, Martin Pitt, 13:00
- [Full-disclosure] Secunia Research: PowerArchiver ACE/ARJ Archive Handling Buffer Overflow, Secunia Research, 11:50
- [Full-disclosure] Secunia Research: 7-Zip ARJ Archive Handling Buffer Overflow, Secunia Research, 07:47
- Re: [Full-disclosure] [scip_Advisory 1746] Microsoft Internet Explorer 6.0 embedded content cross site scripting, tim tompkins, 07:47
- [Full-disclosure] Re: Av, spyware, ddl trojan assesment, Nick FitzGerald, 00:44
September 22, 2005
- Re: [Full-disclosure] [scip_Advisory 1746] Microsoft Internet Explorer 6.0 embedded content cross site scripting, Brion Vibber, 20:12
- [Full-disclosure] Rita Scams Call to Arms - Update, Gadi Evron, 19:32
- [security bulletin] SSRT5998 Rev.2 HP System Management Homepage (v2.0.x) Denial of Service (DoS) and XSS, security-alert, 19:32
- Hack Dot AE v2, SpyHat, 17:10
- My Little Forum 1.5 / 1.6beta SQL Injection, retrogod, 17:00
- [Full-disclosure] [scip_Advisory 1746] Microsoft Internet Explorer 6.0 embedded content cross site scripting, Marc Ruef, 16:49
- [Full-disclosure] Call to Arms: Rita Scams, Gadi Evron, 16:39
- HTTP Request Smuggling - ERRATA (the IIS 48K buffer phenomenon), Amit Klein (AKsecurity), 16:19
- Platinum Secure smartcard security bypass, acidemon, 16:09
- RE: router worms and International Infrastructure [was: Re: IOS exploit], martin, 15:59
- [Full-disclosure] OpenServer 6.0.0 : TCP Remote ICMP Denial Of Service Vulnerabilities, please_reply_to_security, 15:18
- [Full-disclosure] FireFox exploit updated, Berend-Jan Wever, 15:08
- [Full-disclosure] Protty v.01A (beta) - shellcode execution protection library for Windows NT based systems, Piotr Bania, 14:07
- [Full-disclosure] Apple OSX - TextEdit bug, Mella Marco, 12:36
- [Full-disclosure] R: Microsoft IE 5.2.3 Mac OSX crash, Mella Marco, 11:56
- [Full-disclosure] Microsoft IE 5.2.3 Mac OSX crash, Mella Marco, 11:56
- Re: [Full-disclosure] Microsoft IE 5.2.3 for Mac OSX crash, Marco Mella, 10:36
- [Full-disclosure] Microsoft IE 5.2.3 for Mac OSX crash, Marco Mella, 10:25
- [Full-disclosure] Av, spyware, ddl trojan assesment, Sherwyn Williams, 10:25
- [Full-disclosure] Internet Exploiter meets FireFox, Berend-Jan Wever, 06:54
September 21, 2005
- [security bulletin] SSRT5988 rev.1 - HP Tru64 Unix libXpm Remote Denial of Service (DoS) or Execute Privileged Code, security-alert, 21:09
- Re: Paper - How It's Difficult to Ruin a Good Name: An Analysis of Reputational Risk, hodejo1, 20:49
- Upcoming Black Hat events announcement, Jeff Moss, 18:18
- PocketPC exploitation, Jose Morales, 17:58
- [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability, snsadv, 17:47
- [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.7, bugtraq, 17:27
- MDKSA-2005:167 - Updated util-linux packages fix umount vulnerability, Mandriva Security Team, 17:17
- MDKSA-2005:166 - Updated clamv packages fix vulnerabilities, Mandriva Security Team, 17:07
- MDKSA-2005:168 - Updated masqmail packages fix vulnerabilities, Mandriva Security Team, 16:57
- Re: phpBB 2.0.17 remote avatar size bug, Peter Kieser, 16:47
- Re: Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability, please_use_support_form, 16:37
