Network Security Archives

Vulnerability Development (date)

[Thread Index] [Top] [All Lists]

December 31, 2004

Re: [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC, Steve Friedl, 16:24
WHM AutoPilot Security Release [ Plus Upgrade Instructions ], GulfTech Security, 16:24
[SECURITY] [DSA 621-1] New CUPS packages fix arbitrary code execution, Martin Schulze, 16:04
Cross Site Scripting DOS (Zyxel B-420 Ethernet Bridge), beniwiedmer, 16:04
Re: [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC, Alberto Garcia Hierro, 15:54
Bluetooth: BlueSnarf and BlueBug Full Disclusore, Adam Laurie, 15:24
ArGoSoft FTP Server reveals valid usernames and allows for brute force attacks, steven, 15:04
[EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC, houseofdabus HOD, 14:53
SQL Injection Vulnerability In IBProArcade, mike bailey, 14:43

December 30, 2004

MDKSA-2004:166 - Updated tetex packages fix multiple vulnerabilities, Mandrake Linux Security Team, 21:26
Re: Sanity Worm Concepts, Paul Laudanski, 21:16
Re: Multiple Vulnerabilities in Moodle, Martin Dougiamas, 20:16
MDKSA-2004:162 - Updated gpdf packages fix buffer overflow vulnerability, Mandrake Linux Security Team, 18:25
Re: Strange Java Loader (not so strange - Trojan.ByteVerify), K-OTiK Security, 18:05
Strange Java Loader, duffbeer, 17:55
MDKSA-2004:165 - Updated koffice packages fix multiple vulnerabilities, Mandrake Linux Security Team, 17:45
MDKSA-2004:163 - Updated kdegraphics packages fix buffer overflow vulnerability, Mandrake Linux Security Team, 17:04
MDKSA-2004:159 - Updated glibc packages fix temporary file vulnerability, Mandrake Linux Security Team, 16:14
MDKSA-2004:164 - Updated cups packages fix buffer overflow vulnerability, Mandrake Linux Security Team, 15:44
[SECURITY] [DSA 619-1] New xpdf packages fix arbitrary code execution, Martin Schulze, 15:14
NetCat V 1.11 Multiple Bugs, CorryL, 15:03
KorWeblog php injection Vulnerability, Min-sung Choi, 14:53
MDKSA-2004:161 - Updated xpdf packages fix buffer overflow vulnerability, Mandrake Linux Security Team, 14:53
MDKSA-2004:160 - Updated kdelibs packages fix konqueror email vulnerability, Mandrake Linux Security Team, 14:43
[SECURITY] [DSA 620-1] New perl packages fix several vulnerabilities, Martin Schulze, 14:33
[Full-Disclosure] [ GLSA 200412-27 ] PHProjekt: Remote code execution vulnerability, Thierry Carrez, 12:42
Re: [Full-Disclosure] Again: zone transfers, a spammer's dream?, xyberpix, 09:01

December 29, 2004

[Full-Disclosure] Re: Fwd: Re: [USN-52-1] vim vulnerability, Ciaran McCreesh, 21:26
[Full-Disclosure] Heap overflow in Mozilla Browser <= 1.7.3 NNTP code., Maurycy Prodeus, 20:56
[ GLSA 200412-24 ] Xpdf, GPdf: New integer overflows, Thierry Carrez, 20:56
Heap overflow in Mozilla Browser <= 1.7.3 NNTP code., Maurycy Prodeus, 20:46
Re: [Full-Disclosure] Again: zone transfers, a spammer's dream?, Jorrit Kronjee, 17:55
[CLA-2004:909] Conectiva Security Announcement - netpbm, Conectiva Updates, 16:24
Re: [Full-Disclosure] Re: new phpBB worm affects 2.0.11, Paul Laudanski, 16:14
Re: Did a 16-bit counter overflow shut down Comair?, Avleen Vig, 16:04
php-Calendar File Include Vulnerability [ Command Exec ], GulfTech Security, 15:54
Re: Did a 16-bit counter overflow shut down Comair?, Mike Nice, 15:44
Sanity Worm Concepts, Andy Fewtrell, 15:34
QNX crrtrap arbitrary file read/write vulnerability [RLSA_06-2004], Julio Cesar Fort, 15:24
Re: [Full-Disclosure] Re: New Santy-Worm attacks *all* PHP-skripts, Paul Laudanski, 15:24
[Full-Disclosure] [USN-53-1] imlib vulnerabilities, Martin Pitt, 11:32
[Full-Disclosure] DJB's contest (repost after being moderated on BGTQ), support, 10:32
[Full-Disclosure] AOL website redirection scripts allow for abuse, Michel Blomgren, 05:40
[Full-Disclosure] Re: Windows (XP SP2) Remote code execution with parameters, ShredderSub7, 01:38

