Network Security Archives

Vulnerability Development (date)

[Thread Index] [Top] [All Lists]

November 29, 2004

Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038, Liu Die Yu, 23:19
Multiple buffer overlows in WS_FTP Server Version 5.03, 2004.10.14., Reed Arvin, 22:22
[Full-Disclosure] [USN-33-1] libgd vulnerabilities, Martin Pitt, 22:12
[Full-Disclosure] [ GLSA 200411-38 ] Sun and Blackdown Java: Applet privilege escalation, Sune Kloppenborg Jeppesen, 20:01
[Full-Disclosure] Buffer-overflow in Orbz 2.10, Luigi Auriemma, 18:51
[OpenPKG-SA-2004.051] OpenPKG Security Advisory (imapd), OpenPKG, 15:49
Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception, Esben Stien, 13:07
[Full-Disclosure] ncpfs buffer overflow, Karol Więsek, 11:47
Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception, exon, 10:16

November 28, 2004

[Full-Disclosure] [ GLSA 200411-37 ] Open DC Hub: Remote code execution, Luke Macken, 17:59
[Full-Disclosure] Players overflow in Serious engine UDP (was Alpha Black Zero, 29 Sep 2004), Luigi Auriemma, 17:29
[Full-Disclosure] Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038, Liu Die Yu, 13:38
[Full-Disclosure] Macromedia provided wrong "Solution" in mpsb02-08, Liu Die Yu, 10:06

November 27, 2004

Microsoft Help ActiveX Control Related Topics Local Content Accessing Vulnerability, Paul, 23:32
Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception, Heikki Toivonen, 17:09
Setiri + Invisible browsers != browsers, Haroon Meer, 15:59
Re: [Full-Disclosure] To anybody who's offended by my disclosure policy, JxT, 12:27
Re: [Full-Disclosure] To anybody who's offended by my disclosure policy, Gadi Evron, 12:27
[Full-Disclosure] [ GLSA 200411-36 ] phpMyAdmin: Multiple XSS vulnerabilities, Luke Macken, 11:37
Re: [Full-Disclosure] To anybody who's offended by my disclosure policy, Gadi Evron, 02:03
[CLA-2004:900] Conectiva Security Announcement - sun-jre, Conectiva Updates, 01:13

November 26, 2004

Re: [Full-Disclosure] To anybody who's offended by my disclosure policy, kf_lists, 22:22
Immunity, Inc Advisor, Nicolas Waisman, 19:10
Phpbb id: 10701 update and Attachmodule add-on Directory Traversal, zee, 18:50
[Full-Disclosure] [ GLSA 200411-35 ] phpWebSite: HTTP response splitting vulnerability, Matthias Geerdsen, 18:20
Java version downgrading proof-of-concept, auto333584, 17:40
Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception, Jose Nazario, 17:30
Re: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched], K-OTiK Security, 17:20
PnTresMailer code browser 6.03 Vulnerabilities, John Cobb, 17:10
FluxBox crash vulnerability, Quith, 16:49
php 4.3.7 memory limit POC exploit, Gyan chawdhary, 16:39
Re: Atari800 - local root. (fwd), Petr Stehlik, 15:59
RE: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched], alex cottle, 15:39
Re: STG Security Advisory: [SSA-20041122-12] Zwiki XSS vulnerability, Chris Withers, 14:58
MDKSA-2004:141 - Updated zip packages fix vulnerability, Mandrake Linux Security Team, 14:18
MDKSA-2004:140 - Updated a2ps packages fix vulnerability, Mandrake Linux Security Team, 14:08
MDKSA-2004:139 - Updated cyrus-imapd packages fix multiple vulnerabilities, Mandrake Linux Security Team, 13:57
php-4.3.7 Memory Limit Vuln POC, Gyan chawdhary, 13:47
Re: MSIE flaws: nested array sort() loop Stack overflow exception, isno, 13:17
[Full-Disclosure] Re: MSIE flaws: nested array sort() loop Stack overflow exception, Gadi Evron, 08:23
[Full-Disclosure] phpCMS <= 1.2.1 Xss Vulnerability, Information disclosure, Cyrille Barthelemy, 07:42
Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched], Brett Moore, 06:31
[CLA-2004:899] Conectiva Security Announcement - samba, Conectiva Updates, 02:49
[Full-Disclosure] MSIE & FIREFOX flaws: "detailed" advisory and comments that you probably don't want to read anyway, Berend-Jan Wever, 00:18