- [Full-disclosure] Paper - How It's Difficult to Ruin a Good Name: An Analysis of Reputational Risk, Kenneth F. Belva, 12:44
- [Full-disclosure] Google Secure Access or "How to have people download a trojan.", Berend-Jan Wever, 07:11
September 20, 2005
- Re: [Full-disclosure] UnixWare 7.1.4 : LibTIFF < 3.72 malformed data code exec, xyberpix, 20:55
- [Full-disclosure] UnixWare 7.1.4 : LibTIFF < 3.72 malformed data code exec, please_reply_to_security, 20:45
- RE: phpBB 2.0.17 remote avatar size bug, Sean Sullivan, 20:45
- mercury imap4 remote BOF exploit ( IHSTeam ), c0d3r, 18:54
- MDKSA-2005:138-1 - Updated cups packages fix vulnerability, Mandriva Security Team, 18:44
- Hesk Session ID Validation Vulnerability, os2a . bto, 18:34
- phpBB 2.0.17 remote avatar size bug, SmOk3, 18:14
- MDKSA-2005:165 - Updated cups packages fix vulnerability, Mandriva Security Team, 18:04
- [security bulletin] SSRT5971 rev.0 - HP Tru64 Unix FTP Daemon (ftpd) Remote Denial of Service (DoS), security-alert, 17:43
- [security bulletin] SSRT5999 rev.0 HP OpenVMS Secure Web Browser Mozilla Application Node Spoofing, security-alert, 17:33
- [Full-disclosure] Re: arc insecure temporary file creation, Joey Schulze, 16:43
- [Full-disclosure] [ GLSA 200509-15 ] util-linux: umount command validation error, Thierry Carrez, 12:40
- [Full-disclosure] [ GLSA 200509-14 ] Zebedee: Denial of Service vulnerability, Thierry Carrez, 12:10
- [Full-disclosure] bacula insecure temporary file creation, Eric Romang / ZATAZ.com, 09:59
- [Full-disclosure] Secunia Research: Opera Mail Client Attachment Spoofing and Script Insertion, Secunia Research, 09:59
- [Full-disclosure] [USN-185-1] CUPS vulnerability, Martin Pitt, 06:27
September 19, 2005
- [Full-disclosure] Re: Cisco IOS hacked?, Kirill Bolshakov, 22:24
- Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability, h4cky0u, 19:32
- Re: [Full-disclosure] Cisco IOS hacked?, ciscoioshehehe, 19:12
- Whitepaper - Writing small shellcode, Dafydd Stuttard, 18:31
- @System Security Conference, Giorgio Zoppi, 18:21
- Re: [Full-disclosure] Cisco IOS hacked?, Andrei Mikhailovsky, 18:11
- Re: PHP Nuke <= 7.8 Multiple SQL Injections, hans, 16:50
- Re: PHP Nuke <= 7.8 Multiple SQL Injections, Paul Laudanski, 16:30
- Re: PHP Nuke <= 7.8 Multiple SQL Injections, Daniel Bonekeeper, 16:20
- Possible memory corruption problems in Apple Safari, Jonathan Rockway, 16:10
- [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.8/9, bugtraq, 15:59
- [Full-disclosure] ERRATA: [ GLSA 200507-20 ] Shorewall: Security policy bypass, koon, 15:49
- [Full-disclosure] [ GLSA 200509-12 ] Apache, mod_ssl: Multiple vulnerabilities, koon, 15:49
- Dumb Question, Sean Warnock, 15:39
- Re: Airscanner Mobile Security Advisory #05082201: File Transfer Anywhere v3.01 Local Server Password Disclosure, 3APA3A, 15:29
- Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability, h4cky0u, 15:19
- router worms and International Infrastructure [was: Re: IOS exploit], Gadi Evron, 14:58
- Antigen 8.0 for Exchange/SMTP Rule Vulnerability, Alan Monaghan, 14:38
- RE: [Snort-devel] Re: [Snort-users] Snort DoS Fallacies, Steven Sturges, 14:28
- RE: [Snort-devel] Re: [Snort-users] Snort DoS Fallacies, Steven Sturges, 14:28
- CuteNews 1.4.0 remote code execution, retrogod, 14:28