December 28, 2004

Re: Microsoft Windows LoadImage API IntegerBuffer overflow, Berend-Jan Wever, 21:06
KDE Security Advisory: kpdf Buffer Overflow Vulnerability, Dirk Mueller, 20:16
Re: [HAT-SQUAD] NetCat Remote Critical Vulnerability, Poc included, Chris Wysopal, 19:56
XSA-2004-7: stack overflow in AIFF demultiplexer, Michael Roitzsch, 19:05
Netcat v1.11 For Windows , New fixed version, Hat-Squad Security Team, 18:35
Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability, Marcus Meissner, 16:04
[HAT-SQUAD] NetCat Remote Critical Vulnerability, Poc included, Hat-Squad Security Team, 15:44
Remote code execution with parameters withoutu ser interaction, even with XP SP2, ShredderSub7 SecExpert, 15:14
Did a 16-bit counter overflow shut down Comair?, Richard M. Smith, 15:04
Multiple WHM Autopilot Vulnerabilities, GulfTech Security, 15:04
possible error in latest NGS realplayer advisory, Marc Bejarano, 14:43
MDKSA-2004:158 - Updated samba packages fix integer overflow vulnerabilities, Mandrake Linux Security Team, 14:33
Multiple Vulnerabilities in Moodle, Bartek Nowotarski, 14:33
[Full-Disclosure] [ GLSA 200412-26 ] ViewCVS: Information leak and XSS vulnerabilities, Thierry Carrez, 13:53
[Full-Disclosure] [ GLSA 200412-25 ] CUPS: Multiple vulnerabilities, Thierry Carrez, 13:43
[Full-Disclosure] Suggested filters against PHP Attacking Worms, Paul Laudanski, 04:19

December 27, 2004

Re: [Full-Disclosure] new phpBB worm affects 2.0.11, Andrew Farmer, 20:56
[Full-Disclosure] [HAT-SQUAD] NetCat Remote Critical Vulnerability, Poc inside., class 101, 20:36
[Full-Disclosure] [HAT-SQUAD] NetCat Remote Critical Vulnerability, Poc inside., class 101, 12:12
Re: [Full-Disclosure] Shoe 1.0 - Remote Lace Overflow, Thomas Sutpen, 11:42
[Full-Disclosure] Multiple vulnerabilities in AOL and AOL affiliate web sites, Michel Blomgren, 06:28
Re: [Full-Disclosure] YET AGAIN Automatic remote compromise of InternetExplorer Service Pack 2 XP SP2, Andrew Smith, 01:15
Re: [Full-Disclosure] new phpBB worm affects 2.0.11, Andrew Farmer, 00:34

December 26, 2004

[Full-Disclosure] Re: Re: Microsoft Windows LoadImage API Integer Buffer overflow, Brett Glass, 20:12
[Full-Disclosure] (no subject), class 101, 18:21
[Full-Disclosure] Re: New Santy-Worm attacks *all* PHP-skripts, Juergen Schmidt, 14:19
Re: [Full-Disclosure] Re: New Santy-Worm attacks *all* PHP-skripts, Paul Laudanski, 14:19
Re: [Full-Disclosure] Re: Re: Microsoft Windows LoadImage API Integer Buffer overflow, Brett Glass, 04:54
RE: [Full-Disclosure] YEY AGAIN Automatic remote compromise ofInternetExplorer Service Pack 2 XP SP2, Michael Evanchik, 01:52

