Vulnerability Development (thread)

Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038, Liu Die Yu, 2004/11/29
Multiple buffer overlows in WS_FTP Server Version 5.03, 2004.10.14., Reed Arvin, 2004/11/29
[Full-Disclosure] [USN-33-1] libgd vulnerabilities, Martin Pitt, 2004/11/29
[Full-Disclosure] [ GLSA 200411-38 ] Sun and Blackdown Java: Applet privilege escalation, Sune Kloppenborg Jeppesen, 2004/11/29
[Full-Disclosure] Buffer-overflow in Orbz 2.10, Luigi Auriemma, 2004/11/29
[OpenPKG-SA-2004.051] OpenPKG Security Advisory (imapd), OpenPKG, 2004/11/29
[Full-Disclosure] ncpfs buffer overflow, Karol Więsek, 2004/11/29
[Full-Disclosure] [ GLSA 200411-37 ] Open DC Hub: Remote code execution, Luke Macken, 2004/11/28
[Full-Disclosure] Players overflow in Serious engine UDP (was Alpha Black Zero, 29 Sep 2004), Luigi Auriemma, 2004/11/28
[Full-Disclosure] Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038, Liu Die Yu, 2004/11/28
[Full-Disclosure] Macromedia provided wrong "Solution" in mpsb02-08, Liu Die Yu, 2004/11/28
Microsoft Help ActiveX Control Related Topics Local Content Accessing Vulnerability, Paul, 2004/11/27
Setiri + Invisible browsers != browsers, Haroon Meer, 2004/11/27
[Full-Disclosure] [ GLSA 200411-36 ] phpMyAdmin: Multiple XSS vulnerabilities, Luke Macken, 2004/11/27
[CLA-2004:900] Conectiva Security Announcement - sun-jre, Conectiva Updates, 2004/11/27
Immunity, Inc Advisor, Nicolas Waisman, 2004/11/26
Phpbb id: 10701 update and Attachmodule add-on Directory Traversal, zee, 2004/11/26
[Full-Disclosure] [ GLSA 200411-35 ] phpWebSite: HTTP response splitting vulnerability, Matthias Geerdsen, 2004/11/26
Java version downgrading proof-of-concept, auto333584, 2004/11/26
PnTresMailer code browser 6.03 Vulnerabilities, John Cobb, 2004/11/26
FluxBox crash vulnerability, Quith, 2004/11/26
php 4.3.7 memory limit POC exploit, Gyan chawdhary, 2004/11/26
Re: Atari800 - local root. (fwd), Petr Stehlik, 2004/11/26
MDKSA-2004:141 - Updated zip packages fix vulnerability, Mandrake Linux Security Team, 2004/11/26
MDKSA-2004:140 - Updated a2ps packages fix vulnerability, Mandrake Linux Security Team, 2004/11/26
MDKSA-2004:139 - Updated cyrus-imapd packages fix multiple vulnerabilities, Mandrake Linux Security Team, 2004/11/26
php-4.3.7 Memory Limit Vuln POC, Gyan chawdhary, 2004/11/26
Re: MSIE flaws: nested array sort() loop Stack overflow exception, isno, 2004/11/26
[Full-Disclosure] phpCMS <= 1.2.1 Xss Vulnerability, Information disclosure, Cyrille Barthelemy, 2004/11/26
Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched], Brett Moore, 2004/11/26
- RE: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched], alex cottle, 2004/11/26
- Re: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched], K-OTiK Security, 2004/11/26
[CLA-2004:899] Conectiva Security Announcement - samba, Conectiva Updates, 2004/11/26
Atari800 - local root., Adam Zabrocki, 2004/11/25
Remote buffer overflow in MailEnable IMAP service [Hat-Squad Advisory], Jerome ATHIAS, 2004/11/25
EZshopper is still vulnerable against Directory Traversal., Zero_X www.lobnan.de Team, 2004/11/25
Re: Liferay Cross Site Scripting Flaw, michael young, 2004/11/25
[Full-Disclosure] More Browser on Macosx flaws: nested array sort() loop Stack overflow exception, Marco Mella, 2004/11/25
[USN-32-1] mysql vulnerabilities, Martin Pitt, 2004/11/25
XSS in Brazilian Insite products, Carlos Ulver, 2004/11/25
STG Security Advisory: [SSA-20041122-12] Zwiki XSS vulnerability, advisory, 2004/11/25
- Re: STG Security Advisory: [SSA-20041122-12] Zwiki XSS vulnerability, Chris Withers, 2004/11/26
Re: [SIG^2 G-TEC] Prevx Home v1.0 Instrusion Prevention Features Can Be Disabled by Direct Service Table Restoration, Ralph Harvey, 2004/11/25
RE: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Sta ck overflow exception, Randal, Phil, 2004/11/25
- [Full-Disclosure] More Browser on Macosx flaws: nested array sort() loop Stack overflow exception, Marco Mella, 2004/11/25
[Full-Disclosure] [ GLSA 200411-34 ] Cyrus IMAP Server: Multiple remote vulnerabilities, Thierry Carrez, 2004/11/25
[Full-Disclosure] MSIE flaws: nested array sort() loop Stack overflow exception, Berend-Jan Wever, 2004/11/25
- [Full-Disclosure] Re: MSIE flaws: nested array sort() loop Stack overflow exception, Gadi Evron, 2004/11/26
[SIG^2 G-TEC] CMailServer WebMail v5.2 Multiple Vulnerabilities, chewkeong, 2004/11/25
[Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception, Berend-Jan Wever, 2004/11/25
- [Full-Disclosure] More Browser flaws on MACOSX: nested array sort() loop Stack overflow exception, Marco Mella, 2004/11/25
- [Full-Disclosure] Re: FIREFOX flaws: nested array sort() loop Stack overflow exception, Gadi Evron, 2004/11/25
- [Full-Disclosure] Re: FIREFOX flaws: nested array sort() loop Stack overflow exception, Gadi Evron, 2004/11/25
  - [Full-Disclosure] To anybody who's offended by my disclosure policy, Berend-Jan Wever, 2004/11/25
    - [Full-Disclosure] Re: To anybody who's offended by my disclosure policy, Gadi Evron, 2004/11/25
    - Re: [Full-Disclosure] To anybody who's offended by my disclosure policy, kf_lists, 2004/11/26
    - Re: [Full-Disclosure] To anybody who's offended by my disclosure policy, Gadi Evron, 2004/11/27