- RE: [Snort-devel] Re: [Snort-users] Snort DoS Fallacies, Steven Sturges, 14:28
- CuteNews 1.4.0 remote code execution, retrogod, 14:18
- [Full-disclosure] killbits? should have named them kibbles and bits, Ill will, 13:37
- Whitepaper - Writing small shellcode, Dafydd Stuttard, 12:16
- [Full-disclosure] [USN-184-1] umount vulnerability, Martin Pitt, 09:35
- [Full-disclosure] [ GLSA 200509-13 ] Clam AntiVirus: Multiple vulnerabilities, Thierry Carrez, 06:54
- [Full-disclosure] [ GLSA 200509-12 ] Apache, mod_ssl: Multiple vulnerabilities, Thierry Carrez, 06:44
- [Full-disclosure] Cisco IOS hacked?, ciscoioshehehe, 05:13
September 16, 2005
- [Full-disclosure] Web Application Security Analyzer for PHP-Nuke/phpBB CMS, Paul Laudanski, 23:27
- Re: PHP Nuke <= 7.8 Multiple SQL Injections, Paul Laudanski, 22:06
- CDMA1X Security, pen-test, 21:16
- Re: PHP Nuke <= 7.8 Multiple SQL Injections, Paul Laudanski, 21:05
- Re: worring about YaST in SuSE 9.3 and maybe lower, Marcus Meissner, 21:05
- RE: [Full-disclosure] FireFox Host: Buffer Overflow is not justexploitable on FireFox, Juha-Matti Laurio, 21:05
- Greyhats Security back online, pvnick, 20:55
- Re: PHP Nuke <= 7.8 Multiple SQL Injections, Matthias Jim Knopf, 20:45
- Re: PHP SESSION MODIFICATION, David N Murray, 20:25
- TSLSA-2005-0049 - multi, Trustix Security Advisor, 19:45
- [Full-disclosure] Greyhats Security back online, Paul, 18:34
- PHP SESSION MODIFICATION, unknow, 18:04
- Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox, Juha-Matti Laurio, 17:54
- SUSE Security Announcement: evolution (SUSE-SA:2005:054), Ludwig Nussel, 17:44
- SUSE Security Announcement: squid (SUSE-SA:2005:053), Thomas Biege, 17:13
- Re: CastleCops ramps up fight against CoolWebSearch/HomeSearch, Times Enemy, 17:03
- Re: CastleCops ramps up fight against CoolWebSearch/HomeSearch, Paul Laudanski, 16:43
- worring about YaST in SuSE 9.3 and maybe lower, innate, 16:43
- FF IDN buffer overflow workaround works in Netscape too, Juha-Matti Laurio, 16:23
- Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox, milw0rm Inc., 15:02
- RE: [Snort-devel] Re: [Snort-users] Snort DoS Fallacies, Ferguson, Justin (IARC), 13:21
- [Full-disclosure] Message for D1g1t4lLeech ZATAZ Audit has discovered this bug the 2005-09-05 D1g1t4lLeech you are a true Leecher ;), ZATAZ Audits, 12:51
- [Full-disclosure] arc insecure temporary file creation, ZATAZ Audits, 12:51
- [Full-disclosure] ncompress insecure temporary file creation, ZATAZ Audits, 12:51
- [Full-disclosure] gwcc insecure temporary file creation, ZATAZ Audits, 12:20
- [Full-disclosure] (TOOL) TAPiON ver 0.1c, Piotr Bania, 12:00
- Re: AWstats Path Disclosure Vulnerability, Martin Pitt, 04:17
- PTL Advisory 050825 - HP LaserJet Network Username and Information Enumeration, Pinion Lab, 04:07
- Re: AWstats Path Disclosure Vulnerability, cwh01, 03:46
- Airscanner Mobile Security Advisory #05082201: File Transfer Anywhere v3.01 Local Server Password Disclosure, contact, 03:36
- XSS Vulnerability in MIVA Merchant 5 - Includes Fix, admin, 03:16
September 15, 2005
- [Full-disclosure] [FLSA-2005:152919] Updated grip package fixes security issue, Marc Deslauriers, 23:24
- Re: PHP Nuke <= 7.8 Multiple SQL Injections, Paul Laudanski, 20:53