November 25, 2004

Atari800 - local root., Adam Zabrocki, 21:57
Re: [Full-Disclosure] Re: FIREFOX flaws: nested array sort() loop Stack overflow exception, Dragos Ruiu, 21:07
Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception, Juan Carlos Navea, 20:06
Remote buffer overflow in MailEnable IMAP service [Hat-Squad Advisory], Jerome ATHIAS, 19:56
[Full-Disclosure] Rumours about Opera, Marc Schoenefeld, 19:46
Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception, Heikki Toivonen, 19:26
Re: Sun Java Plugin arbitrary package access vulnerability, Ken S, 17:45
[Full-Disclosure] More Browser on Macosx flaws: nested array sort() loop Stack overflow exception, Marco Mella, 17:35
[Full-Disclosure] Re: FIREFOX flaws: nested array sort() loop Stack overflow exception, James Tait, 17:25
[Full-Disclosure] Re: FIREFOX flaws: nested array sort() loop Stack overflow exception, Gadi Evron, 17:15
[Full-Disclosure] Re: To anybody who's offended by my disclosure policy, Gadi Evron, 17:15
Re: Sun Java Plugin arbitrary package access vulnerability, Peter Greenwood, 17:15
EZshopper is still vulnerable against Directory Traversal., Zero_X www.lobnan.de Team, 17:04
Re: Liferay Cross Site Scripting Flaw, michael young, 17:04
[Full-Disclosure] More Browser on Macosx flaws: nested array sort() loop Stack overflow exception, Marco Mella, 17:04
[Full-Disclosure] Re: FIREFOX flaws: nested array sort() loop Stack overflow exception, Gadi Evron, 17:04
Re: [Full-Disclosure] Re: Sun Java Plugin arbitrary package access vulnerability, Exchange, 16:44
[Full-Disclosure] To anybody who's offended by my disclosure policy, Berend-Jan Wever, 15:34
[USN-32-1] mysql vulnerabilities, Martin Pitt, 15:14
[Full-Disclosure] More Browser flaws on MACOSX: nested array sort() loop Stack overflow exception, Marco Mella, 15:03
XSS in Brazilian Insite products, Carlos Ulver, 13:43
Re: Changes to the filesystem while find is running - comments?, James Youngman, 12:42
STG Security Advisory: [SSA-20041122-12] Zwiki XSS vulnerability, advisory, 11:22
[Full-Disclosure] Re: Sun Java Plugin arbitrary package access vulnerability, Alla Bezroutchko, 10:21
Re: Router ZyXEL Prestige 650 HW http remote admin., Laurent Papier, 10:21
Re: [SIG^2 G-TEC] Prevx Home v1.0 Instrusion Prevention Features Can Be Disabled by Direct Service Table Restoration, Ralph Harvey, 09:31
RE: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Sta ck overflow exception, Randal, Phil, 09:01
[Full-Disclosure] [ GLSA 200411-34 ] Cyrus IMAP Server: Multiple remote vulnerabilities, Thierry Carrez, 08:20
[Full-Disclosure] MSIE flaws: nested array sort() loop Stack overflow exception, Berend-Jan Wever, 06:30
[SIG^2 G-TEC] CMailServer WebMail v5.2 Multiple Vulnerabilities, chewkeong, 06:30
[Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception, Berend-Jan Wever, 06:09
Re: Router ZyXEL Prestige 650 HW http remote admin., Steve Clement, 03:48
Re: Changes to the filesystem while find is running - comments?, Casper . Dik, 03:28
STG Security Advisory: [SSA-20041122-11] JSPWiki XSS vulnerability, advisory, 01:47

November 24, 2004

Re: Changes to the filesystem while find is running - comments?, devnull, 23:06
STG Security Advisory: [SSA-20041122-09] cscope insecure temp file creation vulnerability, advisory, 21:35
STG Security Advisory: [SSA-20041122-10] KorWeblog directory traversal vulnerability, advisory, 17:54
[SECURITY] [DSA 596-2] New sudo packages removes debug output, Martin Schulze, 16:43
Limited buffer-overflow and arbitrary memory access in Star Wars Battlefront 1.11, Luigi Auriemma, 16:03
Re: Changes to the filesystem while find is running - comments?, Casper . Dik, 15:43
Re: Incorrect reporting of the Bofra/The Register exploit, Florian Laws, 15:33
Re: Changes to the filesystem while find is running - comments?, Martin Buchholz, 15:23
[Full-Disclosure] Buffer Overflow in Open Dc Hub 0.7.14, Donato Ferrante, 14:42
Re: [SIG^2 G-TEC] Prevx Home v1.0 Instrusion Prevention Features Can Be Disabled by Direct Service Table Restoration, dullien, 11:01
[CLA-2004:896] Conectiva Security Announcement - bugzilla, Conectiva Updates, 09:40
MDKSA-2004:138 - Updated XFree86 packages fix libXpm vulnerabilities, Mandrake Linux Security Team, 07:59
SecureCRT - Remote Command Execution, Brett Moore, 07:49
[Full-Disclosure] [ GLSA 200411-33 ] TWiki: Arbitrary command execution, Sune Kloppenborg Jeppesen, 07:19
[Full-Disclosure] [ GLSA 200411-32 ] phpBB: Remote command execution, Sune Kloppenborg Jeppesen, 06:39
Re: Changes to the filesystem while find is running - comments?, James Youngman, 04:28
MDKSA-2004:138 - Updated XFree86 packages fix libXpm vulnerabilities, Mandrake Linux Security Team, 04:18
Re: Router ZyXEL Prestige 650 HW http remote admin., Hugo van der Kooij, 02:57
Re: Changes to the filesystem while find is running - comments?, James Youngman, 02:27
Incorrect reporting of the Bofra/The Register exploit, matt, 01:47
[Full-Disclosure] Jabberd2.x remote BuffJabberd2.x remote Buffer Overflowser Overflows, icbm, 01:27
Windows Mobile Pocket PC Security, kers0r, 01:27
Re: Changes to the filesystem while find is running - comments?, Paul Szabo, 00:16

