Network Security Archives

Bugtraq (date)

[Thread Index] [Top] [All Lists]

October 31, 2005

APPLE-SA-2005-10-31 Mac OS X v10.4.3, noreply, 20:48
Re: uplod phpshell in PHP Advanced Transfer Manager, D_BuG, 20:07
SQL IN FORUM.PHP, ABDUCTER_MINDS, 19:57
mwcollect v3.0.0 Release, Georg Wicherski, 19:47
SQL In Invision Gallery 2.0.3, almaster, 19:37
OpenVPN[v2.0.x]: foreign_option() formart string vulnerability., v9, 19:07
[Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo(), Matthew Murphy, 18:46
Re: [Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo(), Florian Weimer, 17:26
Re: [Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo(), Stefan Esser, 17:16
Re: [Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo(), Florian Weimer, 17:16
[Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo(), Matthew Murphy, 17:05
[Full-disclosure] phpbb 2.0.18 release, Paul Laudanski, 17:05
[Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo(), Matthew Murphy, 15:26
New List, David Ahmad, 14:05
[Full-disclosure] Advisory 20/2005: PHP File-Upload $GLOBALS Overwrite Vulnerability, Stefan Esser, 11:09
[Full-disclosure] Advisory 19/2005: PHP register_globals Activation Vulnerability in parse_str(), Stefan Esser, 11:09
[Full-disclosure] Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo(), Stefan Esser, 11:09
[Full-disclosure] Security, Hacking & Social Engineering Presentation., Emmanuel Goldstein, 09:28

October 30, 2005

[Full-disclosure] Advisory 17/2005: phpBB Multiple Vulnerabilities, Stefan Esser, 21:53
[Full-disclosure] [ GLSA 200510-26 ] XLI, Xloadimage: Buffer overflow, Sune Kloppenborg Jeppesen, 15:10
[Full-disclosure] [ GLSA 200510-25 ] Ethereal: Multiple vulnerabilities in protocol dissectors, Sune Kloppenborg Jeppesen, 14:20

October 29, 2005

uplod phpshell in PHP Advanced Transfer Manager, sQl, 23:13
Mirabilis ICQ 2003a Buffer Overflow Download Shellcoded Exploit, atmaca, 23:13
Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through, Andrey Bayora, 23:03
Re: Remote File Inclusion in forum PunBB, arpen, 22:53
Vulnerability in MG2 php based Image Gallery - bypass security, view password protected images, preben, 22:53
Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through, mgotts, 22:43
Re: Network Appliance iSCSI Authentication Bypass, steve . shockley, 22:33
Re: Network Appliance iSCSI Authentication Bypass, Steve Shockley, 22:23
Remote MySQL User on Cpanel Default installation with blank password, sup3r_linux, 21:42
Re: Mozilla Thunderbird SMTP down-negotiation weakness, Jason Haar, 21:32
Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through forged magic byte, Williams, James K, 21:22
Re: Mozilla Thunderbird SMTP down-negotiation weakness, Bob Beck, 21:22
Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through, Dave English, 21:12
Remote File Inclusion in vCard :), [AT], 20:52
[Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., Paul Laudanski, 20:32
[Full-disclosure] Trend Micro's Response to the Magic Byte Bug, Auri Rahimzadeh, 13:18

October 28, 2005

[Full-disclosure] [USN-206-2] Fixed lynx packages for USN-206-1, Martin Pitt, 22:42
[Full-disclosure] [USN-151-3] zlib vulnerabilities, Martin Pitt, 20:51
File Including In PBLang, abducter_minds, 20:11
Re: [ GLSA 200510-23 ] TikiWiki: XSS vulnerability, dave canuck, 19:41
Re: [ GLSA 200510-23 ] TikiWiki: XSS vulnerability, Thierry Carrez, 19:30
[Full-disclosure] iDefense Security Advisory 10.28.05: Multiple Vendor chmlib CHM File Handling Buffer Overflow Vulnerability, iDEFENSE Labs, 18:20
[Full-disclosure] [USN-213-1] sudo vulnerability, Martin Pitt, 18:10
[Full-disclosure] [USN-212-1] libgda2 vulnerability, Martin Pitt, 17:59
MDKSA-2005:200 - Updated apache-mod_auth_shadow packages fix security restriction bypass issues., Mandriva Security Team, 14:47
MDKSA-2005:201 - Updated sudo packages fix vulnerability, Mandriva Security Team, 14:17
[ GLSA 200510-23 ] TikiWiki: XSS vulnerability, Thierry Carrez, 14:17
Re: [Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte, Bipin Gautam, 14:16
[Full-disclosure] [ GLSA 200510-24 ] Mantis: Multiple vulnerabilities, Thierry Carrez, 14:16
[Full-disclosure] [ GLSA 200510-22 ] SELinux PAM: Local password guessing attack, Thierry Carrez, 14:16
[Full-disclosure] Multiple vulnerabilities within RockLiffe MailSite Express WebMail, Paul Craig, 14:16