December 25, 2004

[Full-Disclosure] Re: new phpBB worm affects 2.0.11, Adam, 19:28
Microsoft Internet Explorer SP2 Fully Automated Remote Compromise, Paul, 18:17
New Winhlp32.exe vuln, bad_son, 17:47
Re: Microsoft Windows LoadImage API Integer Buffer overflow, Brett Glass, 17:27
Re: New Santy-Worm attacks *all* PHP-skripts ( Santy.c ? ), K-OTiK Security, 17:17
New Santy-Worm attacks *all* PHP-skripts, Juergen Schmidt, 17:07
RE: phpBB Worm, Chris Ess, 16:56
PHPBB worm in action, Colin Keith, 16:46
CleanCache v2.19: False Sense of Security, WBG Links, 16:26
Re: phpBB Worm, Zeljko Brajdic, 16:06
[Full-Disclosure] new phpBB worm affects 2.0.11, Herman Sheremetyev, 15:46
[Full-Disclosure] YET AGAIN Automatic remote compromise of Internet Explorer Service Pack 2 XP SP2, Michael Evanchik, 14:45
[Full-Disclosure] Re: Re: Microsoft Windows LoadImage API Integer Buffer overflow, flashsky, 11:04

December 24, 2004

[Full-Disclosure] YEY AGAIN Automatic remote compromise of Internet Explorer Service Pack 2 XP SP2, Michael Evanchik, 20:48
Re: phpBB Worm, Raymond Dijkxhoorn, 18:37
Final Call for Papers & Workshops - BCS Asia 2005, Anthony.zboralski, 16:56
[SECURITY] [DSA 617-1] New libtiff packages fix arbitrary code execution, Martin Schulze, 15:35
XSS in yacy 0.31, Donato Ferrante, 15:25
Re: Inexcusable weakness in Kmail / GnuPG, Simple Nomad, 15:05
STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard, advisory, 15:05
Re: phpBB Worm, steve, 14:55
Re: DJB's students release 44 *nix software vulnerability advisories, David Wagner, 14:45
Re: DJB's students release 44 *nix software vulnerability advisories, Crispin Cowan, 14:35
[SECURITY] [DSA 618-1] New imlib packages fix arbitrary code execution, Martin Schulze, 14:35
[Full-Disclosure] [ADVISORY] Scripting Vulnerabilities in Indian Email Providers Put Millions At Risk, S G Masood, 12:44
Re: [Full-Disclosure] Cross-Site Scripting - an industry-wide problem, morning_wood, 11:44
Re: [Full-Disclosure] Shoe 1.0 - Remote Lace Overflow, Alex V. Lukyanenko, 10:43
[Full-Disclosure] Cross-Site Scripting - an industry-wide problem, mikx, 06:02
[Full-Disclosure] Re: [USN-52-1] vim vulnerability, Liu Die Yu, 04:41
[Full-Disclosure] Plesk 7 Cross-Site Scripting, Andrew Smith, 04:41
[VulnWatch] IBM DB2 generate_distfile buffer overflow vulnerability (#NISR2122004L), NGSSoftware Insight Security Research, 01:09
raptor's xmas pack 2004, Marco Ivaldi, 00:29
[VulnWatch] IBM DB2 rec2xml buffer overflow vulnerability (#NISR2122004J), NGSSoftware Insight Security Research, 00:29