November 23, 2004

Re: Sun Java Plugin arbitrary package access vulnerability, Ken S, 23:56
[CLA-2004:894] Conectiva Security Announcement - shadow-utils, Conectiva Updates, 21:31
Sun Java Plugin arbitrary package access vulnerability, Jouko Pynnonen, 20:51
Re: Changes to the filesystem while find is running - comments?, Martin Buchholz, 19:40
RE: iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrar y Package Access Vulnerability, Randal, Phil, 19:40
Re: Changes to the filesystem while find is running - comments?, Martin Buchholz, 18:50
Re: Changes to the filesystem while find is running - comments?, Paul Szabo, 18:20
MDKSA-2004:137 - Updated libxpm4 packages fix libXpm vulnerabilities, Mandrake Linux Security Team, 17:59
[Full-Disclosure] [USN-31-1] cyrus21-imapd vulnerabilities, Martin Pitt, 17:29
Re: Changes to the filesystem while find is running - comments?, Martin Buchholz, 17:29
Re: Changes to the filesystem while find is running - comments?, James Youngman, 17:18
[Full-Disclosure] Broadcast memory corruption in Soldier of Fortune II 1.03, Luigi Auriemma, 17:08
[Full-Disclosure] Prozilla Remote Exploit, Serkan Akpolat, 16:58
Re: Changes to the filesystem while find is running - comments?, James Youngman, 16:58
Fotolog.net cross-site scripting vulnerabilities [RLSA_05-2004], Jerome ATHIAS, 16:38
RE: iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrar y Package Access Vulnerability, Sherlock, Nathan, 16:28
echalk vuln, kevin anonymous, 15:58
Winamp - Buffer Overflow In IN_CDDA.dll, Brett Moore, 15:48
Re: Changes to the filesystem while find is running - comments?, Paul Szabo, 15:48
MDKSA-2004:137 - Updated libxpm4 packages fix libXpm vulnerabilities, Mandrake Linux Security Team, 14:47
Hardware support for XP SP2 DEP not enabled by default ?, Nicolas RUFF, 14:07
[Full-Disclosure] [ GLSA 200411-31 ] ProZilla: Multiple vulnerabilities, Thierry Carrez, 13:46
[Full-Disclosure] IPFront - Release, Hernan Racciatti, 11:35
[Full-Disclosure] [ GLSA 200411-30 ] pdftohtml: Vulnerabilities in included Xpdf, Thierry Carrez, 06:44
Re: Changes to the filesystem while find is running - comments?, Martin Buchholz, 03:12
[SIG^2 G-TEC] Prevx Home v1.0 Instrusion Prevention Features Can Be Disabled by Direct Service Table Restoration, chewkeong, 02:42
Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida, J.A. Terranson, 00:41

November 22, 2004

iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrary Package Access Vulnerability, customer service mailbox, 23:51
[Full-Disclosure] Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities, Stefan Esser, 23:30
PHPKIT SQL Injection, XSS, Steve, 23:10
RE: [Full-Disclosure] University Researchers Challenge Bush Win In Florida, Cupps, James, 20:39
Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida, bkfsec, 20:09
Router ZyXEL Prestige 650 HW http remote admin., Josi, 20:09
Re: [Full-Disclosure] University Researchers Challenge Bush Win InFlorida, Paul Schmehl, 19:48
Re: Changes to the filesystem while find is running - comments?, Dmitry V. Levin, 19:28
Re: [Full-Disclosure] University Researchers Challenge Bush Win InFlorida, Valdis . Kletnieks, 19:18
GFHost PHP GMail remote command execution exploit that achieves webserver id privileges, Jerome ATHIAS, 17:47
Changes to the filesystem while find is running - comments?, James Youngman, 17:37
Broadcast client crash in Halo 1.05, Luigi Auriemma, 15:26
TSLSA-2004-0061 - multi, Trustix Security Advisor, 14:25
[Full-Disclosure] WeOnlyDo! COM Ftp DELUXE ActiveX Control Buffer Overflow Vulnerability, Komrade, 12:24
[Full-Disclosure] CoffeeCup FTP Clients Buffer Overflow Vulnerability, Komrade, 12:14

November 21, 2004

Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida, vord, 18:15
Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida, Stef, 11:56
Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida, Paul Schmehl, 02:49
Re: [Full-Disclosure] University Researchers Challenge Bush Win InFlorida, Paul Schmehl, 00:07

November 20, 2004

[ECL] WCI TC-IDE embedded linux vulnerabilities, ECL team, 19:32
Re: SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit, Jerome ATHIAS, 19:12
IpbProArace 2.5.x SQL injection., axl daivy, 19:02
Re: SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit, security curmudgeon, 16:20
Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida, Daniel Veditz, 09:17
[Full-Disclosure] phpBB 2.0.10 execute command by pokleyzz <pokleyzz at scan-associates.net>, pigrelax, 06:56
TWiki exploit (search.pm / CAN-2004-1037), Roman Medina-Heigl Hernandez, 03:54
[ GLSA 200411-29 ] unarj: Long filenames buffer overflow and a path traversal vulnerability, Thierry Carrez, 02:54
Re: [Full-Disclosure] Re: Airport x-ray software creating images of phantom weapons?, Adam Jacob Muller, 01:44
Re: [Full-Disclosure] University Researchers Challenge Bush Win InFlorida, Bart . Lansing, 01:44
[Full-Disclosure] [ GLSA 200411-27 ] Fcron: Multiple vulnerabilities, lewk, 01:33
Microsoft Internet Explorer 6 SP2 Vulnerabilities / Full disclosure Vs. Security by Obscurity..., K-OTiK Security, 01:03

November 19, 2004

[ GLSA 200411-28 ] X.Org, XFree86: libXpm vulnerabilities, Thierry Carrez, 23:22
Re: [Full-Disclosure] Re: Airport x-ray software creating images of phantom weapons?, Valdis . Kletnieks, 20:21
Corsaire Security Advisory - Netopia Timbuktu remote buffer overflow issue, advisories, 19:41
[Full-Disclosure] Addendum, recent Linux <= 2.4.27 vulnerabilities, Paul Starzetz, 18:20
FreeBSD Security Advisory FreeBSD-SA-04:16.fetch, security-advisories, 18:00
Corsaire Security Advisory - Danware NetOp Host multiple information disclosure issues, advisories, 16:49
[Full-Disclosure] Java Vulnerabilities in Opera 7.54, Marc Schoenefeld, 16:39
SecurityForest - Public Release #1, loni, 16:39
Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida, Paul Schmehl, 16:29
MDKSA-2004:136 - Updated samba packages fix remote vulnerability, Mandrake Linux Security Team, 16:29
Privilege escalation flaw in AClient Service for Windows (Version 5.6.181)., Reed Arvin, 16:08
EXEC exploit in phpBB - new release, Paul S. Owen, 15:48
Zone Labs Security Advisory: Ad-Blocking Instability, Zone Labs Product Security, 15:38
Zone Labs Ad-Blocking Instability, Nicolas Robillard, 15:17
SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit, Jérôme ATHIAS, 15:07
[Full-Disclosure] Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch., broeker, 15:07
Privilege escalation in Mailtraq Version 2.6.1.1677., Reed Arvin, 14:57
Inofficial updates to 758884/NISCC/DNS, Roy Arends, 10:45
[CLA-2004:892] Conectiva Security Announcement - MySQL, Conectiva Updates, 07:44
Apache 2.0.52 DoS Exploit v2, Daniel Guido, 07:13
A Brief Analysis of Bofra/MyDoom.AG/AH, Bryan Burns, 05:23
[CLA-2004:890] Conectiva Security Announcement - libxml2, Conectiva Updates, 02:41
RE: EXEC exploit in phpBB - fix, Ron Brinker, 01:20