October 27, 2005

Secunia Research: ATutor Multiple Vulnerabilities, Secunia Research, 14:40
fetchmail security announcement 2005-02 (CVE-2005-3088), ma+nomail, 14:00
Re: [Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., Nicob, 13:30
[Full-disclosure] [CIRT.DK] - Novell ZENworks Patch Management Server 6.0.0.52 - SQL injection, CIRT.DK Advisory, 13:30
[VulnWatch] fetchmail security announcement 2005-02 (CVE-2005-3088), ma+nomail, 12:59
Re: [Full-disclosure] SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability, SEC Consult Research, 12:39
Re: [Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., Tatercrispies, 12:19
[Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., Nicob, 11:48
Re: [Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte, Eygene A. Ryabinkin, 10:38
Re: [Full-disclosure] SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability, Florian Weimer, 06:36
Re: [Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte, Andrey Bayora, 05:36
RE: [Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte, Debasis Mohanty, 02:04
MDKSA-2005:199 - Updated netpbm packages fix pnmtopng vulnerabilities, Mandriva Security Team, 01:24
PHP-Nuke Cross-Site Scripting Vulnerability, bhfh01, 01:14
MDKSA-2005:196 - Updated perl-Compress-Zlib packages fix vulnerabilities, Mandriva Security Team, 00:43
MDKSA-2005:194 - Updated php-imap packages fix buffer overflow vulnerabilities., Mandriva Security Team, 00:23

October 26, 2005

Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through, Andreas Marx, 23:43
MDKSA-2005:186-1 - Updated lynx packages fix remote buffer overflow, Mandriva Security Team, 23:33
Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through, Andrey Bayora, 23:03
MDKSA-2005:197 - Updated unzip packages fix suid, permissions vulnerabilities., Mandriva Security Team, 22:43
MDKSA-2005:195 - Updated squid packages fix vulnerabilities, Mandriva Security Team, 22:12
MDKSA-2005:198 - Updated uim packages fix suid linking vulnerabilities., Mandriva Security Team, 21:52
MDKSA-2005:193-1 - Updated ethereal packages fix multiple vulnerabilities, Mandriva Security Team, 21:42
Re: Mozilla Thunderbird SMTP down-negotiation weakness, Tony Finch, 19:10
[KAPDA::#9] Techno Dreams Scripts Vulnerabilities, advisory, 18:40
[Full-disclosure] Update for the magic byte bug, Andrey Bayora, 17:49
Looking for security contacts at Sony and Lenovo (FKA IBM), Richard M. Smith, 16:59
SQL-Injection in MyBulletinBoard allows attacker to become a board admin., Animal, 15:48
Re: Mozilla Thunderbird SMTP down-negotiation weakness, Jason Haar, 15:18
Secunia Research: Mantis "t_core_path" File Inclusion Vulnerability, Secunia Research, 15:18
Woltlab Burning Board info_db.php multiple SQL injection, admin, 15:08
Looking for a security contact at Macrovision/InstallShield, Richard M. Smith, 14:48
MDKSA-2005:193 - Updated ethereal packages fix multiple vulnerabilities, Mandriva Security Team, 14:38
SparkleBlog Journal.php HTML Injection Vulnerability =>v2.1 (all versions vulnerable), sikikmail, 00:21

October 25, 2005

Network Appliance iSCSI Authentication Bypass, advisories, 22:40
Re: [Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte, Andrey Bayora, 22:30
RE: Possible Bug in PHP-Fusion 6.0.204, Paul, 21:39
Mozilla Thunderbird SMTP down-negotiation weakness, Thomas Henlich, 21:09
[Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., Tatercrispies, 20:19
RE: [Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte, Debasis Mohanty, 19:48
[Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., Paul Laudanski, 19:48
Re: [Full-disclosure] phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., Tatercrispies, 19:38
[Full-disclosure] phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., Paul Laudanski, 19:27
[SNS Advisory No.85] XOOPS Multiple Cross-site Scripting Vulnerabilities, snsadv, 19:07
[Full-disclosure] SEC-Consult SA 20051025-1 :: RSA ACE Web Agent XSS, Bernhard Mueller, 18:17
[Full-disclosure] SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability, Bernhard Mueller, 18:17
Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through, Andrey Bayora, 16:56
DboardGear - uncorrect import themes (SQL-inject), poizon, 16:16
[Full-disclosure] Skype security advisory, . EADS CCR DCR/STI/C, 15:45
[Full-disclosure] PHP iCalendar CSS, ascii, 11:53
[Full-disclosure] [ GLSA 200510-21 ] phpMyAdmin: Local file inclusion and XSS vulnerabilities, Thierry Carrez, 10:13
[Full-disclosure] [ GLSA 200510-20 ] Zope: File inclusion through RestructuredText, Thierry Carrez, 09:52
[Full-disclosure] Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through forged magic byte, Andrey Bayora, 01:29