December 23, 2004

[VulnWatch] Oracle wrapped procedure overflow (#NISR2122004J), NGSSoftware Insight Security Research, 23:38
[Security Bulletin] SSRT4696 rev.0 - HP Tru64 UNIX TCP Stack Remote Denial of Service (DoS), Boren, Rich (SSRT), 23:08
[VulnWatch] Oracle multiple PL/SQL injection vulnerabilities (#NISR2122004H), NGSSoftware Insight Security Research, 22:58
Re: possible local exploit via sendmail with procmail on solaris, Jeff Damens, 22:48
Re: [Full-Disclosure] Re: Linux kernel scm_send local DoS, Valdis . Kletnieks, 22:38
Re: Webmin BruteForce + Command execution - By Di42lo <DiAblo_2@012.net.il>, Martin Mewes, 22:28
[VulnWatch] Oracle TNS Listener DoS (#NISR2122004F), NGSSoftware Insight Security Research, 22:18
[USN-50-1] CUPS vulnerabilities, Martin Pitt, 21:47
Re: phpBB Worm, Anders Henke, 21:37
[VulnWatch] Oracle ISQLPlus file access vulnerability (#NISR2122004E), NGSSoftware Insight Security Research, 21:27
[Security Bulletin] SSRT4883 rev.3 HP-UX ftp and ftpd remote unauthorized access, Boren, Rich (SSRT), 21:17
Re: Security Advisory for ALL forum services with client-set images, Tim Jackson, 21:07
Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation, flashsky fangxing, 20:57
[VulnWatch] Oracle clear text passwords (#NISR2122004D), NGSSoftware Insight Security Research, 20:47
WPkontakt message parsing error, Jaroslaw Sajko, 20:37
[Security Bulletin] SSRT4876 rev.0 HP Tru64 UNIX SWS (Apache) Secure Web Server Remote, Boren, Rich (SSRT), 20:27
Microsoft Windows winhlp32.exe Heap Overflow Vulnerability, flashsky fangxing, 20:17
[Security Bulletin] SSRT4867 rev.0 Netscape Directory Server on HP-UX LDAP remote buffer overflow, Boren, Rich (SSRT), 20:17
[VulnWatch] Oracle extproc local command execution (#NISR23122004C), NGSSoftware Insight Security Research, 20:06
[ Security Bulletin ] SSRT4699 rev.0 HP-UX SAM local privilege increase, Boren, Rich (SSRT), 19:46
RE: phpBB Worm, Ofer Shezaf, 19:36
[USN-52-1] vim vulnerability, Martin Pitt, 19:26
[USN-51-1] teTeX auxiliary script vulnerability, Martin Pitt, 19:16
[VulnWatch] Oracle extproc directory traversal (#NISR23122004B), NGSSoftware Insight Security Research, 19:16
[USN-49-1] debmake vulnerability, Martin Pitt, 19:06
RE: DJB's students release 44 *nix software vulnerability advisories, Palmer, Paul (ISSAtlanta), 19:06
[USN-48-1] xpdf, tetex-bin vulnerabilities, Martin Pitt, 18:56
RE: Crystal FTP Pro 2.8 PoC, cybertronic, 18:46
RE: Local versus remote security holes, David Brodbeck, 18:46
Re: DJB's students release 44 *nix software vulnerability advisories, Crispin Cowan, 18:26
[VulnWatch] Oracle extproc buffer overflow (#NISR23122004A), NGSSoftware Insight Security Research, 18:26
Re: phpBB Worm, William Geoghegan, 18:26
Re: [webmin-l] Re: Webmin BruteForce + Command execution - By Di42lo <DiAblo_2@012.net.il>, Jamie Cameron, 18:16
Inexcusable weakness in Kmail / GnuPG, Thomas C. Greene, 18:05