November 18, 2004

[Full-Disclosure] [USN-30-1] Linux kernel vulnerabilities, Martin Pitt, 23:19
[Full-Disclosure] University Researchers Challenge Bush Win In Florida, Jason Coombs, 21:58
Re: Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.), Robert Hetzler, 20:58
[Full-Disclosure] [ GLSA 200411-27 ] Fcron: Multiple vulnerabilities, Luke Macken, 19:57
Buffer overlow in DMS POP3 Server for Windows 2000/XP 1.5.3 build 37 and prior versions., Reed Arvin, 19:47
[MaxPatrol] SQL-injection in Invision Power Board 2.x, Alexander Anisimov, 19:17
Re: Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.), Rafael San Miguel Carrasco, 17:46
EXEC exploit in phpBB - fix, Paul S. Owen, 14:35
FreeBSD Security Advisory FreeBSD-SA-04:16.fetch, FreeBSD Security Advisories, 14:15
AppServ 2.5.x and Prior Exploit, saudi linux, 13:54
[Full-Disclosure] Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch., rexolab, 12:44
[Full-Disclosure] [USN-29-1] samba vulnerability, Martin Pitt, 12:34
[Full-Disclosure] Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch., Hans-Bernhard Broeker, 10:13
[Full-Disclosure] Re: Airport x-ray software creating images of phantom weapons?, Joel Merrick, 08:32
Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.), Jerome ATHIAS, 05:01
RE: New URL spoofing bug in Microsoft Internet Explorer, Michael Silk, 03:20
SUSE Security Announcement: xshared, XFree86-libs, xorg-x11-libs (SUSE-SA:2004:041), Thomas Biege, 02:20

November 17, 2004

MDKSA-2004:133 - Updated sudo packages fix vulnerability, Mandrake Linux Security Team, 22:38
Re: [Full-Disclosure] Airport x-ray software creating images of phantom weapons?, Valdis . Kletnieks, 22:28
[ GLSA 200411-26 ] GIMPS, SETI@home, ChessBrain: Insecure installation, Sune Kloppenborg Jeppesen, 21:48
RE: [Full-Disclosure] RE: Airport x-ray software creating images of phantom weapons?, Esler, Joel - Contractor, 21:17
MDKSA-2004:134 - Updated apache packages fix buffer overflow in mod_include, Mandrake Linux Security Team, 20:17
[Full-Disclosure] RE: Airport x-ray software creating images of phantom weapons?, David D.W. Downey, 19:06
[Full-Disclosure] [USN-28-1] sudo vulnerability, Martin Pitt, 18:56
RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch., rexolab, 18:56
MDKSA-2004:132 - Updated gd packages fix integer overflows, Mandrake Linux Security Team, 18:26
Re: New URL spoofing bug in Microsoft Internet Explorer, GuidoZ, 18:06
Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities, Stefan Esser, 17:15
[USN-27-1] libxpm4 vulnerability, Martin Pitt, 16:55
MDKSA-2004:135 - Updated apache2 packages fix request DoS, Mandrake Linux Security Team, 16:55
[Full-Disclosure] Click and Build eCommerce Platform Cross Site Scripting, Andrew Smith, 14:34
[Full-Disclosure] [USN-26-1] bogofilter vulnerability, Martin Pitt, 13:13
[Full-Disclosure] Re: Airport x-ray software creating images of phantom weapons?, James Davis, 13:03
[Full-Disclosure] [ GLSA 200411-25 ] SquirrelMail: Encoded text XSS vulnerability, Sune Kloppenborg Jeppesen, 06:51
[ GLSA 200411-23 ] Ruby: Denial of Service issue, Thierry Carrez, 05:00
[Full-Disclosure] Re: Skype callto:// BoF technical details, Fabian Becker, 00:07
Re: New URL spoofing bug in Microsoft Internet Explorer, q q, 00:07

November 16, 2004

TSLSA-2004-0058 - multi, Trustix Security Advisor, 21:26
[waraxe-2004-SA#038 - Multiple vulnerabilities in Event Calendar module for PhpNuke], Janek Vind, 20:15
[Full-Disclosure] Re: Skype callto:// BoF technical details, Berend-Jan Wever, 20:05
Flaws in SP2 security features, part II, Juergen Schmidt, 20:05
Re: [Full-Disclosure] Airport x-ray software creating images of phantom weapons?, David Maxwell, 19:55
Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution, Florian Weimer, 18:14
[SECURITY] [DSA 593-1] New imagemagick packages fix arbitrary code execution, Martin Schulze, 18:04
[Full-Disclosure] [ GLSA 200411-24 ] BNC: Buffer overflow vulnerability, Sune Kloppenborg Jeppesen, 14:32
[Full-Disclosure] Skype callto:// BoF technical details, Berend-Jan Wever, 14:01
[Full-Disclosure] Airport x-ray software creating images of phantom weapons?, Jason Coombs, 12:20
Google Desktop Search ignores Preferences, Elliott Bäck, 05:47