    - Re: [Full-Disclosure] To anybody who's offended by my disclosure policy, JxT, 2004/11/27
    - Re: [Full-Disclosure] To anybody who's offended by my disclosure policy, Gadi Evron, 2004/11/27
  - Re: [Full-Disclosure] Re: FIREFOX flaws: nested array sort() loop Stack overflow exception, Dragos Ruiu, 2004/11/25
    - [Full-Disclosure] MSIE & FIREFOX flaws: "detailed" advisory and comments that you probably don't want to read anyway, Berend-Jan Wever, 2004/11/26
- [Full-Disclosure] Re: FIREFOX flaws: nested array sort() loop Stack overflow exception, James Tait, 2004/11/25
- Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception, Heikki Toivonen, 2004/11/25
  - Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception, Jose Nazario, 2004/11/26
    - Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception, Heikki Toivonen, 2004/11/27
    - Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception, exon, 2004/11/29
    - Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception, Esben Stien, 2004/11/29
- Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception, Juan Carlos Navea, 2004/11/25
STG Security Advisory: [SSA-20041122-11] JSPWiki XSS vulnerability, advisory, 2004/11/25
STG Security Advisory: [SSA-20041122-09] cscope insecure temp file creation vulnerability, advisory, 2004/11/24
STG Security Advisory: [SSA-20041122-10] KorWeblog directory traversal vulnerability, advisory, 2004/11/24
[SECURITY] [DSA 596-2] New sudo packages removes debug output, Martin Schulze, 2004/11/24
Limited buffer-overflow and arbitrary memory access in Star Wars Battlefront 1.11, Luigi Auriemma, 2004/11/24
[Full-Disclosure] Buffer Overflow in Open Dc Hub 0.7.14, Donato Ferrante, 2004/11/24
[CLA-2004:896] Conectiva Security Announcement - bugzilla, Conectiva Updates, 2004/11/24
SecureCRT - Remote Command Execution, Brett Moore, 2004/11/24
[Full-Disclosure] [ GLSA 200411-33 ] TWiki: Arbitrary command execution, Sune Kloppenborg Jeppesen, 2004/11/24
[Full-Disclosure] [ GLSA 200411-32 ] phpBB: Remote command execution, Sune Kloppenborg Jeppesen, 2004/11/24
MDKSA-2004:138 - Updated XFree86 packages fix libXpm vulnerabilities, Mandrake Linux Security Team, 2004/11/24
- MDKSA-2004:138 - Updated XFree86 packages fix libXpm vulnerabilities, Mandrake Linux Security Team, 2004/11/24
Incorrect reporting of the Bofra/The Register exploit, matt, 2004/11/24
- Re: Incorrect reporting of the Bofra/The Register exploit, Florian Laws, 2004/11/24
[Full-Disclosure] Jabberd2.x remote BuffJabberd2.x remote Buffer Overflowser Overflows, icbm, 2004/11/24
Windows Mobile Pocket PC Security, kers0r, 2004/11/24
[CLA-2004:894] Conectiva Security Announcement - shadow-utils, Conectiva Updates, 2004/11/23
Sun Java Plugin arbitrary package access vulnerability, Jouko Pynnonen, 2004/11/23
- Re: Sun Java Plugin arbitrary package access vulnerability, Ken S, 2004/11/23
- [Full-Disclosure] Re: Sun Java Plugin arbitrary package access vulnerability, Alla Bezroutchko, 2004/11/25
  - Re: [Full-Disclosure] Re: Sun Java Plugin arbitrary package access vulnerability, Exchange, 2004/11/25
  - [Full-Disclosure] Rumours about Opera, Marc Schoenefeld, 2004/11/25
- Re: Sun Java Plugin arbitrary package access vulnerability, Ken S, 2004/11/25
  - Re: Sun Java Plugin arbitrary package access vulnerability, Peter Greenwood, 2004/11/25
[Full-Disclosure] [USN-31-1] cyrus21-imapd vulnerabilities, Martin Pitt, 2004/11/23
[Full-Disclosure] Broadcast memory corruption in Soldier of Fortune II 1.03, Luigi Auriemma, 2004/11/23
[Full-Disclosure] Prozilla Remote Exploit, Serkan Akpolat, 2004/11/23
Fotolog.net cross-site scripting vulnerabilities [RLSA_05-2004], Jerome ATHIAS, 2004/11/23
RE: iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrar y Package Access Vulnerability, Sherlock, Nathan, 2004/11/23
- RE: iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrar y Package Access Vulnerability, Randal, Phil, 2004/11/23
echalk vuln, kevin anonymous, 2004/11/23
Winamp - Buffer Overflow In IN_CDDA.dll, Brett Moore, 2004/11/23
MDKSA-2004:137 - Updated libxpm4 packages fix libXpm vulnerabilities, Mandrake Linux Security Team, 2004/11/23
- MDKSA-2004:137 - Updated libxpm4 packages fix libXpm vulnerabilities, Mandrake Linux Security Team, 2004/11/23
Hardware support for XP SP2 DEP not enabled by default ?, Nicolas RUFF, 2004/11/23
[Full-Disclosure] [ GLSA 200411-31 ] ProZilla: Multiple vulnerabilities, Thierry Carrez, 2004/11/23
[Full-Disclosure] IPFront - Release, Hernan Racciatti, 2004/11/23
[Full-Disclosure] [ GLSA 200411-30 ] pdftohtml: Vulnerabilities in included Xpdf, Thierry Carrez, 2004/11/23
[SIG^2 G-TEC] Prevx Home v1.0 Instrusion Prevention Features Can Be Disabled by Direct Service Table Restoration, chewkeong, 2004/11/23
- Re: [SIG^2 G-TEC] Prevx Home v1.0 Instrusion Prevention Features Can Be Disabled by Direct Service Table Restoration, dullien, 2004/11/24
iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrary Package Access Vulnerability, customer service mailbox, 2004/11/22
[Full-Disclosure] Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities, Stefan Esser, 2004/11/22
PHPKIT SQL Injection, XSS, Steve, 2004/11/22