Re: DJB's students release 44 *nix software vulnerability advisories, Crispin Cowan, 17:55
Re: Security Advisory for ALL forum services with client-set images, Stefan Paletta, 17:45
Re: DJB's students release 44 *nix software vulnerability advisories, D. J. Bernstein, 17:45
[VulnWatch] Oracle Character Conversion Bugs (#NISR2122004G), NGSSoftware Insight Security Research, 17:35
Re: DJB's students release 44 *nix software vulnerability advisories, Michal Zalewski, 17:35
Re: Linux kernel scm_send local DoS, Pavel Kankovsky, 17:25
Re: stick with "anonymous" or "authenticated" when describing, Steven M. Christey, 17:15
Re: phpBB Worm, Anders Henke, 17:05
Cross Site Scripting In PsychoStats 2.2.4 Beta && Earlier, GulfTech Security, 17:05
[USN-47-1] Linux kernel vulnerabilities, Martin Pitt, 16:55
Crystal FTP Pro 2.8 PoC, cybertronic, 16:55
Re: phpBB Worm, Alvin Packard, 16:45
[VulnWatch] Oracle Trigger Abuse (#NISR2122004I), NGSSoftware Insight Security Research, 16:45
SHOUTcast remote format string vulnerability, Damian Put, 16:35
Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability, Moritz Muehlenhoff, 16:35
Microsoft Windows LoadImage API Integer Buffer overflow, flashsky fangxing, 16:14
Microsoft Windows Kernel ANI File Parsing Crash and DOS Vulnerability, flashsky fangxing, 16:14
[SECURITY] [DSA 616-1] New telnetd-ssl packages fix arbitrary code execution, Martin Schulze, 15:54
IBM DB2 rec2xml buffer overflow vulnerability (#NISR2122004J), NGSSoftware Insight Security Research, 15:54
[OpenPKG-SA-2004.055] OpenPKG Security Advisory (gettext), OpenPKG, 15:44
Oracle wrapped procedure overflow (#NISR2122004J), NGSSoftware Insight Security Research, 15:34
Oracle multiple PL/SQL injection vulnerabilities (#NISR2122004H), NGSSoftware Insight Security Research, 15:34
Oracle TNS Listener DoS (#NISR2122004F), NGSSoftware Insight Security Research, 15:24
IBM DB2 generate_distfile buffer overflow vulnerability (#NISR2122004L), NGSSoftware Insight Security Research, 15:14
Oracle extproc local command execution (#NISR23122004C), NGSSoftware Insight Security Research, 15:04
Oracle clear text passwords (#NISR2122004D), NGSSoftware Insight Security Research, 15:04
Oracle extproc directory traversal (#NISR23122004B), NGSSoftware Insight Security Research, 14:54
Oracle extproc buffer overflow (#NISR23122004A), NGSSoftware Insight Security Research, 14:54
Oracle Character Conversion Bugs (#NISR2122004G), NGSSoftware Insight Security Research, 14:44
Oracle ISQLPlus file access vulnerability (#NISR2122004E), NGSSoftware Insight Security Research, 14:34
Oracle Trigger Abuse (#NISR2122004I), NGSSoftware Insight Security Research, 14:34
[Full-Disclosure] Shoe 1.0 - Remote Lace Overflow, announce, 08:41
[Full-Disclosure] Script Injection in Google Groups Beta, n3td3v, 00:48
Re: DJB's students release 44 *nix software vulnerability advisories, sean, 00:38