- MDKSA-2005:164 - Updated XFree86/x.org packages fix vulnerability, Mandriva Security Team, 20:43
- RE: [Full-disclosure] FireFox Host: Buffer Overflow is not justexploitable on FireFox, Peter Kruse, 20:23
- RE: [Snort-devel] Re: [Snort-users] Snort DoS Fallacies, Ferguson, Justin (IARC), 20:23
- Re: Re: Serious Security issue with broken - Microsoft's .Net XML Serialization API, darkangel . stt, 20:13
- RE: [Snort-devel] Re: [Snort-users] Snort DoS Fallacies, Ferguson, Justin (IARC), 20:13
- Anti Arp Poisoning Daemon (OpenAAPD) PS: Link corrected, Andrea Di Pasquale, 20:03
- RE: [Snort-devel] Re: [Snort-users] Snort DoS Fallacies, Steven Sturges, 19:52
- Re: PHP Nuke <= 7.8 Multiple SQL Injections, evaders99, 19:42
- Re: AWstats Path Disclosure Vulnerability, Fournaux, 19:32
- Oracle Reports: Generic SQL Injection Vulnerability via Lexical References, ak, 19:22
- Online Dating Software by AEwebworks - aeDating Script <= 4.0 Version Vulnerability, alexsrb, 19:22
- CastleCops ramps up fight against CoolWebSearch/HomeSearch, Paul Laudanski, 17:11
- 404 error XSS, Josh Zlatin-Amishav, 17:00
- Remote File Inclusion in MyGuestbook, rod hedor, 16:40
- Is netcraft publishing URL of your intranet sites?, Saqib Ali, 16:40
- Character Manipulation in Online Systems., hackology, 16:10
- Avocent CCM: Port Access Control Bypass Vulnerability, spam, 16:10
- SQL injection & XSS in phpoutsourcing Noah's classifieds, alireza hassani, 15:49
- TWiki Remote Command Execution Vulnerability, Sap ., 15:39
- Airscanner Mobile Security Advisory #05081102: vxFtpSrv 0.9.7 Remote Code Execution Buffer Overflow Vulnerability, contact, 15:29
- DriverStudio Remote Control Authentication Bypass Vulnerability, cocoruder, 15:19
- Airscanner Mobile Security Advisory #05081101: vxWeb v.1.1.4 Denial of Service Vulnerability, contact, 15:19
- Airscanner Mobile Security Advisory #05081203: vxTftpSrv 1.7.0 Remote Code Execution Buffer Overflow Vulnerability, contact, 15:09
- Digital Scribe v1.4 Login Bypass / SQL injection / remote code execution, retrogod, 14:38
- Secunia Research: Ahnlab V3 Antivirus Multiple Vulnerabilities, Secunia Research, 14:38
- [Full-disclosure] gtkdiskfree insecure temporary file creation, ZATAZ Audits, 11:16
- [Full-disclosure] [FLSA-2005:160202] Updated mozilla packages fix security issues, Marc Deslauriers, 00:21
- [Full-disclosure] [FLSA-2005:162680] Updated Zlib packagea fix security issues, Marc Deslauriers, 00:21
- [Full-disclosure] [FLSA-2005:163047] Updated squirrelmail package fixes security issues, Marc Deslauriers, 00:21
- [Full-disclosure] [FLSA-2005:163274] Updated CUPS packages fix security issue, Marc Deslauriers, 00:21
September 14, 2005
- Re: [Full-disclosure] Mozilla / Mozilla Firefox authentication weakness, Juha-Matti Laurio, 22:30
- Re: [Full-disclosure] Mozilla / Mozilla Firefox authentication weakness, Daniel Veditz, 17:47
- Re: [Snort-devel] Re: [Snort-users] Snort DoS Fallacies, Martin Roesch, 16:06
- ATutor 1.5.1 SQL Injection / Admin credentials disclosure / remote code execution, retrogod, 13:45
- RE: [Snort-devel] Re: [Snort-users] Snort DoS Fallacies, Ferguson, Justin (IARC), 12:34
- FW: [Snort-devel] Re: [Snort-users] Snort DoS Fallacies, Ferguson, Justin (IARC), 12:34