October 24, 2005

Flat Nuke Cross Site Scripting, alex, 21:26
[Full-disclosure] iDEFENSE Security Advisory 10.24.05: SCO Unixware Setuid ppp prompt Buffer Overflow Vulnerability, iDEFENSE Labs, 21:16
Nuked klan 1.7: SQL vulnerability, papipsycho, 21:16
[Full-disclosure] iDEFENSE Security Advisory 10.24.05: SCO Openserver authsh 'Home' Buffer Overflow Vulnerability, iDEFENSE Labs, 21:16
[Full-disclosure] iDEFENSE Security Advisory 10.24.05: SCO Openserver backupsh 'Home' Buffer Overflow Vulnerability, iDEFENSE Labs, 21:16
Nuked klan 1.7: Remote Exploit, papipsycho, 20:36
Zomplog Script Injection Vulnerability =>3.4 (all versions vulnerable), sikikmail, 20:05
File Including In FLAT NUKE, abducter_minds, 19:55
SQL saphp Lesson, almaster, 19:55
[KAPDA::#8] Domain Manager Pro Vulnerability, advisory, 19:35
aRCHILLES Newsworld < 1.5.0-rc1 Multiple Vulnerabilities, chburchert, 19:15
Possible Bug in PHP-Fusion 6.0.204, peanut, 19:05
[security bulletin] SSRT051055 rev.0 - HP Oracle for OpenView (OfO) Critical Patch Update October 2005, security-alert, 18:25
Insecure Temporary Files in BMC/Control-M Agent, Scott Cromar, 17:24
Nuked klan 1.7: Bypassed level admin on forum(corrected), papipsycho, 17:14
TSLSA-2005-0059 - multi, Trustix Security Advisor, 17:04
Remote File Inclusion in forum PunBB, rod hedor, 16:13
phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit., alphakgen, 16:03
PhpNuke 7.8 with all security fixes/patches "Your_Account", "Downloads", "Web Links" SQL Injection / Remote commans execution, retrogod, 15:52
SUSE Security Announcement: permissions (SUSE-SA:2005:062), Ludwig Nussel, 15:32
DBoardGear SQL Injection, almaster, 15:32
DCP - portal XSS & SQL attacks, alex, 15:22
[Full-disclosure] Revised draft on ICMP attacks, Fernando Gont, 15:12
[Full-disclosure] php < 4.4.1 htaccess apache dos, Eric Romang / ZATAZ.com, 15:11
[Full-disclosure] vhost enumeration, unknown unknown, 15:11
[Full-disclosure] Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability, Stefan Esser, 15:11
[Full-disclosure] [ GLSA 200510-19 ] cURL: NTLM username stack overflow, Thierry Carrez, 15:11
Windows UMPNPMGR wsprintfW Stack Buffer Overflow Vulnerability PoC, ppwd25, 15:10
[security bulletin] SSRT051052 rev.1 - HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE) Remote Privileged Access, security-alert, 15:10
[SNS Advisory No.84] Oracle Application Server HTTP Response Splitting Vulnerability, snsadv, 15:10
MDKSA-2005:192 - Updated xli packages fix buffer overflow vulnerabilities., Mandriva Security Team, 15:10
MDKSA-2005:191 - Updated ruby packages fix safe level and taint flag protections vulnerability, Mandriva Security Team, 15:10
MDKSA-2005:190 - Updated nss_ldap/pam_ldap packages fix privilege vulnerabilities., Mandriva Security Team, 15:10
MDKSA-2005:189 - Updated imap packages fix buffer overflow vulnerabilities., Mandriva Security Team, 15:10
Nuked klan 1.7: XSS vulnerability, papipsycho, 15:10
MDKSA-2005:188 - Updated graphviz packages fix temporary file vulnerability., Mandriva Security Team, 15:10
MDKSA-2005:187 - Updated dia packages fix python SVG import vulnerability., Mandriva Security Team, 15:10
[Argeniss] Story of a dumb patch (Paper advisoryabout CSRSS and Windows Explorer vulnerabilities), Cesar, 15:10
[Full-disclosure] F.E.A.R. 1.01 likes lithsock, Luigi Auriemma, 15:10
[Full-disclosure] Secunia Research: ZipGenius Multiple Archive Handling Buffer Overflow, Secunia Research, 15:09
[Full-disclosure] SEC-CONSULT-SA-20051021-0: Yahoo/MSIE XSS, Bernhard Mueller, 15:09
[Full-disclosure] OpenServer 5.0.7 : authsh and backupsh buffer overflow, please_reply_to_security, 15:09
[Full-disclosure] UnixWare 7.1.4 UnixWare 7.1.3 : ppp buffer overflow, please_reply_to_security, 15:09
[Full-disclosure] iDEFENSE Security Advisory 10.20.05: Symantec Norton AntiVirus DiskMountNotify Local Privilege Escalation, iDEFENSE Labs, 15:09
[Full-disclosure] iDEFENSE Security Advisory 10.20.05: Symantec Norton AntiVirus LiveUpdate Local Privilege Escalation, iDEFENSE Labs, 15:09
[Full-disclosure] iDEFENSE Security Advisory 10.20.05: Multiple Vendor Ethereal srvloc Buffer Overflow Vulnerability, iDEFENSE Labs, 15:09
Vulnerabilities in Oracle E-Business Suite 11i - Critical Patch Update October 2005, Integrigy Security, 15:08
Oracle Workflow CSS Vulnerability wf_route, ak, 15:08
Oracle Workflow CSS Vulnerability wf_monitor, ak, 15:08
Oracle 10g - emagent.exe Stack-Based Overflow, SPI Labs, 15:08
XSS & Path Disclosure in Chipmunk's products, alireza hassani, 15:08
RE: CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability, Williams, James K, 15:08
[security bulletin] SSRT051052 rev.0 - HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE) Remote Privileged Access, security-alert, 15:08
[Full-disclosure] [USN-211-1] Enigmail vulnerability, Martin Pitt, 15:08
[Full-disclosure] [ GLSA 200510-18 ] Netpbm: Buffer overflow in pnmtopng, Thierry Carrez, 15:08
[Full-disclosure] [ GLSA 200510-17 ] AbiWord: New RTF import buffer overflows, Thierry Carrez, 15:08
cacam_logsecurity_win32 exploit published on 20051018 by Metasploit, Williams, James K, 15:07
SecurityAlert SA025 : PHPNuke Remote Directory Traversal, sp3x, 15:07
Re: Windows host based firewall tester, Morten Torstensen, 15:07
Re: [KAPDA::#6] Punbb SQL Injection Vulnerability, alireza hassani, 15:07
SUSE Security Announcement: openSSL protocol downgrade attack (SUSE-SA:2005:061), Marcus Meissner, 15:07
Metasploit Framework v2.5, H D Moore, 15:07
Revision: Multiple Critical and High Vulnerabilities in Oracle Database Server, David Litchfield, 15:07
[Full-disclosure] paros proxy v3.2.5 and below blank "sa" password, Andrew Christensen, 15:06
Re: Require many large corporate emails for contact regarding vulnerability., dcrab, 15:06
Multiple Critical and High Vulnerabilities in Oracle Database Server, NGSSoftware Insight Security Research, 15:05
Windows host based firewall tester, Tim, 15:05
Re: [KAPDA::#6] Punbb SQL Injection Vulnerability, arpen, 15:05
Linksys WRT54G/S Directory Traversal, Shell, 15:05
e107 remote commands execution, retrogod, 15:05
NetFlow Analyzer 4 XSS Vulnerability, why, 15:05
MDKSA-2005:186 - Updated lynx packages fix remote buffer overflow, Mandriva Security Team, 15:05
SECURECon 2006 Call for papers!, Will Belcher, 15:05
Re: [Full-disclosure] Ciscos VPN-Client-Passwords can be decrypted, Clayton Kossmeyer, 15:05
[Full-disclosure] Secunia Research: MySource Cross-Site Scripting and File Inclusion Vulnerabilities, Secunia Research, 15:05
[Full-disclosure] [USN-210-1] netpbm vulnerability, Martin Pitt, 14:59