Router ZyXEL Prestige 650 HW http remote admin., Josi, 2004/11/22
- Re: Router ZyXEL Prestige 650 HW http remote admin., Hugo van der Kooij, 2004/11/24
  - Re: Router ZyXEL Prestige 650 HW http remote admin., Laurent Papier, 2004/11/25
- Re: Router ZyXEL Prestige 650 HW http remote admin., Steve Clement, 2004/11/25
GFHost PHP GMail remote command execution exploit that achieves webserver id privileges, Jerome ATHIAS, 2004/11/22
Changes to the filesystem while find is running - comments?, James Youngman, 2004/11/22
- Re: Changes to the filesystem while find is running - comments?, Martin Buchholz, 2004/11/23
  - Re: Changes to the filesystem while find is running - comments?, Dmitry V. Levin, 2004/11/22
  - Re: Changes to the filesystem while find is running - comments?, James Youngman, 2004/11/24
    - Re: Changes to the filesystem while find is running - comments?, Martin Buchholz, 2004/11/23
    - Re: Changes to the filesystem while find is running - comments?, James Youngman, 2004/11/23
    - Re: Changes to the filesystem while find is running - comments?, Martin Buchholz, 2004/11/23
    - Re: Changes to the filesystem while find is running - comments?, devnull, 2004/11/24
    - Re: Changes to the filesystem while find is running - comments?, Casper . Dik, 2004/11/25
    - Re: Changes to the filesystem while find is running - comments?, Martin Buchholz, 2004/11/24
    - Re: Changes to the filesystem while find is running - comments?, Casper . Dik, 2004/11/24
    - Re: Changes to the filesystem while find is running - comments?, James Youngman, 2004/11/25
- Re: Changes to the filesystem while find is running - comments?, Paul Szabo, 2004/11/23
  - Re: Changes to the filesystem while find is running - comments?, James Youngman, 2004/11/24
- Re: Changes to the filesystem while find is running - comments?, Paul Szabo, 2004/11/23
  - Re: Changes to the filesystem while find is running - comments?, Martin Buchholz, 2004/11/23
- Re: Changes to the filesystem while find is running - comments?, Paul Szabo, 2004/11/24
  - Re: Changes to the filesystem while find is running - comments?, James Youngman, 2004/11/23
Broadcast client crash in Halo 1.05, Luigi Auriemma, 2004/11/22
TSLSA-2004-0061 - multi, Trustix Security Advisor, 2004/11/22
[Full-Disclosure] WeOnlyDo! COM Ftp DELUXE ActiveX Control Buffer Overflow Vulnerability, Komrade, 2004/11/22
[Full-Disclosure] CoffeeCup FTP Clients Buffer Overflow Vulnerability, Komrade, 2004/11/22
[ECL] WCI TC-IDE embedded linux vulnerabilities, ECL team, 2004/11/20
IpbProArace 2.5.x SQL injection., axl daivy, 2004/11/20
[Full-Disclosure] phpBB 2.0.10 execute command by pokleyzz <pokleyzz at scan-associates.net>, pigrelax, 2004/11/20
TWiki exploit (search.pm / CAN-2004-1037), Roman Medina-Heigl Hernandez, 2004/11/20
[ GLSA 200411-29 ] unarj: Long filenames buffer overflow and a path traversal vulnerability, Thierry Carrez, 2004/11/20
Microsoft Internet Explorer 6 SP2 Vulnerabilities / Full disclosure Vs. Security by Obscurity..., K-OTiK Security, 2004/11/20
[ GLSA 200411-28 ] X.Org, XFree86: libXpm vulnerabilities, Thierry Carrez, 2004/11/19
Corsaire Security Advisory - Netopia Timbuktu remote buffer overflow issue, advisories, 2004/11/19
[Full-Disclosure] Addendum, recent Linux <= 2.4.27 vulnerabilities, Paul Starzetz, 2004/11/19
Corsaire Security Advisory - Danware NetOp Host multiple information disclosure issues, advisories, 2004/11/19
[Full-Disclosure] Java Vulnerabilities in Opera 7.54, Marc Schoenefeld, 2004/11/19
SecurityForest - Public Release #1, loni, 2004/11/19
MDKSA-2004:136 - Updated samba packages fix remote vulnerability, Mandrake Linux Security Team, 2004/11/19
Privilege escalation flaw in AClient Service for Windows (Version 5.6.181)., Reed Arvin, 2004/11/19
EXEC exploit in phpBB - new release, Paul S. Owen, 2004/11/19
Zone Labs Security Advisory: Ad-Blocking Instability, Zone Labs Product Security, 2004/11/19
Zone Labs Ad-Blocking Instability, Nicolas Robillard, 2004/11/19
SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit, Jérôme ATHIAS, 2004/11/19
- Re: SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit, security curmudgeon, 2004/11/20
- Re: SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit, Jerome ATHIAS, 2004/11/20
[Full-Disclosure] Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch., broeker, 2004/11/19
Privilege escalation in Mailtraq Version 2.6.1.1677., Reed Arvin, 2004/11/19
Inofficial updates to 758884/NISCC/DNS, Roy Arends, 2004/11/19
[CLA-2004:892] Conectiva Security Announcement - MySQL, Conectiva Updates, 2004/11/19
Apache 2.0.52 DoS Exploit v2, Daniel Guido, 2004/11/19
A Brief Analysis of Bofra/MyDoom.AG/AH, Bryan Burns, 2004/11/19
[CLA-2004:890] Conectiva Security Announcement - libxml2, Conectiva Updates, 2004/11/19
[Full-Disclosure] [USN-30-1] Linux kernel vulnerabilities, Martin Pitt, 2004/11/18
[Full-Disclosure] University Researchers Challenge Bush Win In Florida, Jason Coombs, 2004/11/18
- Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida, Paul Schmehl, 2004/11/19
  - Re: [Full-Disclosure] University Researchers Challenge Bush Win InFlorida, Bart . Lansing, 2004/11/20
    - Re: [Full-Disclosure] University Researchers Challenge Bush Win InFlorida, Paul Schmehl, 2004/11/21