- RE: [Snort-devel] Re: [Snort-users] Snort DoS Fallacies, Ferguson, Justin (IARC), 12:34
- [Full-disclosure] Secunia Research: AVIRA Antivirus ACE Archive Handling Buffer Overflow, Secunia Research, 10:43
- [Full-disclosure] Mozilla / Mozilla Firefox authentication weakness, 3APA3A, 10:03
- RE: [Full-disclosure] FireFox Host: Buffer Overflow is not justexploitable on FireFox, Peter Kruse, 09:02
- Re: [Snort-users] Snort DoS Fallacies, Martin Roesch, 02:18
- Re: [Snort-users] Snort DoS Fallacies, purplebag, 01:47
September 13, 2005
- Re: [Snort-users] Snort DoS Fallacies, Martin Roesch, 22:23
- Re: [Snort-users] Snort DoS Fallacies, Martin Roesch, 22:23
- Re: [Snort-users] Snort DoS Fallacies, Martin Roesch, 22:23
- RE: [Snort-users] Snort DoS Fallacies, Ferguson, Justin (IARC), 22:03
- [Full-disclosure] security at netscape.org says Error 550, Juha-Matti Laurio, 20:12
- Re: [Snort-users] Snort DoS Fallacies, Martin Roesch, 20:01
- Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox, Juha-Matti Laurio, 19:51
- [Full-disclosure] iDEFENSE Security Advisory 09.13.05: Linksys WRT54G Router Remote Administration apply.cgi Buffer Overflow Vulnerability, iDEFENSE Labs, 19:51
- [Full-disclosure] iDEFENSE Security Advisory 09.13.05: Linksys WRT54G 'upgrade.cgi' Firmware Upload Design Error Vulnerability, iDEFENSE Labs, 19:41
- [Full-disclosure] iDEFENSE Security Advisory 09.13.05: Linksys WRT54G Management Interface DoS Vulnerability, iDEFENSE Labs, 19:41
- [Full-disclosure] iDEFENSE Security Advisory 09.13.05: Linksys WRT54G 'restore.cgi' Configuration Modification Design Error Vulnerability, iDEFENSE Labs, 19:41
- [Full-disclosure] iDEFENSE Security Advisory 09.13.05: Linksys WRT54G Router Remote Administration Fixed Encryption Key Vulnerability, iDEFENSE Labs, 19:31
- Re: Serious Security issue with broken - Microsoft's .Net XML Serialization API, Rohit, 18:50
- Serious Security issue with broken - Microsoft's .Net XML Serialization API, Rohit, 15:18
- Re: anti Windows XP SP2 firewall trick, Ansgar -59cobalt- Wiechers, 15:07
- MDKSA-2005:163 - Updated MySQL packages fix vulnerability, Mandriva Security Team, 14:57
- MDKSA-2005:162 - Updated squid packages fix vulnerabilities, Mandriva Security Team, 14:47
- Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability, h4cky0u, 14:37
- AzDGDatingLite V 2.1.3 remote code execution, retrogod, 14:11
- [Full-disclosure] btscanner 2.0 released, bluetooth, 13:47
- [Snort-users] Snort DoS Fallacies, Ferguson, Justin (IARC), 13:14
- [Full-disclosure] Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability (Updated), h4cky0u, 11:58
- [Full-disclosure] [USN-183-1] Squid vulnerabilities, Martin Pitt, 10:37
- [Full-disclosure] Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability, h4cky0u, 10:27
September 12, 2005
- [OpenPKG-SA-2005.021] OpenPKG Security Advisory (squid), OpenPKG, 20:20
- util-linux: unintentional grant of privileges by umount, David Watson, 19:59
- PHP Nuke <= 7.8 Multiple SQL Injections, r . verton, 18:49
- [Full-disclosure] [ GLSA 200509-08 ] Python: Heap overflow in the included PCRE library, Thierry Carrez, 18:39
- SUSE Security Announcement: apache2 (SUSE-SA:2005:051), Thomas Biege, 17:38