October 18, 2005

Re: [Full-disclosure] [USN-208-1] SSH server vulnerability, Martin Pitt, 05:35

October 17, 2005

Re: [Full-disclosure] Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service, Paul Laudanski, 23:22
winrar 3.50 Exploit, edward11, 21:11
Re: Aenovo Multiple Vulnerabilities (Patch), ali202, 21:01
PHP local safedir restriction bypass, slythers, 20:30
Yahoo RSS XSS Vulnerability, alljer, 20:20
[OpenPKG-SA-2005.022] OpenPKG Security Advisory (openssl), OpenPKG, 19:50
ie7 will have more mechanisms, liudieyu, 19:20
SUSE Security Announcement: OpenWBEM (SUSE-SA:2005:060), Sebastian Krahmer, 19:09
Yahoo RSS XSS Vulnerability (Correction), alljer, 18:49
[Full-disclosure] [USN-208-1] SSH server vulnerability, Martin Pitt, 14:57
[Full-disclosure] [ GLSA 200510-16 ] phpMyAdmin: Local file inclusion vulnerability, Sune Kloppenborg Jeppesen, 13:26
[Full-disclosure] [ GLSA 200510-15 ] Lynx: Buffer overflow in NNTP processing, Sune Kloppenborg Jeppesen, 13:26
[Full-disclosure] [USN-208-1] graphviz vulnerability, Martin Pitt, 11:35
[Full-disclosure] [USN-207-1] PHP vulnerability, Martin Pitt, 08:44
[Full-disclosure] [USN-206-1] Lynx vulnerability, Martin Pitt, 08:04
[Full-disclosure] flexbackup default config insecure temporary file creation, ZATAZ Audits, 07:43
[Full-disclosure] [ GLSA 200510-14 ] Perl, Qt-UnixODBC, CMake: RUNPATH issues, Thierry Carrez, 06:33
[Full-disclosure] Lynx Remote Buffer Overflow, Ulf Harnhammar, 03:32

October 16, 2005

[Full-disclosure] Ciscos VPN-Client-Passwords can be decrypted, Thierry Zoller, 17:46
[Full-disclosure] Exploiting Windows Device Drivers Whitepaper, Piotr Bania, 06:12