    - Re: [Full-Disclosure] University Researchers Challenge Bush Win InFlorida, Valdis . Kletnieks, 2004/11/22
    - Re: [Full-Disclosure] University Researchers Challenge Bush Win InFlorida, Paul Schmehl, 2004/11/22
  - Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida, Daniel Veditz, 2004/11/20
    - Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida, Paul Schmehl, 2004/11/21
    - Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida, bkfsec, 2004/11/22
    - Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida, J.A. Terranson, 2004/11/23
    - Message not available
    - Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida, Stef, 2004/11/21
    - Re: [Full-Disclosure] University Researchers Challenge Bush Win In Florida, vord, 2004/11/21
- RE: [Full-Disclosure] University Researchers Challenge Bush Win In Florida, Cupps, James, 2004/11/22
[Full-Disclosure] [ GLSA 200411-27 ] Fcron: Multiple vulnerabilities, Luke Macken, 2004/11/18
- [Full-Disclosure] [ GLSA 200411-27 ] Fcron: Multiple vulnerabilities, lewk, 2004/11/20
Buffer overlow in DMS POP3 Server for Windows 2000/XP 1.5.3 build 37 and prior versions., Reed Arvin, 2004/11/18
[MaxPatrol] SQL-injection in Invision Power Board 2.x, Alexander Anisimov, 2004/11/18
EXEC exploit in phpBB - fix, Paul S. Owen, 2004/11/18
- RE: EXEC exploit in phpBB - fix, Ron Brinker, 2004/11/19
FreeBSD Security Advisory FreeBSD-SA-04:16.fetch, FreeBSD Security Advisories, 2004/11/18
- FreeBSD Security Advisory FreeBSD-SA-04:16.fetch, security-advisories, 2004/11/19
AppServ 2.5.x and Prior Exploit, saudi linux, 2004/11/18
[Full-Disclosure] [USN-29-1] samba vulnerability, Martin Pitt, 2004/11/18
Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.), Jerome ATHIAS, 2004/11/18
- Re: Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.), Rafael San Miguel Carrasco, 2004/11/18
- Re: Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.), Robert Hetzler, 2004/11/18
SUSE Security Announcement: xshared, XFree86-libs, xorg-x11-libs (SUSE-SA:2004:041), Thomas Biege, 2004/11/18
MDKSA-2004:133 - Updated sudo packages fix vulnerability, Mandrake Linux Security Team, 2004/11/17
[ GLSA 200411-26 ] GIMPS, SETI@home, ChessBrain: Insecure installation, Sune Kloppenborg Jeppesen, 2004/11/17
RE: [Full-Disclosure] RE: Airport x-ray software creating images of phantom weapons?, Esler, Joel - Contractor, 2004/11/17
MDKSA-2004:134 - Updated apache packages fix buffer overflow in mod_include, Mandrake Linux Security Team, 2004/11/17
[Full-Disclosure] [USN-28-1] sudo vulnerability, Martin Pitt, 2004/11/17
RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch., rexolab, 2004/11/17
- [Full-Disclosure] Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch., Hans-Bernhard Broeker, 2004/11/18
  - [Full-Disclosure] Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch., rexolab, 2004/11/18
MDKSA-2004:132 - Updated gd packages fix integer overflows, Mandrake Linux Security Team, 2004/11/17
Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities, Stefan Esser, 2004/11/17
[USN-27-1] libxpm4 vulnerability, Martin Pitt, 2004/11/17
MDKSA-2004:135 - Updated apache2 packages fix request DoS, Mandrake Linux Security Team, 2004/11/17
[Full-Disclosure] Click and Build eCommerce Platform Cross Site Scripting, Andrew Smith, 2004/11/17
[Full-Disclosure] [USN-26-1] bogofilter vulnerability, Martin Pitt, 2004/11/17
[Full-Disclosure] [ GLSA 200411-25 ] SquirrelMail: Encoded text XSS vulnerability, Sune Kloppenborg Jeppesen, 2004/11/17
[ GLSA 200411-23 ] Ruby: Denial of Service issue, Thierry Carrez, 2004/11/17
TSLSA-2004-0058 - multi, Trustix Security Advisor, 2004/11/16
[waraxe-2004-SA#038 - Multiple vulnerabilities in Event Calendar module for PhpNuke], Janek Vind, 2004/11/16
Flaws in SP2 security features, part II, Juergen Schmidt, 2004/11/16
[SECURITY] [DSA 593-1] New imagemagick packages fix arbitrary code execution, Martin Schulze, 2004/11/16
[Full-Disclosure] [ GLSA 200411-24 ] BNC: Buffer overflow vulnerability, Sune Kloppenborg Jeppesen, 2004/11/16
[Full-Disclosure] Skype callto:// BoF technical details, Berend-Jan Wever, 2004/11/16
- [Full-Disclosure] Re: Skype callto:// BoF technical details, Fabian Becker, 2004/11/17
  - [Full-Disclosure] Re: Skype callto:// BoF technical details, Berend-Jan Wever, 2004/11/16
[Full-Disclosure] Airport x-ray software creating images of phantom weapons?, Jason Coombs, 2004/11/16
- Re: [Full-Disclosure] Airport x-ray software creating images of phantom weapons?, David Maxwell, 2004/11/16
- [Full-Disclosure] Re: Airport x-ray software creating images of phantom weapons?, James Davis, 2004/11/17
- [Full-Disclosure] RE: Airport x-ray software creating images of phantom weapons?, David D.W. Downey, 2004/11/17
- Re: [Full-Disclosure] Airport x-ray software creating images of phantom weapons?, Valdis . Kletnieks, 2004/11/17
- [Full-Disclosure] Re: Airport x-ray software creating images of phantom weapons?, Joel Merrick, 2004/11/18
  - Re: [Full-Disclosure] Re: Airport x-ray software creating images of phantom weapons?, Valdis . Kletnieks, 2004/11/19
    - Re: [Full-Disclosure] Re: Airport x-ray software creating images of phantom weapons?, Adam Jacob Muller, 2004/11/20