December 22, 2004

Re: [Full-Disclosure] Java Runtime Environment Remote Denial-of-Service (DoS) Vulnerability, James Tucker, 23:47
SUSE Security Announcement: kernel local privilege escalation (SUSE-SA:2004:046), Marcus Meissner, 23:47
Re: WebWorm using PHPBB vulnerability in the wild!, Nick Johnson, 22:57
2Bgal : 2.4 & 2.5.1 SQL injection Vulnerability, zib zib, 22:47
Security Advisory for ALL forum services with client-set images, James Bandara, 22:26
MDKSA-2004:157 - Updated mplayer packages fix multiple vulnerabilities, Mandrake Linux Security Team, 20:15
Re: DJB's students release 44 *nix software vulnerability advisories, Jack Lloyd, 20:05
[Full-Disclosure] Re: Gadu-Gadu, another two bugs, lazy, 19:45
MDKSA-2004:155 - Updated logcheck packages fix temporary file vulnerability, Mandrake Linux Security Team, 19:25
Webmin BruteForce + Command execution - By Di42lo <DiAblo_2@012.net.il>, amit sides, 19:05
possible local exploit via sendmail with procmail on solaris, Michael Barnes, 18:55
stick with "anonymous" or "authenticated" when describing attacks, Jonathan G. Lampe, 18:24
Re: DJB's students release 44 *nix software vulnerability advisories, Crispin Cowan, 18:24
RE: DJB's students release 44 *nix software vulnerability advisories, Manning, Robert (Mission Systems), 18:04
Re: DJB's students release 44 *nix software vulnerability advisories, Casper . Dik, 17:54
[ GLSA 200412-23 ] Zwiki: XSS vulnerability, Luke Macken, 17:54
Realone2.0 "pnxr3260.dll" Lets Remote Users IE Browser Crash, Wei Li, 17:44
Re: DJB's students release 44 *nix software vulnerability advisories, Steven M. Christey, 17:44
[Full-Disclosure] [USN-46-1] TIFF library vulnerability, Martin Pitt, 17:34
Re: DJB's students release 44 *nix software vulnerability advisories, David Eisner, 17:34
PHP v4.3.x exploit for Windows., The Warlock, 17:24
Permission problem in Skype BETA for linux, Peter Conrad, 17:14
Re: DJB's students release 44 *nix software vulnerability advisories, Steven M. Christey, 17:04
[Full-Disclosure] Script Injection in Google Groups Beta, n3td3v, 16:54
Re: Local versus remote security holes, Adam Shostack, 16:33
Re: phpBB Worm, ycw1bh302, 16:23
Re: DJB's students release 44 *nix software vulnerability advisories, Valdis . Kletnieks, 16:03
MDKSA-2004:156 - Updated krb5 packages fix buffer overflow vulnerability, Mandrake Linux Security Team, 16:03
malware effecting broadband users in Israel, Gadi Evron, 15:43
Re: phpBB Worm, Alexander Klimov, 15:43
Re: phpBB Worm, Sebastian Wiesinger, 15:23
Re: DJB's students release 44 *nix software vulnerability advisories, Jonathan Rockway, 15:23
Re: DJB's students release 44 *nix software vulnerability advisories, Chris Paget, 15:13
Re: DJB's students release 44 *nix software vulnerability advisories, Jonathan Rockway, 15:03
Sybase ASE 12.5.2 vulnerabilities, NGSSoftware Insight Security Research, 14:53
Re: DJB's students release 44 *nix software vulnerability advisories, D. J. Bernstein, 14:53
Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability, Dmitry V. Levin, 14:43
MDKSA-2004:154 - Updated kdelibs packages fix multiple vulnerability, Mandrake Linux Security Team, 14:32
Local versus remote security holes, D. J. Bernstein, 14:32
[SECURITY] [DSA 615-1] New debmake package fixes insecure temporary directories, Martin Schulze, 14:22
[Full-Disclosure] Java Runtime Environment Remote Denial-of-Service (DoS) Vulnerability, Marc Schoenefeld, 14:22
SUSE Security Announcement: samba (SUSE-SA:2004:045), Sebastian Krahmer, 14:12
[Full-Disclosure] [USN-45-1] nasm vulnerability, Martin Pitt, 12:52
[Full-Disclosure] [ GLSA 200412-22 ] mpg123: Playlist buffer overflow, Thierry Carrez, 04:48
[Full-Disclosure] Re: Script Injection in Google Groups Beta, n3td3v, 03:47
[Full-Disclosure] Re: Script Injection in Google Groups Beta, n3td3v, 03:37
Re: DJB's students release 44 *nix software vulnerability advisories, Raymond M. Reskusich, 03:37
Re: DJB's students release 44 *nix software vulnerability advisories, laffer1, 03:17
Re: DJB's students release 44 *nix software vulnerability advisories, Stephen Harris, 03:07
[SECURITY] [DSA 613-1] New ethereal packages fix denial of service, Martin Schulze, 02:37
RE: phpBB Worm, Paul Kurczaba, 01:36
Re: AIX 5.1/5.2/5.3 local root exploits (paginit issue), Shiva Persaud, 01:26
WebWorm using PHPBB vulnerability in the wild!, Niki Denev, 00:56
Re: DJB's students release 44 *nix software vulnerability advisories, David F. Skoll, 00:26