October 15, 2005

Re: Google Talk cleartext proxy credentials vulnerability, 3APA3A, 18:36
MDKSA-2005:185 - Updated koffice packages fix KWord RTF import overflow vulnerability, Mandriva Security Team, 16:35
Security Contacr for Mycall, Fixer, 15:55
[KAPDA::#6] Punbb SQL Injection Vulnerability, advisory, 15:45
[Full-disclosure] [ GLSA 200510-13 ] SPE: Insecure file permissions, Thierry Carrez, 08:22

October 14, 2005

MDKSA-2005:184 - Updated cfengine packages fix temporary file vulnerabilities, Mandriva Security Team, 21:07
Trusted Digital, Trusted Mobility Suite Authorization Bypass Vulnerability, none, 19:46
CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability, Williams, James K, 18:55
MDKSA-2005:183 - Updated wget packages fix NTLM authentication vulnerability, Mandriva Security Team, 17:55
Gallery 2.x Remote File Access Vulnerability, Bharat Mediratta, 17:45
Airscanner Mobile Security Advisory #05101001: iTunes Shared Music Denial of Service/Spoofing/Flooding/Abuse, Seth Fogie, 17:15
MDKSA-2005:182 - Updated curl packages fix NTLM authentication vulnerability, Mandriva Security Team, 17:05
Re: Antivirus detection bypass by special crafted archive., Williams, James K, 16:55
Google Talk cleartext proxy credentials vulnerability, m123303, 16:34
RTasarim WebAdmin modul SQL injection, khc, 16:24
[Full-disclosure] [USN-205-1] Curl and wget vulnerabilities, Martin Pitt, 11:52
[Full-disclosure] [USN-204-1] SSL library vulnerability, Martin Pitt, 06:19
[Full-disclosure] [ GLSA 200510-12 ] KOffice, KWord: RTF import buffer overflow, Sune Kloppenborg Jeppesen, 03:48

October 13, 2005

[security bulletin] SSRT5975 HP-UX Running on Itanium Platforms Local Denial of Service (DoS), Security Alert, 21:35
[security bulletin] SSRT051041 rev.1 - HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS), security-alert, 20:54
Secunia Research: AhnLab V3 Antivirus ALZ/UUE/XXE Archive Handling Buffer Overflow, Secunia Research, 16:12
[Full-disclosure] iDEFENSE Security Advisory 10.13.05: Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability, iDEFENSE Labs, 15:42
[Full-disclosure] iDEFENSE Security Advisory 10.13.05: Multiple Vendor XMail 'sendmail' Recipient Buffer Overflow Vulnerability, iDEFENSE Labs, 15:31
Yapig: XSS / Code Injection Vulnerability, enji, 14:11
[Full-disclosure] [USN-203-1] Abiword vulnerabilities, Martin Pitt, 13:10
[Full-disclosure] Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service, Piotr Bania, 11:39
Re: Cenzic NASL plugins, Michael Boman, 11:19
honeypot and honeynet as IDS, Krish Mehak, 05:27

October 12, 2005

ZDI-05-001: VERITAS NetBackup Remote Code Execution, zdi-disclosures, 21:13
Re: VoIP-Phones: Weakness in proccessing SIP-Notify-Messages, Tobias Glemser, 21:03
VERITAS NetBackup: Java User-Interface, format string vulnerability, secure, 20:33
[SEC-1 Advisory] Collaboration Data Objects Buffer Overflow Vulnerability, Gary Oleary-Steele, 19:32
Research for network security news article, lgreenem, 18:51
Re: [SECURITYREASON.COM] phpMyAdmin Local file inclusion 2.6.4-pl1, Andreas Zeidler, 18:41
MDKSA-2005:181 - Updated squid packages fix vulnerabilities, Mandriva Security Team, 18:20
MDKSA-2005:178 - Updated squirrelmail packages fixes XSS vulberability, Mandriva Security Team, 15:58
Re: using php local file include vulnerabilities for command execution, Andreas Zeidler, 15:48
MDKSA-2005:179 - Updated openssl packages fix vulnerabilities, Mandriva Security Team, 15:38
MDKSA-2005:180 - Updated xine-lib packages fixes cddb vulnerability, Mandriva Security Team, 15:28
using php local file include vulnerabilities for command execution, Andreas Zeidler, 15:08
[Full-disclosure] Secunia Research: Novell NetMail NMAP Agent "USER" Buffer Overflow Vulnerability, Secunia Research, 12:57
[Full-disclosure] Linux Orinoco drivers information leakage, Meder Kydyraliev, 12:57
[Full-disclosure] [ GLSA 200510-11 ] OpenSSL: SSL 2.0 protocol rollback, Thierry Carrez, 10:15
[Full-disclosure] [SEC-1 Advisory] GFI MailSecurity 8.1 Web Module Buffer Overflow, Gary Oleary-Steele, 09:25
[Full-disclosure] [USN-202-1] KOffice vulnerability, Martin Pitt, 05:43
Cenzic NASL plugins, sec stuff, 02:02
[SECURITY] [DSA 850-1] New tcpdump packages fix denial of service, Martin Schulze, 00:21
[SECURITY] [DSA 851-1] New openvpn packages fix denial of service, Martin Schulze, 00:11
[SECURITY] [DSA 852-1] New up-imapproxy packages fix arbitrary code execution, Martin Schulze, 00:01