- Security Flaw in pam_per_user Module, Mark D. Roth, 16:47
- Sawmill XSS vuln, Mark Terry, 16:37
- [Full-disclosure] [ GLSA 200509-07 ] X.Org: Heap overflow in pixmap allocation, Thierry Carrez, 14:06
- [Full-disclosure] [USN-83-2] LessTif 1 vulnerabilities, Martin Pitt, 13:55
- [Full-disclosure] [USN-182-1] X server vulnerability, Martin Pitt, 12:35
- [Full-disclosure] [USN-181-1] Mozilla products vulnerability, Martin Pitt, 12:35
- [Full-disclosure] FireFox "Host:" Buffer Overflow is not just exploitable on FireFox, Berend-Jan Wever, 00:19
September 10, 2005
- Re: [Full-disclosure] Revised paper on "ICMP attacks against TCP", Łukasz Bromirski, 20:07
- Re: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow Exploit, Przemyslaw Frasunek, 15:55
- Re: [Full-disclosure] Revised paper on "ICMP attacks against TCP", Florian Weimer, 13:13
- [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow Exploit, Berend-Jan Wever, 13:03
- RE: [Full-disclosure] Revised paper on "ICMP attacks against TCP", Fernando Gont, 10:42
September 09, 2005
- FreeBSD Security Advisory FreeBSD-SA-05:20.cvsbug [REVISED], FreeBSD Security Advisories, 19:15
- Re[2]: [Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine, Alejandro Barrera, 19:05
- Re: [Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine, Piotr Bania, 18:45
- class-1 Forum Software v 0.24.4 Remote code execution, retrogod, 18:25
- KillProcess 2.20 and priors "FileDescription" Local Buffer Overflow Issue, fRoGGz, 18:15
- Zebedee DoS Vulnerability, Shiraishi.M, 18:15
- Cj Desing Three Aplications One Bug, psymera, 18:05
- KillProcess 2.20 and priors "FileDescription" Local Buffer Overflow Issue, fRoGGz, 18:05
- Re: [Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine, Alejandro Barrera, 18:05
- TSLSA-2005-0047 - multi, Trustix Security Advisor, 17:35
- [Full-disclosure] iDEFENSE Security Advisory 09.09.05: GNU Mailutils 0.6 imap4d 'search' Format String Vulnerability, iDEFENSE Labs, 15:00
- [Full-disclosure] 3 minor vulnerabilities in IPSwitch products, CIRT.DK Advisory, 13:59
- [Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine, Piotr Bania, 13:39
- [Full-disclosure] [USN-179-1] openssl weak default configuration, Martin Pitt, 13:29
- [Full-disclosure] [USN-178-1] Linux kernel vulnerabilities, Martin Pitt, 08:36
September 07, 2005
- anti Windows XP SP2 firewall trick, crusoe, 19:08
- RE: FileZilla weakly-encrypted password vulnerability: advisory + PoC, MacIntyre, Lawrence Paul, 17:27
- RE: FileZilla weakly-encrypted password vulnerability: advisory + PoC, Mark Senior, 17:17
- [NewAngels Advisory #5] Stylemotion WEB//NEWS 1.4 Vulnerabilities, r . verton, 16:46
- Rule bypassing in CheckPoint NGX R60, fitz, 16:26
- Re: Microsoft Windows keybd_event validation vulnerability, galacticjello, 16:16
- MDKSA-2005:156 - Updated ntp packages fix small security-related issue., Mandriva Security Team, 16:06
- MDKSA-2005:157 - Updated smb4k packages fix vulnerabilities, Mandriva Security Team, 15:56
- MDKSA-2005:158 - Updated mplayer packages fix vulnerabilities, Mandriva Security Team, 15:46
- [Full-disclosure] [ Suresec Advisories ] - Kcheckpass file creation vulnerability, Suresec Advisories, 15:46
- WebArchiveX - Unsafe Methods Vulnerability, Brett Moore, 15:36