Google Desktop Search ignores Preferences, Elliott Bäck, 2004/11/16
[Full-Disclosure] The true story of TWiki vuln (exploit included), Roman Medina-Heigl Hernandez, 2004/11/15
SUSE Security Announcement: samba (SUSE-SA:2004:040), Marcus Meissner, 2004/11/15
[USN-25-1] libgd2 vulnerability, Martin Pitt, 2004/11/15
iDEFENSE Security Advisory 11.15.04: Multiple Security Vulnerabilities in Fcron, customer service mailbox, 2004/11/15
[SAMBA] CAN-2004-0882: Possiebl Buffer Overrun in smbd, Gerald (Jerry) Carter, 2004/11/15
[SNS Advisory No.79] A Possibility of Cookie Overwrite in Microsoft Internet Explorer, Jirtme, 2004/11/15
Advisory 13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow, Stefan Esser, 2004/11/15
XSS in TheFaceBook round 2, Alex Lanstein, 2004/11/15
Multiple vulnerabilities in Hired Team: Trial (Shine engine), Luigi Auriemma, 2004/11/15
[Full-Disclosure] Advisory 13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow, Stefan Esser, 2004/11/14
[Full-Disclosure] Format string bug in Army Men RTS, Luigi Auriemma, 2004/11/14
- [Full-Disclosure] Re: Format string bug in Army Men RTS, Manowar, 2004/11/15
Multiple XSS holes in TheFaceBook, Alex Lanstein, 2004/11/13
SQL Injection in phpBT (bug.php) add project, jessica soules, 2004/11/13
SQL Injection in phpBT (bug.php - Add), J�r�me, 2004/11/13
IPSwitch-IMail-8.13 Stack Overflow in the DELETE Command, J�r�me, 2004/11/13
Eudora 6.2 attachment spoof, Paul Szabo, 2004/11/13
- [Full-Disclosure] Re: Eudora 6.2 attachment spoof, Steve Dorner, 2004/11/15
[Full-Disclosure] TWiki search function allows arbitrary shell command execution, Hans Ulrich Niedermann, 2004/11/12
- Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution, Florian Weimer, 2004/11/16
Fw: Will you lot PISS OFF? (Re: [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked), Matt . Carpenter, 2004/11/12
[Full-Disclosure] RE: Contact in HP related to OpenView / Coda, Arndt . WA, 2004/11/12
- Re: [Full-Disclosure] RE: Contact in HP related to OpenView / Coda, kf_lists, 2004/11/13
phpBB Code EXEC (v2.0.10), jessica soules, 2004/11/12
SQL Injection in phpBT (bug.php), jessica soules, 2004/11/12
Crash in Secure Network Messenger 1.4.2, Luigi Auriemma, 2004/11/12
- [Full-Disclosure] Re: Crash in Secure Network Messenger 1.4.2, r`Futile, 2004/11/13
Sudo version 1.6.8p2 now available (fwd), je, 2004/11/12
Vulnerability not with vBulletin, Kier Darby, 2004/11/12
Security flaw in ALCATEL/THOMSON Speed Touch Pro ADSL modems, Gregory Duchemin, 2004/11/12
- Re: Security flaw in ALCATEL/THOMSON Speed Touch Pro ADSL modems, 3APA3A, 2004/11/13
  - Re: Security flaw in ALCATEL/THOMSON Speed Touch Pro ADSL modems, Gregory Duchemin, 2004/11/13
Unofficial Internet Explorer FRAME/IFRAME fix, Thomas Rogg, 2004/11/12
[Full-Disclosure] [USN-23-1] apache2 vulnerability, Martin Pitt, 2004/11/12
[CLA-2004:889] Conectiva Security Announcement - sasl2, Conectiva Updates, 2004/11/12
[Full-Disclosure] [USN-24-1] openssl script vulnerability, Martin Pitt, 2004/11/12
security hole (http response splitting) in phpwebsite, Maestro De-Seguridad, 2004/11/11
[waraxe-2004-SA#037 - Sql injection bug in Phorum 5.0.12 and older versions], Janek Vind, 2004/11/11
[ GLSA 200411-22 ] Davfs2, lvm-user: Insecure tempfile handling, Sune Kloppenborg Jeppesen, 2004/11/11
[Full-Disclosure] [ GLSA 200411-21 ] Samba: Remote Denial of Service, Matthias Geerdsen, 2004/11/11
Zone Labs IMsecure Active Link Filter Bypass, Kurczaba Associates advisories, 2004/11/11
[Full-Disclosure] Contact in HP related to OpenView / Coda, Noam Rathaus, 2004/11/11
SQL injection in vBulletin forums (last10.php), Dr. Death, 2004/11/11
[Full-Disclosure] [ GLSA 200411-20 ] ez-ipupdate: Format string vulnerability, Sune Kloppenborg Jeppesen, 2004/11/11
[Full-Disclosure] RE: Norton AntiVirus Script Blocking Exploit -- Symantec's response, Daniel Milisic, 2004/11/11
- Re: [Full-Disclosure] RE: Norton AntiVirus Script Blocking Exploit -- Symantec's response, Jeff Donahue, 2004/11/11
Hotfoon Ver 4.0 Highv Risk, saudi linux, 2004/11/11
[SquirrelMail Security Advisory] Cross Site Scripting in encoded text, Jonathan Angliss, 2004/11/10
RE: [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Carlos Kramer, 2004/11/10
- RE: [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Larry Seltzer, 2004/11/11
- [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Matthew Farrenkopf, 2004/11/11
[Full-Disclosure] [ GLSA 200411-19 ] Pavuk: Multiple buffer overflows, Luke Macken, 2004/11/10
04WebServer Three Vulnerabilities, J�r�me, 2004/11/10
- Re: 04WebServer Three Vulnerabilities, chewkeong, 2004/11/15
Re: Nortel Networks Contivity VPN Client information leakage vulnerability, Quincy Jackson, 2004/11/10
Unsecure Ftpd on HP PSC 2510 Printer, Justin Rush, 2004/11/10
- Re: Unsecure Ftpd on HP PSC 2510 Printer, Lawrence MacIntyre, 2004/11/12
  - Re: Unsecure Ftpd on HP PSC 2510 Printer, KF_lists, 2004/11/12
    - Re: Unsecure Ftpd on HP PSC 2510 Printer, Lawrence MacIntyre, 2004/11/12
    - Re: Unsecure Ftpd on HP PSC 2510 Printer, KF_lists, 2004/11/12
    - Re: Unsecure Ftpd on HP PSC 2510 Printer, Lawrence MacIntyre, 2004/11/12
BNC 2.8.9 remote buffer overflow, LSS Security, 2004/11/10