October 11, 2005

Announcement: The Web Application Firewall Evaluation Criteria v1, contact, 23:40
Re: Opinion: Complete failure of Oracle security response and utter neglect of t, Silent / Saracoth, 23:10
PullThePlug Contest: Call For Papers, announcements, 23:10
[SECURITYREASON.COM] phpMyAdmin Local file inclusion 2.6.4-pl1, max, 23:00
versatileBulletinBoard V1.0.0 RC2 (possibly prior versions) multiple SQL injection vulnerabilities / login bypass / board takeover, rgod, 22:19
FreeBSD Security Advisory FreeBSD-SA-05:21.openssl, FreeBSD Security Advisories, 21:19
XSS vulnerability in Zeroblog, alireza hassani, 21:08
[KDE Security Advisory] KOffice/KWord RTF import buffer overflow, Dirk Mueller, 20:58
The Malloc Maleficarum, Phantasmal Phantasmagoria, 20:28
[EEYEB20050510] - Microsoft DirectShow Remote Code Vulnerability, Advisories, 19:47
[EEYEB20050708] Microsoft Distributed Transaction Coordinator Memory Modification Vulnerability, Advisories, 19:37
[EEYEB20050915] - MDT2DD.DLL COM Object Uninitialized Heap Memory Vulnerability, Advisories, 19:17
[EEYEB20050803] - Windows UMPNPMGR wsprintfW Stack Buffer Overflow Vulnerability, Advisories, 19:17
CodeCon 2006 Call For Papers, Len Sassaman, 18:57
[Full-disclosure] iDEFENSE Security Advisory 10.11.05: Microsoft Distributed Transaction Controller TIP DoS Vulnerability, iDEFENSE Labs, 17:06
[Full-disclosure] iDEFENSE Security Advisory 10.11.05: Microsoft Distributed Transaction Controller Packet Relay DoS Vulnerability, iDEFENSE Labs, 16:55
[Full-disclosure] [USN-201-1] SqWebmail vulnerabilities, Martin Pitt, 14:34
[Full-disclosure] Secunia Research: WinRAR Format String and Buffer Overflow Vulnerabilities, Secunia Research, 13:33
[Full-disclosure] [ GLSA 200510-10 ] uw-imap: Remote buffer overflow, Thierry Carrez, 09:31
[Full-disclosure] [USN-200-1] Thunderbird vulnerabilities, Martin Pitt, 04:19

October 10, 2005

[Full-disclosure] iDEFENSE Security Advisory 10.10.05: Kaspersky Anti-Virus Engine CHM File Parser Buffer Overflow Vulnerability, iDEFENSE Labs, 19:15
[Full-disclosure] iDEFENSE Security Advisory 10.10.05: SGI IRIX runpriv Design Error Vulnerability, iDEFENSE Labs, 19:15
[Full-disclosure] [USN-199-1] Linux kernel vulnerabilities, Martin Pitt, 14:42
[Full-disclosure] phpMyAdmin Local file inclusion 2.6.4-pl1, Maksymilian Arciemowicz, 14:42
[Full-disclosure] [USN-198-1] cfengine vulnerabilities, Martin Pitt, 13:12
[Full-disclosure] [USN-197-1] Shorewall vulnerability, Martin Pitt, 09:30
[Full-disclosure] [USN-196-1] Xine library vulnerability, Martin Pitt, 07:19
[Full-disclosure] [USN-195-1] Ruby vulnerability, Martin Pitt, 06:18

October 09, 2005

RE: [Full-disclosure] Re: Antivirus detection bypass by special craftedarchive., ad, 17:13
[Full-disclosure] Re: Antivirus detection bypass by special crafted archive., Thierry Zoller, 16:43

October 08, 2005

Antivirus detection bypass by special crafted archive., unsecure, 16:42
MDKSA-2005:176 - Updated webmin package fixes authentication bypass vulnerability, Mandriva Security Team, 16:32
MDKSA-2005:177 - Updated hylafax packages fix temporary file vulnerability, Mandriva Security Team, 16:22
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers, Kurt Seifried, 16:22
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers, Tony Jambu, 16:12
Cyphor 0.19 SQL Injection / Board takeover / cross site scripting, retrogod, 16:02
[Full-disclosure] [ GLSA 200510-09 ] Weex: Format string vulnerability, Sune Kloppenborg Jeppesen, 14:42
[Full-disclosure] [ GLSA 200510-08 ] xine-lib: Format string vulnerability, Sune Kloppenborg Jeppesen, 14:31