November 15, 2004

Re: [Full-Disclosure] MSIE src&name property disclosure, Dave Aitel, 23:55
[Full-Disclosure] The true story of TWiki vuln (exploit included), Roman Medina-Heigl Hernandez, 21:13
[Full-Disclosure] Re: Format string bug in Army Men RTS, Manowar, 21:13
SUSE Security Announcement: samba (SUSE-SA:2004:040), Marcus Meissner, 20:43
RE: [Full-Disclosure] MSIE src&name property disclosure, joe, 20:02
[USN-25-1] libgd2 vulnerability, Martin Pitt, 20:02
[Full-Disclosure] Re: Eudora 6.2 attachment spoof, Steve Dorner, 20:02
iDEFENSE Security Advisory 11.15.04: Multiple Security Vulnerabilities in Fcron, customer service mailbox, 20:02
[SAMBA] CAN-2004-0882: Possiebl Buffer Overrun in smbd, Gerald (Jerry) Carter, 20:02
RE: [Full-Disclosure] MSIE src&name property disclosure, joe, 17:37
[SNS Advisory No.79] A Possibility of Cookie Overwrite in Microsoft Internet Explorer, Jirtme, 16:57
Advisory 13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow, Stefan Esser, 16:57
XSS in TheFaceBook round 2, Alex Lanstein, 16:06
Re: 04WebServer Three Vulnerabilities, chewkeong, 15:56
Multiple vulnerabilities in Hired Team: Trial (Shine engine), Luigi Auriemma, 15:36

November 14, 2004

[Full-Disclosure] Advisory 13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow, Stefan Esser, 21:19
[Full-Disclosure] Format string bug in Army Men RTS, Luigi Auriemma, 19:37

November 13, 2004

[Full-Disclosure] Re: Crash in Secure Network Messenger 1.4.2, r`Futile, 20:37
Re: Security flaw in ALCATEL/THOMSON Speed Touch Pro ADSL modems, Gregory Duchemin, 19:16
Re: Security flaw in ALCATEL/THOMSON Speed Touch Pro ADSL modems, 3APA3A, 17:35
Multiple XSS holes in TheFaceBook, Alex Lanstein, 17:25
SQL Injection in phpBT (bug.php) add project, jessica soules, 16:35
SQL Injection in phpBT (bug.php - Add), J�r�me, 16:25
IPSwitch-IMail-8.13 Stack Overflow in the DELETE Command, J�r�me, 16:15
Eudora 6.2 attachment spoof, Paul Szabo, 15:44
Re: [Full-Disclosure] RE: Contact in HP related to OpenView / Coda, kf_lists, 12:33

November 12, 2004

[Full-Disclosure] TWiki search function allows arbitrary shell command execution, Hans Ulrich Niedermann, 21:37
Re: [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Paul Schmehl, 20:46
Fw: Will you lot PISS OFF? (Re: [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked), Matt . Carpenter, 19:56
[Full-Disclosure] RE: Contact in HP related to OpenView / Coda, Arndt . WA, 19:46
Re: [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Valdis . Kletnieks, 18:25
phpBB Code EXEC (v2.0.10), jessica soules, 18:25
SQL Injection in phpBT (bug.php), jessica soules, 18:05
Crash in Secure Network Messenger 1.4.2, Luigi Auriemma, 17:45
Sudo version 1.6.8p2 now available (fwd), je, 17:04
Re: Unsecure Ftpd on HP PSC 2510 Printer, Lawrence MacIntyre, 16:44
Re: Unsecure Ftpd on HP PSC 2510 Printer, KF_lists, 16:24
Re: Unsecure Ftpd on HP PSC 2510 Printer, Lawrence MacIntyre, 16:14
Re: Unsecure Ftpd on HP PSC 2510 Printer, KF_lists, 16:04
Vulnerability not with vBulletin, Kier Darby, 15:44
Security flaw in ALCATEL/THOMSON Speed Touch Pro ADSL modems, Gregory Duchemin, 15:03
Unofficial Internet Explorer FRAME/IFRAME fix, Thomas Rogg, 14:43
[Full-Disclosure] Re: Linux ELF loader vulnerabilities, Jirka Kosina, 10:31
Re: Unsecure Ftpd on HP PSC 2510 Printer, Lawrence MacIntyre, 06:40
Re: Evidence Mounts that the Vote Was Hacked, Jake Appelbaum, 04:19
Re: [Full-Disclosure] RE: Evidence Mounts that the Vote Was Hacked, Adam Jacob Muller, 02:08
[Full-Disclosure] [USN-23-1] apache2 vulnerability, Martin Pitt, 01:57
[CLA-2004:889] Conectiva Security Announcement - sasl2, Conectiva Updates, 01:17
[Full-Disclosure] [USN-24-1] openssl script vulnerability, Martin Pitt, 01:07
Re: [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Matt . Carpenter, 00:47

November 11, 2004

RE: Evidence Mounts that the Vote Was Hacked, David Hayden, 23:16
RE: [Full-Disclosure] RE: Evidence Mounts that the Vote Was Hacked, Larry Seltzer, 22:56
security hole (http response splitting) in phpwebsite, Maestro De-Seguridad, 22:16
Re: [Full-Disclosure] RE: Evidence Mounts that the Vote Was Hacked, Adam Jacob Muller, 21:36
[waraxe-2004-SA#037 - Sql injection bug in Phorum 5.0.12 and older versions], Janek Vind, 20:15
[ GLSA 200411-22 ] Davfs2, lvm-user: Insecure tempfile handling, Sune Kloppenborg Jeppesen, 19:45
[Full-Disclosure] [ GLSA 200411-21 ] Samba: Remote Denial of Service, Matthias Geerdsen, 19:35
Re: New URL spoofing bug in Microsoft Internet Explorer, http-equiv@excite.com , 19:25
[Full-Disclosure] Re: Linux ELF loader vulnerabilities, Pavel Kankovsky, 18:55
Zone Labs IMsecure Active Link Filter Bypass, Kurczaba Associates advisories, 18:34
[Full-Disclosure] Contact in HP related to OpenView / Coda, Noam Rathaus, 17:54
Re: [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Valdis . Kletnieks, 17:44
SQL injection in vBulletin forums (last10.php), Dr. Death, 14:12
[Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Matt . Carpenter, 13:32
[Full-Disclosure] [ GLSA 200411-20 ] ez-ipupdate: Format string vulnerability, Sune Kloppenborg Jeppesen, 13:32
[Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Matthew Farrenkopf, 13:32
Re: [Full-Disclosure] RE: Norton AntiVirus Script Blocking Exploit -- Symantec's response, Jeff Donahue, 11:01
[Full-Disclosure] RE: Norton AntiVirus Script Blocking Exploit -- Symantec's response, Daniel Milisic, 09:30
Re: [Full-Disclosure] Re: Linux ELF loader vulnerabilities, Jirka Kosina, 09:20
Re: Evidence Mounts that the Vote Was Hacked, Peter Conrad, 05:19
Re: Evidence Mounts that the Vote Was Hacked, Atom 'Smasher', 04:28
Re: Evidence Mounts that the Vote Was Hacked, Rick Crelia, 03:28
[Full-Disclosure] Re: Linux ELF loader vulnerabilities, Ted Percival, 02:48
[Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Keith Oxenrider, 02:38
Hotfoon Ver 4.0 Highv Risk, saudi linux, 01:17
RE: [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Larry Seltzer, 01:07