Multiple Vulnerabilities in WebCalendar, Joxean Koret, 2004/11/10
[Full-Disclosure] [ GLSA 200411-18 ] Apache 2.0: Denial of Service by memory consumption, Matthias Geerdsen, 2004/11/10
[Full-Disclosure] Security Contact Info for IPSWITCH, Tom, 2004/11/10
- [Full-Disclosure] Re: Security Contact Info for IPSWITCH, Sullo, 2004/11/10
[Full-Disclosure] Nortel Networks Contivity VPN Client information leakage vulnerability, Network Intelligence (I) Pvt. Ltd., 2004/11/10
[Full-Disclosure] Linux ELF loader vulnerabilities, Paul Starzetz, 2004/11/10
- [Full-Disclosure] Re: Linux ELF loader vulnerabilities, Ted Percival, 2004/11/11
  - Re: [Full-Disclosure] Re: Linux ELF loader vulnerabilities, Jirka Kosina, 2004/11/11
- [Full-Disclosure] Re: Linux ELF loader vulnerabilities, Pavel Kankovsky, 2004/11/11
- [Full-Disclosure] Re: Linux ELF loader vulnerabilities, Jirka Kosina, 2004/11/12
EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service, Marc Maiffret, 2004/11/09
[Full-Disclosure] [USN-21-1] libgd vulnerabilities, Martin Pitt, 2004/11/09
[Full-Disclosure] [USN-22-1] samba vulnerability, Martin Pitt, 2004/11/09
Vulnerabilities in JAF CMS, [ echo|staff ]@securityfocus.com@www.securityfocus.com, 2004/11/09
Re: Update: Web browsers - a mini-farce (MSIE gives in), Heikki Kortti, 2004/11/09
[Full-Disclosure] [ GLSA 200411-17 ] mtink: Insecure tempfile handling, Sune Kloppenborg Jeppesen, 2004/11/09
[Full-Disclosure] [ GLSA 200411-16 ] zip: Path name buffer overflow, Sune Kloppenborg Jeppesen, 2004/11/09
BoF in Windows 2000: ddeshare.exe, Jack C, 2004/11/09
- [Full-Disclosure] Re: BoF in Windows 2000: ddeshare.exe, Berend-Jan Wever, 2004/11/09
- Re: BoF in Windows 2000: ddeshare.exe, Valdis . Kletnieks, 2004/11/10
  - Re: BoF in Windows 2000: ddeshare.exe, J. S. Connell, 2004/11/10
[Full-Disclosure] New MaxPatrol Demo Available, pigrelax, 2004/11/09
Re: New URL spoofing bug in Microsoft Internet Explorer, roozbeh afrasiabi, 2004/11/09
- Re: New URL spoofing bug in Microsoft Internet Explorer, q q, 2004/11/17
  - Re: New URL spoofing bug in Microsoft Internet Explorer, GuidoZ, 2004/11/17
- Re: New URL spoofing bug in Microsoft Internet Explorer, http-equiv@excite.com , 2004/11/11
- RE: New URL spoofing bug in Microsoft Internet Explorer, Michael Silk, 2004/11/18
Re: [HV-LOW] Symantec LiveUpdate issues may cause DoS, secure, 2004/11/09
MDKSA-2004:128 - Updated ruby packages fix remote DoS vulnerability, Mandrake Linux Security Team, 2004/11/09
Evidence Mounts that the Vote Was Hacked, Atom 'Smasher', 2004/11/09
- Re: Evidence Mounts that the Vote Was Hacked, Jay D. Dyson, 2004/11/10
  - [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Jei, 2004/11/10
    - [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Tom Le, 2004/11/10
    - [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Kluge, 2004/11/10
    - [Full-Disclosure] RE: Evidence Mounts that the Vote Was Hacked, Gary Halleen \(ghalleen\), 2004/11/10
    - Re: [Full-Disclosure] RE: Evidence Mounts that the Vote Was Hacked, Adam Jacob Muller, 2004/11/11
    - RE: [Full-Disclosure] RE: Evidence Mounts that the Vote Was Hacked, Larry Seltzer, 2004/11/11
    - Re: [Full-Disclosure] RE: Evidence Mounts that the Vote Was Hacked, Adam Jacob Muller, 2004/11/12
    - [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Keith Oxenrider, 2004/11/10
    - [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Jay D. Dyson, 2004/11/10
    - [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Keith Oxenrider, 2004/11/11
    - [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Michael Poole, 2004/11/10
    - [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Jay D. Dyson, 2004/11/10
    - [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Matt . Carpenter, 2004/11/11
    - Re: [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Valdis . Kletnieks, 2004/11/11
    - Re: [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Matt . Carpenter, 2004/11/12
    - Re: [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Paul Schmehl, 2004/11/12
    - Re: [Full-Disclosure] Re: Evidence Mounts that the Vote Was Hacked, Valdis . Kletnieks, 2004/11/12
  - Re: Evidence Mounts that the Vote Was Hacked, bkfsec, 2004/11/10
    - Re: Evidence Mounts that the Vote Was Hacked, Jake Appelbaum, 2004/11/12
  - Re: Evidence Mounts that the Vote Was Hacked, Rick Crelia, 2004/11/11
  - Re: Evidence Mounts that the Vote Was Hacked, Atom 'Smasher', 2004/11/11
  - Re: Evidence Mounts that the Vote Was Hacked, Peter Conrad, 2004/11/11
    - Re: Evidence Mounts that the Vote Was Hacked, Jay D. Dyson, 2004/11/10
- RE: Evidence Mounts that the Vote Was Hacked, David Hayden, 2004/11/11
[CLA-2004:886] Conectiva Security Announcement - xpdf, Conectiva Updates, 2004/11/09
[CLA-2004:888] Conectiva Security Announcement - libtiff3, Conectiva Updates, 2004/11/09
Re: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)), Menashe Eliezer, 2004/11/09
[Full-Disclosure] Security Contact for T-Mobile?, Jake Appelbaum, 2004/11/08
[Full-Disclosure] [USN-20-1] Ruby CGI module vulnerability, Martin Pitt, 2004/11/08
up-imapproxy DoS vulnerabilities, Timo Sirainen, 2004/11/08