- PBLang 4.65 (possibly prior versions) remote code execution, retrogod, 15:26
- MDKSA-2005:159 - Updated kdeedu packages fix tempfile vulnerability, Mandriva Security Team, 15:26
- MDKSA-2005:160 - Updated kdebase packages fix potential local root vulnerability, Mandriva Security Team, 15:16
- SQL Injection[2] In MyBB PR2, stranger-killer, 14:45
- Vulnerability In SecureOL VE2 v1.05.1008, maxim, 14:35
- FreeBSD Security Advisory FreeBSD-SA-05:20.cvsbug, FreeBSD Security Advisories, 14:25
- [Full-disclosure] [ GLSA 200509-06 ] Squid: Denial of Service vulnerabilities, Sune Kloppenborg Jeppesen, 14:05
- [Full-disclosure] Re: Microsoft Windows keybd_event validation vulnerability, Ansgar -59cobalt- Wiechers, 10:03
- Re: [Full-disclosure] Microsoft Windows keybd_event validation vulnerability, cy.wang, 08:42
- [Full-disclosure] USN-160-2: Apache vulnerability, Martin Pitt, 06:11
- [Full-disclosure] [USN-177-1] Apache 2 vulnerabilities, Martin Pitt, 05:11
- [Full-disclosure] [USN-176-1] kcheckpass vulnerability, Martin Pitt, 05:01
- Vulnerability in myBloggie 2.1.3-beta and prior, os2a . bto, 04:31
- (Annex A) ADSL Road Runner Exploit Description & Theory, gp32boy, 04:10
- [SECURITY] [DSA 795-2] Updated i386 proftpd packages fix format string vulnerability, Michael Stone, 02:40
- Update: Realchat user impersonation - BSA 200506110001, Andreas Beck, 02:19
- [security bulletin] SSRT051023 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access, security-alert, 01:59
- USB Lock Auto-Protect v1.5 - Local Password Encryption Weakness, unsecure, 01:39
- [OpenPKG-SA-2005.018] OpenPKG Security Advisory (pcre), OpenPKG, 01:19
- [OpenPKG-SA-2005.019] OpenPKG Security Advisory (openssh), OpenPKG, 00:38
September 06, 2005
- phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting, retrogod, 23:38
- Re: FileZilla weakly-encrypted password vulnerability: advisory + PoC, medhead, 23:07
- [NewAngels Advisory] aMember Pro 2.3.X - Remote File Include Vulnerability, 4Degrees, 22:57
- Re: FileZilla weakly-encrypted password vulnerability, Luigi Auriemma, 22:47
- [OpenPKG-SA-2005.017] OpenPKG Security Advisory (modssl), OpenPKG, 22:37
- Re: FileZilla weakly-encrypted password vulnerability: advisory + PoC, Nicholas Knight, 22:27
- SUSE Security Announcement: php4, php5 remote code execution (SUSE-SA:2005:051), Marcus Meissner, 22:17
- Multiple vulnerabilities in FreeBSD 'urban', Shaun Colley, 22:17
- Land Down Under 'events.php' Cross Site Scripting Vulnerability, conor . e . buckley, 22:07
- UNB 1.5.3 cross site scripting, retrogod, 21:56
- PHP-Nuke, bhfh, 21:46
- Re: CMS Made Simple <= 0.10 - PHP injection, garaged, 21:46
- Re: FileZilla weakly-encrypted password vulnerability: advisory + PoC, Nick Boyce, 21:36
- [OpenPKG-SA-2005.020] OpenPKG Security Advisory (proftpd), OpenPKG, 20:16
- RE: Computer forensics to uncover illegal internet use, dave kleiman, 19:56
- [KDE Security Advisory] kcheckpass local root vulnerability, Dirk Mueller, 19:15
- IIS 5.1 allows for remote viewing of source code on FAT/FAT32 volumes using WebDAV, inge . henriksen, 19:05
- I have discovered small xss error in open webmail 2.41, s3cure, 18:55
- [NOBYTES.COM: #11] MidiCart ASP Shopping Cart, Evaluation Version 7 & Standard & Pro - Multiple Vulnerabilities, John Cobb, 18:45