November 10, 2004

[SquirrelMail Security Advisory] Cross Site Scripting in encoded text, Jonathan Angliss, 23:36
RE: [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Carlos Kramer, 23:36
[Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Jay D. Dyson, 23:36
[Full-Disclosure] Re: Security Contact Info for IPSWITCH, Sullo, 23:26
[Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Jay D. Dyson, 23:06
[Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Michael Poole, 22:26
[Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Keith Oxenrider, 22:26
[Full-Disclosure] RE: Evidence Mounts that the Vote Was Hacked, Gary Halleen \(ghalleen\), 22:16
[Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Kluge, 22:16
[Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Tom Le, 22:16
Re: Evidence Mounts that the Vote Was Hacked, bkfsec, 21:35
[Full-Disclosure] [ GLSA 200411-19 ] Pavuk: Multiple buffer overflows, Luke Macken, 20:45
04WebServer Three Vulnerabilities, J�r�me, 20:35
Re: Nortel Networks Contivity VPN Client information leakage vulnerability, Quincy Jackson, 19:55
Unsecure Ftpd on HP PSC 2510 Printer, Justin Rush, 19:35
Re: Evidence Mounts that the Vote Was Hacked, Jay D. Dyson, 18:44
Re: BoF in Windows 2000: ddeshare.exe, J. S. Connell, 18:24
BNC 2.8.9 remote buffer overflow, LSS Security, 17:24
Multiple Vulnerabilities in WebCalendar, Joxean Koret, 16:53
[Full-Disclosure] [ GLSA 200411-18 ] Apache 2.0: Denial of Service by memory consumption, Matthias Geerdsen, 15:03
[Full-Disclosure] Security Contact Info for IPSWITCH, Tom, 11:41
[Full-Disclosure] Nortel Networks Contivity VPN Client information leakage vulnerability, Network Intelligence (I) Pvt. Ltd., 11:31
[Full-Disclosure] Linux ELF loader vulnerabilities, Paul Starzetz, 09:40
[Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Jei, 04:48
Re: BoF in Windows 2000: ddeshare.exe, Valdis . Kletnieks, 02:37
Re: Evidence Mounts that the Vote Was Hacked, Jay D. Dyson, 02:27

November 09, 2004

EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service, Marc Maiffret, 23:36
[Full-Disclosure] [USN-21-1] libgd vulnerabilities, Martin Pitt, 23:16
[Full-Disclosure] [USN-22-1] samba vulnerability, Martin Pitt, 23:06
Vulnerabilities in JAF CMS, [ echo|staff ]@securityfocus.com@www.securityfocus.com, 21:55
Re: Update: Web browsers - a mini-farce (MSIE gives in), Heikki Kortti, 17:43
[Full-Disclosure] [ GLSA 200411-17 ] mtink: Insecure tempfile handling, Sune Kloppenborg Jeppesen, 17:43
[Full-Disclosure] [ GLSA 200411-16 ] zip: Path name buffer overflow, Sune Kloppenborg Jeppesen, 17:33
BoF in Windows 2000: ddeshare.exe, Jack C, 16:53
[Full-Disclosure] New MaxPatrol Demo Available, pigrelax, 15:12
Re: New URL spoofing bug in Microsoft Internet Explorer, roozbeh afrasiabi, 15:02
[Full-Disclosure] Re: BoF in Windows 2000: ddeshare.exe, Berend-Jan Wever, 14:12
Re: [HV-LOW] Symantec LiveUpdate issues may cause DoS, secure, 14:12
MDKSA-2004:128 - Updated ruby packages fix remote DoS vulnerability, Mandrake Linux Security Team, 09:30
Evidence Mounts that the Vote Was Hacked, Atom 'Smasher', 07:49
[CLA-2004:886] Conectiva Security Announcement - xpdf, Conectiva Updates, 06:18
[CLA-2004:888] Conectiva Security Announcement - libtiff3, Conectiva Updates, 05:38
Re: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)), Menashe Eliezer, 04:37