Offline WPA-PSK auditing tool (coWPAtty), Joshua Wright, 2004/11/08
Microsoft Internet Explorer permits to examine the existence of local files, Benjamin Tobias Franz, 2004/11/08
DOS against Java JNDI/DNS, Kurt Huwig, 2004/11/08
[SECURITY] CAN-2004-0930: Potential Remote Denial of Service Vulnerability in Samba 3.0.x <= 3.0.7, Gerald (Jerry) Carter, 2004/11/08
[Full-Disclosure] TRUSTe.org Cross-Site-Scripting Phishing oppurtunities, Andrew Smith, 2004/11/08
Retina Vuln Scanner Problems., Robinson, Sonja, 2004/11/08
[Full-Disclosure] MSIE src&name property disclosure, Berend-Jan Wever, 2004/11/08
- Re: [Full-Disclosure] MSIE src&name property disclosure, Michal Zalewski, 2004/11/08
  - Re: [Full-Disclosure] MSIE src&name property disclosure, Dave Aitel, 2004/11/08
    - Re: [Full-Disclosure] MSIE src&name property disclosure, Gadi Evron, 2004/11/08
    - RE: [Full-Disclosure] MSIE src&name property disclosure, joe, 2004/11/15
    - Re: [Full-Disclosure] MSIE src&name property disclosure, Dave Aitel, 2004/11/15
    - RE: [Full-Disclosure] MSIE src&name property disclosure, joe, 2004/11/15
  - Re: [Full-Disclosure] MSIE src&name property disclosure, Paul Schmehl, 2004/11/08
    - Re: [Full-Disclosure] MSIE src&name property disclosure, Michal Zalewski, 2004/11/08
[Full-Disclosure] [ GLSA 200411-15 ] OpenSSL, Groff: Insecure tempfile handling, Thierry Carrez, 2004/11/08
[Full-Disclosure] [ GLSA 200411-14 ] Kaffeine, gxine: Remotely exploitable buffer overflow, Luke Macken, 2004/11/07
[Full-Disclosure] [ GLSA 200411-13 ] Portage, Gentoolkit: Temporary file vulnerabilities, Sune Kloppenborg Jeppesen, 2004/11/07
[Full-Disclosure] [ GLSA 200411-12 ] zgv: Multiple buffer overflows, Luke Macken, 2004/11/07
[USN-19-1] squid vulnerabilities, Martin Pitt, 2004/11/06
[ GLSA 200411-11 ] ImageMagick: EXIF buffer overflow, Sune Kloppenborg Jeppesen, 2004/11/06
Resources consumption in 602 Lan Suite 2004.0.04.0909, Luigi Auriemma, 2004/11/06
[Full-Disclosure] [ GLSA 200411-10 ] Gallery: Cross-site scripting vulnerability, Luke Macken, 2004/11/06
[Full-Disclosure] UPDATE: [ GLSA 200410-20 ] Xpdf, CUPS: Multiple integer overflows, Thierry Carrez, 2004/11/06
[Full-Disclosure] UPDATE: [ GLSA 200410-30 ] GPdf, KPDF, KOffice: Vulnerabilities in included xpdf, Thierry Carrez, 2004/11/06
Making distinctions between similar-looking vulnerabilities, Steven M. Christey, 2004/11/05
TSLSA-2004-0056 - apache, Trustix Security Advisor, 2004/11/05
SSC Advisory TSA-053 (Ureach.com), Secure Science Corporation Advisory Notice, 2004/11/05
FW: Hacker Group back again, this time claiming to have source code to Cisco PIX firewall, Graham, Brian, 2004/11/05
Multiple vulnerabilities in Icewarp Web Mail 5.2.8 : New face of old problems., ShineShadow, 2004/11/05
MDKSA-2004:127 - Updated libxml and libxml2 packages fix multiple vulnerabilities, Mandrake Linux Security Team, 2004/11/05
MDKSA-2004:126 - Updated shadow-utils packages fix security bypass vulnerability, Mandrake Linux Security Team, 2004/11/05
[Full-Disclosure] [USN-18-1] zip vulnerability, Martin Pitt, 2004/11/05
MDKSA-2004:125 - Updated iptables packages fix vulnerability, Mandrake Linux Security Team, 2004/11/05
[Full-Disclosure] In-game format string bug in the Lithtech engine, Luigi Auriemma, 2004/11/05
[Full-Disclosure] HTTP : Linux, Rusia, Cisco, Open Wall, etc, Richard Tan, 2004/11/05
[Full-Disclosure] [FLSA-2004:2076] Updated foomatic package fixes security vulnerability, Marc Deslauriers, 2004/11/05
[Full-Disclosure] [USN-17-1] passwd vulnerability, Martin Pitt, 2004/11/04
[Full-Disclosure] [HV-LOW] Symantec LiveUpdate issues may cause DoS, vuln, 2004/11/04
MDKSA-2004:124 - Updated xorg-x11 packages fix libXpm overflow vulnerabilities, Mandrake Linux Security Team, 2004/11/04
SSC Advisory TSA-052 (Callwave.com), Secure Science Corporation Advisory Notice, 2004/11/04
- SSC Advisory TSA-052 (Callwave.com), Secure Science Corporation Advisory Notice, 2004/11/04
[Full-Disclosure] [ GLSA 200411-09 ] shadow: Unauthorized modification of account information, Matthias Geerdsen, 2004/11/04
- Re: [ GLSA 200411-09 ] shadow: Unauthorized modification of account information, Solar Designer, 2004/11/04
[Full-Disclosure] Cross-Site-Scripting Vulnerability in Microsoft.com, Rafel Ivgi, The-Insider, 2004/11/04
- Re: [Full-Disclosure] Cross-Site-Scripting Vulnerability in Microsoft.com, offtopic, 2004/11/05
[CLA-2004:883] Conectiva Security Announcement - subversion, Conectiva Updates, 2004/11/04
[CLA-2004:884] Conectiva Security Announcement - gaim, Conectiva Updates, 2004/11/04
[CLA-2004:885] Conectiva Security Announcement - apache, Conectiva Updates, 2004/11/04
[Full-Disclosure] Norton AntiVirus 2004/2005 Scripting Vulnerability Pt.3 (Includes PoC VBScript Code), Daniel Milisic, 2004/11/03
- Re: [Full-Disclosure] Norton AntiVirus 2004/2005 Scripting Vulnerability Pt.3 (Includes PoC VBScript Code), 3APA3A, 2004/11/04
  - Re: [Full-Disclosure] Norton AntiVirus 2004/2005 Scripting Vulnerability Pt.3 (Includes PoC VBScript Code), GuidoZ, 2004/11/04
[Full-Disclosure] [HV-MED] Zip/Linux long path buffer overflow, vuln, 2004/11/03
- Re: [Full-Disclosure] [HV-MED] Zip/Linux long path buffer overflow, Martin Pitt, 2004/11/05