December 21, 2004

RE: DJB's students release 44 *nix software vulnerability advisories, Devin Ganger, 23:25
Re: Wordpress 1.2.2 is still vulnerable, Thomas Waldegger, 23:05
Re: DJB's students release 44 *nix software vulnerability advisories, Stephen Samuel, 22:35
iDEFENSE Security Advisory 12.21.04: Hewlett Packard HP-UX ftpd Remote Buffer Overflow Vulnerability, customer service mailbox, 21:54
iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability, customer service mailbox, 21:44
iDEFENSE Security Advisory 12.21.04: libtiff Directory Entry Count Integer Overflow Vulnerability, customer service mailbox, 21:34
iDEFENSE Security Advisory 12.21.04: Multiple Vendor Xine version 0.99.2 PNM Handler PNA_TAG Heap Overflow Vulnerability, customer service mailbox, 20:54
iDEFENSE Security Advisory 12.21.04: Multiple Vendor Xine version 0.99.2 PNM Handler Negative Read Length Heap Overflow Vulnerability, customer service mailbox, 20:44
Re: phpBB Worm, Raymond Dijkxhoorn, 20:24
iDEFENSE Security Advisory 12.21.04: Multiple Vendor xpdf PDF Viewer Buffer Overflow Vulnerability, customer service mailbox, 20:24
Re: DJB's students release 44 *nix software vulnerability advisories, Thor, 19:33
Re: DJB's students release 44 *nix software vulnerability advisories, Antoine Martin, 18:53
Re: DJB's students release 44 *nix software vulnerability advisories, milw0rm Inc., 18:43
Re: DJB's students release 44 *nix software vulnerability advisories, Dave Holland, 18:43
Re: DJB's students release 44 *nix software vulnerability advisories, Artem Chuprina, 18:33
SUSE Security Announcement: various kernel problems (SUSE-SA:2004:044), Marcus Meissner, 18:23
Re: DJB's students release 44 *nix software vulnerability advisories, Jonathan T Rockway, 17:12
phpBB Worm, Shannon Lee, 16:42
Xprobe 0.2.1 Released, bugtraq, 16:22
Re: AIX 5.1/5.2/5.3 local root exploits (diag issue), Shiva Persaud, 14:21
[SECURITY] [DSA 614-1] New xzgv packages fix arbitrary code execution, Martin Schulze, 14:11
TSLSA-2004-0069 - kerberos5, Trustix Security Advisor, 14:00
[Full-Disclosure] [USN-44-1] perl information leak, Martin Pitt, 13:00
[Full-Disclosure] Re: Windows Explorer TGA Crash is a DoS bug in Internet Explorer., Berend-Jan Wever, 02:06
[Full-Disclosure] Re: Windows Explorer TGA Crash is a DoS bug in Internet Explorer., Berend-Jan Wever, 01:05