November 08, 2004

[Full-Disclosure] Security Contact for T-Mobile?, Jake Appelbaum, 23:55
Re: [Full-Disclosure] MSIE src&name property disclosure, Gadi Evron, 22:25
[Full-Disclosure] [USN-20-1] Ruby CGI module vulnerability, Martin Pitt, 22:04
up-imapproxy DoS vulnerabilities, Timo Sirainen, 20:54
Offline WPA-PSK auditing tool (coWPAtty), Joshua Wright, 20:14
Re: [Full-Disclosure] MSIE src&name property disclosure, Michal Zalewski, 19:23
Microsoft Internet Explorer permits to examine the existence of local files, Benjamin Tobias Franz, 17:43
DOS against Java JNDI/DNS, Kurt Huwig, 17:32
Re: [Full-Disclosure] MSIE src&name property disclosure, Paul Schmehl, 17:12
[SECURITY] CAN-2004-0930: Potential Remote Denial of Service Vulnerability in Samba 3.0.x <= 3.0.7, Gerald (Jerry) Carter, 15:22
[Full-Disclosure] TRUSTe.org Cross-Site-Scripting Phishing oppurtunities, Andrew Smith, 14:31
Re: [Full-Disclosure] MSIE src&name property disclosure, Dave Aitel, 13:01
Retina Vuln Scanner Problems., Robinson, Sonja, 12:10
Re: [Full-Disclosure] MSIE src&name property disclosure, Michal Zalewski, 11:40
[Full-Disclosure] MSIE src&name property disclosure, Berend-Jan Wever, 09:27
[Full-Disclosure] [ GLSA 200411-15 ] OpenSSL, Groff: Insecure tempfile handling, Thierry Carrez, 09:17

November 07, 2004

[Full-Disclosure] [ GLSA 200411-14 ] Kaffeine, gxine: Remotely exploitable buffer overflow, Luke Macken, 17:08
[Full-Disclosure] [ GLSA 200411-13 ] Portage, Gentoolkit: Temporary file vulnerabilities, Sune Kloppenborg Jeppesen, 16:47
[Full-Disclosure] [ GLSA 200411-12 ] zgv: Multiple buffer overflows, Luke Macken, 15:06

November 06, 2004

[USN-19-1] squid vulnerabilities, Martin Pitt, 19:07
[ GLSA 200411-11 ] ImageMagick: EXIF buffer overflow, Sune Kloppenborg Jeppesen, 16:14
Resources consumption in 602 Lan Suite 2004.0.04.0909, Luigi Auriemma, 16:14
[Full-Disclosure] [ GLSA 200411-10 ] Gallery: Cross-site scripting vulnerability, Luke Macken, 15:34
[Full-Disclosure] UPDATE: [ GLSA 200410-20 ] Xpdf, CUPS: Multiple integer overflows, Thierry Carrez, 11:21
[Full-Disclosure] UPDATE: [ GLSA 200410-30 ] GPdf, KPDF, KOffice: Vulnerabilities in included xpdf, Thierry Carrez, 11:21

November 05, 2004

Making distinctions between similar-looking vulnerabilities, Steven M. Christey, 23:15
RE: New Whitepaper - "Second-order Code Injection Attacks", Gunter Ollmann (NGS), 22:55
TSLSA-2004-0056 - apache, Trustix Security Advisor, 21:04
SSC Advisory TSA-053 (Ureach.com), Secure Science Corporation Advisory Notice, 19:13
Re: [Full-Disclosure] [HV-MED] Zip/Linux long path buffer overflow, Josh Bressers, 19:03
FW: Hacker Group back again, this time claiming to have source code to Cisco PIX firewall, Graham, Brian, 18:53
Multiple vulnerabilities in Icewarp Web Mail 5.2.8 : New face of old problems., ShineShadow, 18:33
Re: debian dhcpd, old format string bug, Martin Schulze, 17:43
RE: New Whitepaper - "Second-order Code Injection Attacks", Gunter Ollmann (NGS), 17:32
MDKSA-2004:127 - Updated libxml and libxml2 packages fix multiple vulnerabilities, Mandrake Linux Security Team, 17:12
MDKSA-2004:126 - Updated shadow-utils packages fix security bypass vulnerability, Mandrake Linux Security Team, 16:52
[Full-Disclosure] [USN-18-1] zip vulnerability, Martin Pitt, 16:42
MDKSA-2004:125 - Updated iptables packages fix vulnerability, Mandrake Linux Security Team, 16:12
[Full-Disclosure] In-game format string bug in the Lithtech engine, Luigi Auriemma, 15:01
Re: [Full-Disclosure] [HV-MED] Zip/Linux long path buffer overflow, Martin Pitt, 13:21
[Full-Disclosure] HTTP : Linux, Rusia, Cisco, Open Wall, etc, Richard Tan, 13:11
[Full-Disclosure] [FLSA-2004:2076] Updated foomatic package fixes security vulnerability, Marc Deslauriers, 11:20
Re: [Full-Disclosure] Cross-Site-Scripting Vulnerability in Microsoft.com, offtopic, 04:07

November 04, 2004

SSC Advisory TSA-052 (Callwave.com), Secure Science Corporation Advisory Notice, 23:05
[Full-Disclosure] [USN-17-1] passwd vulnerability, Martin Pitt, 22:55
[Full-Disclosure] [HV-LOW] Symantec LiveUpdate issues may cause DoS, vuln, 22:15
MDKSA-2004:124 - Updated xorg-x11 packages fix libXpm overflow vulnerabilities, Mandrake Linux Security Team, 21:45
Re: [ GLSA 200411-09 ] shadow: Unauthorized modification of account information, Solar Designer, 19:44
SSC Advisory TSA-052 (Callwave.com), Secure Science Corporation Advisory Notice, 19:24
[Full-Disclosure] [ GLSA 200411-09 ] shadow: Unauthorized modification of account information, Matthias Geerdsen, 18:23
[Full-Disclosure] Cross-Site-Scripting Vulnerability in Microsoft.com, Rafel Ivgi, The-Insider, 15:02
[CLA-2004:883] Conectiva Security Announcement - subversion, Conectiva Updates, 13:51
[CLA-2004:884] Conectiva Security Announcement - gaim, Conectiva Updates, 13:41
[CLA-2004:885] Conectiva Security Announcement - apache, Conectiva Updates, 13:21
Re: [Full-Disclosure] Norton AntiVirus 2004/2005 Scripting Vulnerability Pt.3 (Includes PoC VBScript Code), GuidoZ, 13:21
Re: [Full-Disclosure] Norton AntiVirus 2004/2005 Scripting Vulnerability Pt.3 (Includes PoC VBScript Code), 3APA3A, 11:50