October 07, 2005

Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers, Radoslav Dejanović, 21:54
Re: Security contact for ..., Williams, James K, 21:54
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers, Ivan ., 21:44
Utopia News Pro 1.1.3 SQL Injection / cross site scripting, retrogod, 21:34
Re: [Dailydave] Security contact for ..., security curmudgeon, 21:24
Aenovo Multiple Vulnerabilities, advisory, 21:14
Re: Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers, ak, 21:04
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers, David Litchfield, 21:04
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers, Gadi Evron, 20:54
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers, David Litchfield, 20:44
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers, Gadi Evron, 20:44
[Full-disclosure] gnome-pty-helper writes arbitrary utmp records, Paul Szabo, 19:53
MDKSA-2005:175 - Updated texinfo packages fix temporary file vulnerability, Mandriva Security Team, 16:22
MDKSA-2005:174 - Updated mozilla-thunderbird packages fix multiple vulnerabilities, Mandriva Security Team, 16:11
MDKSA-2005:173 - Updated mozilla-firefox packages fix vulnerabilities, Mandriva Security Team, 16:11
MDKSA-2005:172 - Updated openssh packages fix GSSAPI credentials vulnerability, Mandriva Security Team, 16:01
Shutdown TNS Listener via Oracle Forms Servlet, ak, 15:51
Shutdown TNS Listener via Oracle iSQL*Plus, ak, 15:41
Cross-Site-Scripting Vulnerability in Oracle XMLDB, ak, 15:41
[Full-disclosure] [ GLSA 200510-07 ] RealPlayer, Helix Player: Format string vulnerability, Thierry Carrez, 15:41
Cross-Site-Scripting Vulnerability in Oracle iSQL*Plus, ak, 15:31
Plaintext Password Vulnerabilitiy during Installation of Oracle HTMLDB, ak, 15:21
Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB, ak, 15:11
[security bulletin] SSRT051003 rev.1 - HP-UX Java Web Start remote unauthorized privileged access, security-alert, 15:00
[security bulletin] SSRT051043 rev.0 - Apache Remote Unauthorized access, security-alert, 14:50
Re: [Full-disclosure] MailEnable W3C Logging Remote Buffer Overflow Proof of Concept, user1, 10:28
[Full-disclosure] MailEnable W3C Logging Remote Buffer Overflow Proof of Concept, advisory, 09:58

October 06, 2005

Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers, Rainer Duffner, 19:31
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers, Cesar, 17:40
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers, David Litchfield, 17:30
RE: Some new whitepapers ..., Lila Buchalski, 17:20
xloadimage buffer overflow., Ariel Berkman, 17:09
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers, Rainer Duffner, 17:09
Re: Some new whitepapers ..., Jerome Athias, 16:39
Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers, David Litchfield, 16:09
High Risk Vulnerability in Sun Directory Server, NGSSoftware Insight Security Research, 15:59
aspReady FAQ - open for SQL-injections, preben, 15:38
[Full-disclosure] Secunia Research: PHP-Fusion Two SQL Injection Vulnerabilities, vuln, 15:28
[security bulletin] SSRT051004 rev.1 - HP-UX Java Runtime Environment (JRE) Untrusted Applet Elevates Privilege, security-alert, 15:18
WASC Threat Classification in 4 languages, contact, 14:58
Planet Technology Corp FGSW2402RS switch default password / "backdoor", lms, 14:38
[security bulletin] SSRT4743, SSRT4884 rev.1 - HP Tru64 UNIX TCP/IP remote Denial of Service (DoS), security-alert, 14:38
Announcement : Core Banking Application Security List, Lila Buchalski, 14:07
[Full-disclosure] Secunia Research: HAURI Anti-Virus ALZ Archive Handling Buffer Overflow, Secunia Research, 13:37
[Full-disclosure] [ GLSA 200510-06 ] Dia: Arbitrary code execution through SVG import, Sune Kloppenborg Jeppesen, 13:17
[Full-disclosure] [ GLSA 200510-05 ] Ruby: Security bypass vulnerability, Sune Kloppenborg Jeppesen, 13:06
[Full-disclosure] [USN-194-1] texinfo vulnerability, Martin Pitt, 12:26
[Full-disclosure] Secunia Research: PHP-Fusion Two SQL Injection Vulnerabilities, Secunia Research, 10:45
[Full-disclosure] Secunia Research: Webroot Desktop Firewall Two Vulnerabilities, Secunia Research, 10:45

October 05, 2005

Some new whitepapers ..., David Litchfield, 18:17
RE: Advisory: WZCS vulnerabilities, Brian J. Bartlett, 17:27
[VulnWatch] Patches available for critical flaws in HP Openview, NGSSoftware Insight Security Research, 16:36
PAKCON II: Call for Paper (CfP), Final Call!, Ayaz Ahmed Khan, 15:46
[Full-disclosure] Secunia Research: ALZip Multiple Archive Handling Buffer Overflow, Secunia Research, 11:03
[Full-disclosure] [ GLSA 200510-04 ] Texinfo: Insecure temporary file creation, Thierry Carrez, 09:52
RE: [Full-disclosure] Re: Careless LEO Forensics and Suicides, Aditya Deshmukh, 03:19