- MAXdev MD-Pro 1.0.73 (possibly prior versions) remote code execution / cross site scripting / path disclosure, retrogod, 18:45
- [Full-disclosure] [ GLSA 200509-05 ] Net-SNMP: Insecure RPATH, Thierry Carrez, 12:11
- [Full-disclosure] Re: Microsoft Windows keybd_event validationvulnerability, Dave Korn, 11:51
- [Full-disclosure] [ GLSA 200509-04 ] phpLDAPadmin: Authentication bypass, Thierry Carrez, 11:41
- [Full-disclosure] Secunia Research: SqWebMail Conditional Comments Script Insertion Vulnerability, Secunia Research, 09:40
- Re: [Full-disclosure] Microsoft Windows keybd_event validation vulnerability, Jerome Athias, 09:40
- [Full-disclosure] Microsoft Windows keybd_event validation vulnerability, Frederic Charpentier, 09:09
- [Full-disclosure] [USN-145-2] wget bug fix, Martin Pitt, 06:49
September 03, 2005
- FileZilla weakly-encrypted password vulnerability: advisory + PoC, [#*at*#], 18:03
- [Full-disclosure] RE: Computer forensics to uncover illegal internet use, Craig, Tobin \(OIG\), 13:21
- [Full-disclosure] [ GLSA 200509-02 ] Gnumeric: Heap overflow in the included PCRE library, Thierry Carrez, 07:29
- [Full-disclosure] RE: Computer forensics to uncover illegal internet use, dave kleiman, 01:06
- [Full-disclosure] Re: Computer forensics to uncover illegal internet use, Jason Coombs, 01:06
September 01, 2005
- RE: Re: secure client-side platform, Mark Senior, 21:34
- Re: secure client-side platform, Keith Oxenrider, 21:24
- Re: secure client-side platform, devnull, 20:44
- SUSE Security Announcement: kernel multiple security problems (SUSE-SA:2005:050), Marcus Meissner, 19:54
- [security bulletin] SSRT051005 rev.1 - HP ProLiant DL585 Servers Unauthorized Remote Access, Boren, Rich (HP SSRT), 18:13
- re: Ariba Spend Management System, gerald626, 18:03
- Re: Vulnerability in Symantec Anti Virus Corporate Edition v9.x, Colin, 17:32
- [Full-disclosure] [USN-175-1] ntp server vulnerability, Martin Pitt, 17:22
- File aribitary read access in frox, un4m31, 17:22
- Re: secure client-side platform, liudieyu, 17:12
- SimplePHPBlog Arbitrary File Deletion and Sample Exploit, 'ken'@FTU, 17:12
- [SecuriWeb.2005.1] - Barracuda SPAM firewall advisory, Francois Harvey, 17:02
- RE: Ariba password exposure vulnerability, Craig Kennedy, 16:52
- UMN gopher[v3.0.9+] multiple(2) client buffer overflows., v9, 16:41
- Adobe Version Cue exploits., v9, 16:31
- RE: Vulnerability in Symantec Anti Virus Corporate Edition v9.x, James C Slora Jr, 16:11
- [Full-disclosure] CYBSEC - Multiple Vendor Web Vulnerability Scanner Arbitrary Script Injection Vulnerability, Mariano Nuñez Di Croce, 13:49
- [Full-disclosure] iDEFENSE Security Advisory 09.01.05: Novell NetMail IMAPD Command Continuation Request Heap Overflow, iDEFENSE Labs, 13:49
- [Full-disclosure] iDEFENSE Security Advisory 09.01.05: 3Com Network Supervisor Directory Traversal Vulnerability, iDEFENSE Labs, 13:49
- Re: Vulnerability in Symantec Anti Virus Corporate Edition v9.x], secure, 11:38
- [Full-disclosure] silc server and toolkit insecure temporary file creation, Eric Romang / ZATAZ.com, 11:28
- [Full-disclosure] [ GLSA 200509-01 ] MPlayer: Heap overflow in ad_pcm.c, Thierry Carrez, 09:57