November 03, 2004

[Full-Disclosure] Norton AntiVirus 2004/2005 Scripting Vulnerability Pt.3 (Includes PoC VBScript Code), Daniel Milisic, 23:05
[Full-Disclosure] [HV-MED] Zip/Linux long path buffer overflow, vuln, 21:44
[Full-Disclosure] [ GLSA 200411-08 ] GD: Integer overflow, Thierry Carrez, 20:14
[CLA-2004:882] Conectiva Security Announcement - squid, Conectiva Updates, 15:52
Re: New Whitepaper - "Second-order Code Injection Attacks", Nicolas Gregoire, 14:21
RE: Microsoft ISA Server Authentication Bypassing, Jim Harrison (ISA), 13:41
[Full-Disclosure] [ GLSA 200411-07 ] Proxytunnel: Format string vulnerability, Thierry Carrez, 12:20

November 02, 2004

RE: New Whitepaper - "Second-order Code Injection Attacks", Gunter Ollmann (NGS), 22:54
[Full-Disclosure] [USN-16-1] perl vulnerabilities, Martin Pitt, 22:24
[Hat-Squad] SQL injection and XSS Vulnerabilities in HELM, Hat-Squad Security Team, 21:54
URL spoofing bug (with iframes) in Microsoft Internet Explorer (11/02/2004), Benjamin Tobias Franz, 21:24
Microsoft ISA Server Authentication Bypassing, J�r�me, 20:33
Re: New Whitepaper - "Second-order Code Injection Attacks", Jeff Williams, 20:13
Re: debian dhcpd, old format string bug, Javier Fernandez-Sanguino, 19:02
[Full-Disclosure] ERRATA: [ GLSA 200411-01 ] ppp: No denial of service vulnerability, Luke Macken, 18:52
Rv: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)), Elia Florio, 18:22
MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) (fwd), Michal Zalewski, 17:52
zlib 1.2.2 released, Mark Adler, 17:32
Re: New Whitepaper - "Second-order Code Injection Attacks", Crispin Cowan, 17:22
MDKSA-2004:123 - Updated perl-MIME-tools packages fix vulnerability, Mandrake Linux Security Team, 17:01
[VulnWatch] Multiple Vulnerabilities in Web Forums Server, R00tCr4ck, 17:01
MDKSA-2004:122 - Updated mod_ssl packages fix information disclosure vulnerability, Mandrake Linux Security Team, 16:51
MDKSA-2004:121 - Updated netatalk packages fix temporary file vulnerability, Mandrake Linux Security Team, 16:31
[Full-Disclosure] [ GLSA 200411-06 ] MIME-tools: Virus detection evasion, Thierry Carrez, 16:21
MDKSA-2004:120 - Updated mpg123 packages fix vulnerability, Mandrake Linux Security Team, 16:21
MDKSA-2004:119 - Updated MySQL packages fix multiple vulnerabilities, Mandrake Linux Security Team, 16:11
MDKSA-2004:118 - Updated perl-Archive-Zip packages fix vulnerability, Mandrake Linux Security Team, 15:51
[Full-Disclosure] [ GLSA 200411-05 ] libxml2: Remotely exploitable buffer overflow, Thierry Carrez, 15:41
MDKSA-2004:117 - Updated gaim packages fix vulnerability, Mandrake Linux Security Team, 15:31
Re: Rv: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)), Mihai Novitchi, 15:11
zlib 1.2.2 released, Mark Adler, 15:00
Exploiting default exception handler to increase exploit stability on win32, tal zeltzer, 14:40
Medium Risk Vulnerability in WinRAR, NGSSoftware Insight Security Research, 14:00
Rv: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)), Elia Florio, 12:49
[Full-Disclosure] [ GLSA 200411-04 ] Speedtouch USB driver: Privilege escalation vulnerability, Luke Macken, 12:09
Re: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)), morning_wood, 11:59
[Full-Disclosure] [ GLSA 200411-03 ] Apache 1.3: Buffer overflow vulnerability in mod_include, Matthias Geerdsen, 11:28
Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?, Henning Brauer, 10:58
[CLA-2004:881] Conectiva Security Announcement - rsync, Conectiva Updates, 09:07
Internet Explorer HTML Help Control ActiveX Cross Domain/Zone Scripting Vulnerabilities, roozbeh afrasiabi, 05:25
Safari vulnerable to URL spoofing, Gilbert Verdian, 04:45
TSLSA-2004-0055 - multi, Trustix Security Advisor, 00:13

November 01, 2004

[Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)), Berend-Jan Wever, 23:43
[Full-Disclosure] Re: [ GLSA 200411-01 ] ppp: Remote denial of service vulnerability, Paul Mackerras, 23:03
[Full-Disclosure] [USN-15-1] lvm10 vulnerability, Martin Pitt, 22:32
[USN-10-1] XML library vulnerabilities, Martin Pitt, 21:22
Re: Critical Vulnerability in Altiris Deployment Server architecture, Brian Gallagher, 20:42
p h i s h i n g p h o r p h u n p h o r p h u q u e s a k e, http-equiv@excite.com , 19:51
[Full-Disclosure] [ GLSA 200411-02 ] Cherokee: Format string vulnerability, Sune Kloppenborg Jeppesen, 16:40
Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?, Anton R Ivanov, 16:09
[Full-Disclosure] [USN-13-1] groff utility vulnerability, Martin Pitt, 15:49
[Full-Disclosure] [USN-14-1] xpdf vulnerabilities, Martin Pitt, 15:39
[Full-Disclosure] [ GLSA 200411-01 ] ppp: Remote denial of service vulnerability, Luke Macken, 15:39
New Whitepaper - "Second-order Code Injection Attacks", Gunter Ollmann, 15:09
[Full-Disclosure] XDICT Buffer OverRun Vulnerability,funny :-), Sowhat ., 03:53