October 04, 2005

[security bulletin] SSRT051023 rev.5 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access, security-alert, 22:07
[security bulletin] SSRT051030 rev.1 - HP OpenView Event Correlation Services (OV ECS) Remote Unauthorized Privileged Access, security-alert, 21:57
[security bulletin] SSRT5940 rev.2 - HP-UX Mozilla remote, unauthorized user may execute privileged code, security-alert, 21:47
[security bulletin] SSRT051040 rev.0 - HP-UX Mozilla Remote Unauthorized Execution of Privileged Code, security-alert, 21:36
A common researcher diagnosis error: misreading error messages, Steven M. Christey, 21:36
[Full-disclosure] RE: iDEFENSE Security Advisory 10.04.05: Symantec AntiVirus Scan Engine Web Service Buffer Overflow Vulnerability, iDEFENSE Labs, 20:36
[Full-disclosure] iDEFENSE Security Advisory 10.04.05: Symantec AntiVirus Scan Engine Web Service Buffer Overflow Vulnerability, iDEFENSE Labs, 20:26
[Full-disclosure] iDEFENSE Security Advisory 10.04.05: UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability, iDEFENSE Labs, 20:16
[security bulletin] SSRT051041 rev.0 - HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS), security-alert, 20:06
Re: [Full-disclosure] Bypassing Personal Firewall, is it that* hard?, Bipin Gautam, 19:25
[Full-disclosure] Re: Careless LEO Forensics and Suicides, J. Oquendo, 16:54
[Full-disclosure] [ GLSA 200510-03 ] Uim: Privilege escalation vulnerability, Sune Kloppenborg Jeppesen, 16:24
Advisory: WZCS vulnerabilities, donctl, 16:24
RE: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides, Neil Dickey, 16:14
RE: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides, dave kleiman, 16:03
Call for Papers - DIMVA 2006, Thomas Biege, 14:43
RE: [Full-disclosure] Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue, Todd Towles, 12:01
[Full-disclosure] [USN-155-3] Fixed mozilla locale packages, Martin Pitt, 11:51
RE: [Full-disclosure] Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue, Bart Lansing, 11:31
[Full-disclosure] [USN-193-1] dia vulnerability, Martin Pitt, 10:40
[Full-disclosure] Re: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides, Stefano Zanero, 06:59
[Full-disclosure] RE: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides, dave kleiman, 06:59
RE: [Full-disclosure] Bypassing Personal Firewall, is it that* hard?, Aditya Deshmukh, 01:06

October 03, 2005

RE: [Full-disclosure] Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue, Todd Towles, 22:35
RE: [Full-disclosure] Different Claims by ZoneLabs on the "Bypassing PersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue, Paul Laudanski, 22:15
MDKSA-2005:171 - Updated kernel packages fix multiple vulnerabilities, Mandriva Security Team, 21:14
RE: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides, L. Adrian Griffis, 21:14
Kaspersky Antivirus Remote Heap Overflow, list, 21:04
Trillian remote crashable, philipp, 20:54
Re: Online Dating Software by AEwebworks - aeDating Script <= 4.0 Version Vulnerability, security, 20:54
Re: [Full-disclosure] Bypassing Personal Firewall, is it that* hard?, Oliver Leitner, 18:03
RE: [Full-disclosure] Bypassing Personal Firewall, is it that* hard?, Debasis Mohanty, 17:42
RE: [Full-disclosure] Bypassing Personal Firewall, is it that* hard?, Debasis Mohanty, 17:12
[Full-disclosure] Bypassing Personal Firewall, is it that* hard?, Bipin Gautam, 16:52
RE: [Full-disclosure] Different Claims by ZoneLabs on the "Bypassing PersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue, Debasis Mohanty, 16:32
RE: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides, Lachniet, Mark, 15:41
[Full-disclosure] [ GLSA 200510-02 ] Berkeley MPEG Tools: Multiple insecure temporary files, Thierry Carrez, 14:20
[Full-disclosure] [ GLSA 200510-01 ] gtkdiskfree: Insecure temporary file creation, Thierry Carrez, 14:20
RE: [Full-disclosure] Different Claims by ZoneLabs on the "Bypassing PersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue, Paul Laudanski, 14:00

October 02, 2005

RE: [Full-disclosure] Different Claims by ZoneLabs on the "Bypassing PersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue, Debasis Mohanty, 17:21
Re: [Full-disclosure] Different Claims by ZoneLabs on the "Bypassing PersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue, Paul Laudanski, 16:30
Re: [Full-disclosure] Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides, Steve Kudlak, 11:38

October 01, 2005

[Full-disclosure] Different Claims by ZoneLabs on the "Bypassing PersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue, Debasis Mohanty, 19:52
[Full-disclosure] Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides, Jason Coombs, 16:40
Security Advisory for Bugzilla 2.18.3, 2.20rc2, and 2.21, mkanat, 14:59
[Information Disclosure] NetForce v4.02 Sends NIS Password Maps with passwords hashes over sendmail, bambenek, 14:39
MyBloggie 2.1.3beta null char + SQL Injection -> Login Bypass, retrogod, 14:29
RE: [Full-disclosure] Re: Bypassing Personal Firewall (Zone Alarm Pro)Using DDE-IPC, Debasis Mohanty, 02:24