  - Re: [Full-Disclosure] [HV-MED] Zip/Linux long path buffer overflow, Josh Bressers, 2004/11/05
[Full-Disclosure] [ GLSA 200411-08 ] GD: Integer overflow, Thierry Carrez, 2004/11/03
[CLA-2004:882] Conectiva Security Announcement - squid, Conectiva Updates, 2004/11/03
[Full-Disclosure] [ GLSA 200411-07 ] Proxytunnel: Format string vulnerability, Thierry Carrez, 2004/11/03
[Full-Disclosure] [USN-16-1] perl vulnerabilities, Martin Pitt, 2004/11/02
[Hat-Squad] SQL injection and XSS Vulnerabilities in HELM, Hat-Squad Security Team, 2004/11/02
URL spoofing bug (with iframes) in Microsoft Internet Explorer (11/02/2004), Benjamin Tobias Franz, 2004/11/02
Microsoft ISA Server Authentication Bypassing, J�r�me, 2004/11/02
- RE: Microsoft ISA Server Authentication Bypassing, Jim Harrison (ISA), 2004/11/03
Re: debian dhcpd, old format string bug, Javier Fernandez-Sanguino, 2004/11/02
- Re: debian dhcpd, old format string bug, Martin Schulze, 2004/11/05
[Full-Disclosure] ERRATA: [ GLSA 200411-01 ] ppp: No denial of service vulnerability, Luke Macken, 2004/11/02
MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) (fwd), Michal Zalewski, 2004/11/02
MDKSA-2004:123 - Updated perl-MIME-tools packages fix vulnerability, Mandrake Linux Security Team, 2004/11/02
[VulnWatch] Multiple Vulnerabilities in Web Forums Server, R00tCr4ck, 2004/11/02
MDKSA-2004:122 - Updated mod_ssl packages fix information disclosure vulnerability, Mandrake Linux Security Team, 2004/11/02
MDKSA-2004:121 - Updated netatalk packages fix temporary file vulnerability, Mandrake Linux Security Team, 2004/11/02
[Full-Disclosure] [ GLSA 200411-06 ] MIME-tools: Virus detection evasion, Thierry Carrez, 2004/11/02
MDKSA-2004:120 - Updated mpg123 packages fix vulnerability, Mandrake Linux Security Team, 2004/11/02
MDKSA-2004:119 - Updated MySQL packages fix multiple vulnerabilities, Mandrake Linux Security Team, 2004/11/02
MDKSA-2004:118 - Updated perl-Archive-Zip packages fix vulnerability, Mandrake Linux Security Team, 2004/11/02
[Full-Disclosure] [ GLSA 200411-05 ] libxml2: Remotely exploitable buffer overflow, Thierry Carrez, 2004/11/02
MDKSA-2004:117 - Updated gaim packages fix vulnerability, Mandrake Linux Security Team, 2004/11/02
zlib 1.2.2 released, Mark Adler, 2004/11/02
- zlib 1.2.2 released, Mark Adler, 2004/11/02
Exploiting default exception handler to increase exploit stability on win32, tal zeltzer, 2004/11/02
Medium Risk Vulnerability in WinRAR, NGSSoftware Insight Security Research, 2004/11/02
Rv: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)), Elia Florio, 2004/11/02
- Re: Rv: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)), Mihai Novitchi, 2004/11/02
- Rv: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)), Elia Florio, 2004/11/02
[Full-Disclosure] [ GLSA 200411-04 ] Speedtouch USB driver: Privilege escalation vulnerability, Luke Macken, 2004/11/02
[Full-Disclosure] [ GLSA 200411-03 ] Apache 1.3: Buffer overflow vulnerability in mod_include, Matthias Geerdsen, 2004/11/02
[CLA-2004:881] Conectiva Security Announcement - rsync, Conectiva Updates, 2004/11/02
Internet Explorer HTML Help Control ActiveX Cross Domain/Zone Scripting Vulnerabilities, roozbeh afrasiabi, 2004/11/02
Safari vulnerable to URL spoofing, Gilbert Verdian, 2004/11/02
TSLSA-2004-0055 - multi, Trustix Security Advisor, 2004/11/02
[Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)), Berend-Jan Wever, 2004/11/01
- Re: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)), morning_wood, 2004/11/02
[Full-Disclosure] [USN-15-1] lvm10 vulnerability, Martin Pitt, 2004/11/01
[USN-10-1] XML library vulnerabilities, Martin Pitt, 2004/11/01
Re: Critical Vulnerability in Altiris Deployment Server architecture, Brian Gallagher, 2004/11/01
p h i s h i n g p h o r p h u n p h o r p h u q u e s a k e, http-equiv@excite.com , 2004/11/01
[Full-Disclosure] [ GLSA 200411-02 ] Cherokee: Format string vulnerability, Sune Kloppenborg Jeppesen, 2004/11/01
Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?, Anton R Ivanov, 2004/11/01
- Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?, Henning Brauer, 2004/11/02
[Full-Disclosure] [USN-13-1] groff utility vulnerability, Martin Pitt, 2004/11/01
[Full-Disclosure] [USN-14-1] xpdf vulnerabilities, Martin Pitt, 2004/11/01
[Full-Disclosure] [ GLSA 200411-01 ] ppp: Remote denial of service vulnerability, Luke Macken, 2004/11/01
- [Full-Disclosure] Re: [ GLSA 200411-01 ] ppp: Remote denial of service vulnerability, Paul Mackerras, 2004/11/01
New Whitepaper - "Second-order Code Injection Attacks", Gunter Ollmann, 2004/11/01
- Re: New Whitepaper - "Second-order Code Injection Attacks", Crispin Cowan, 2004/11/02
  - Re: New Whitepaper - "Second-order Code Injection Attacks", Jeff Williams, 2004/11/02
    - RE: New Whitepaper - "Second-order Code Injection Attacks", Gunter Ollmann (NGS), 2004/11/05
- Re: New Whitepaper - "Second-order Code Injection Attacks", Nicolas Gregoire, 2004/11/03
- RE: New Whitepaper - "Second-order Code Injection Attacks", Gunter Ollmann (NGS), 2004/11/02
- RE: New Whitepaper - "Second-order Code Injection Attacks", Gunter Ollmann (NGS), 2004/11/05
[Full-Disclosure] XDICT Buffer OverRun Vulnerability,funny :-), Sowhat ., 2004/11/01