December 20, 2004

MITKRB5-SA-2004-004: heap overflow in libkadm5srv, Tom Yu, 20:23
Re: [Full-Disclosure] Re: Gadu-Gadu, another two bugs, Maciej Soltysiak, 20:03
[USN-43-1] groff utility vulnerabilities, Martin Pitt, 19:53
Updated: TSLSA-2004-0068 - kernel, Trustix Security Advisor, 19:43
[SECURITY] [DSA 612-1] New a2ps packages fix arbitrary command execution, Martin Schulze, 19:33
MDKSA-2004:152 - Updated ethereal packages fix multiple vulnerabilities, Mandrake Linux Security Team, 19:13
MDKSA-2004:153 - Updated aspell packages fix vulnerability, Mandrake Linux Security Team, 18:53
Re: DJB's students release 44 *nix software vulnerability advisories, Marcin Owsiany, 18:12
Gadu-Gadu Remote DoS (all versions), Maciej Soltysiak, 17:52
[ GLSA 200412-21 ] MPlayer: Multiple overflows, Thierry Carrez, 17:22
[Full-Disclosure] Re: Gadu-Gadu, another two bugs, Przemyslaw Frasunek, 16:01
[ GLSA 200412-17 ] kfax: Multiple overflows in the included TIFF library, Sune Kloppenborg Jeppesen, 15:31
Internet Explorer Help ActiveX Control Local Zone Security Restriction Bypass Vulnerability (updated), Paul, 15:21
[Full-Disclosure] [ GLSA 200412-20 ] NASM: Buffer overflow vulnerability, Luke Macken, 15:21
[ GLSA 200412-16 ] kdelibs, kdebase: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 15:11
Exploit for Ultrix 4.5 dxterm, Kristoffer Brånemyr, 14:51
TSLSA-2004-0066 - multi, Trustix Security Advisor, 14:51
Re: Internet Explorer Code Execution Bypass Vulnerability, cmthemc, 14:41
KDE Security Advisory: Konqueror Java Vulnerability, Waldo Bastian, 14:30
Windows Explorer TGA Crash, Bill, 14:20
Crystal FTP Pro Client Buffer Overflow, Luca Ercoli, 14:20
[ GLSA 200412-15 ] Ethereal: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 14:00
Security Bulletin SSRT4687 rev.0 HP-UX newgrp(1) local privilege elevation, Boren, Rich (SSRT), 14:00
TSLSA-2004-0068 - kernel, Trustix Security Advisor, 13:50
PHP shmop.c module permits write of arbitrary memory., Stefano Di Paola, 13:50
[SECURITY] [DSA 611-1] New htget packages fix arbitrary code execution, Martin Schulze, 13:40
AIX 5.1/5.2/5.3 local root exploits, cees-bart, 13:30
[ GLSA 200412-14 ] PHP: Multiple vulnerabilities, Thierry Carrez, 13:30
[Full-Disclosure] [USN-42-1] Xine library vulnerabilities, Martin Pitt, 13:10
[Full-Disclosure] [ GLSA 200412-18 ] abcm2ps: Buffer overflow vulnerability, Luke Macken, 13:00
[Full-Disclosure] [ GLSA 200412-19 ] phpMyAdmin: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 13:00
[Full-Disclosure] Tlen.pl, remote script execution, Jaroslaw Sajko, 09:38
[USN-41-1] Samba vulnerability, Martin Pitt, 08:37
Re: DJB's students release 44 *nix software vulnerability advisories, Julian T J Midgley, 07:26
[Full-Disclosure] UPDATE: [ GLSA 200410-12 ] WordPress: HTTP response splitting and XSS vulnerabilities, Luke Macken, 07:06
Re: Patch available for multiple critical flaws in Oracle, Marc Bejarano, 06:45
MDKSA-2004:151 - Updated php packages fix multiple vulnerabilities, Mandrake Linux Security Team, 06:35
MS Windows Media Player 9 Vulns (2), Arman Nayyeri, 04:54
Multiple Vulnerabilities In Kayako eSupport v2.x, GulfTech Security, 04:04
Re: DJB's students release 44 *nix software vulnerability advisories, D. J. Bernstein, 03:53

December 18, 2004

[ GLSA 200412-13 ] Samba: Integer overflow, Sune Kloppenborg Jeppesen, 00:06

December 17, 2004

Re: *nix data wipe tools, George Georgalis, 23:56
Bug in Crypt::ECB perl module, Bennett R. Samowich, 23:26
[SECURITY] [DSA 610-1] New cscope packages fix insecure temporary file creation, Martin Schulze, 22:35
Internet Explorer Code Execution Bypass Vulnerability, aikon none, 22:05
Re: iDEFENSE Security Advisory 12.16.04: MPlayer MMST Streaming Stack Overflow Vulnerability, Hideki Yamane, 21:45
Re: *nix data wipe tools, Casper . Dik, 21:05
[OpenPKG-SA-2004.056] OpenPKG Security Advisory (cvstrac), OpenPKG, 20:25
4 Vulnerabilities in GamePort, amoXi Devilkin, 20:04
NetBSD kernel local vulnerabilities, Evgeny Demidov, 19:44
Re: DJB's students release 44 *nix software vulnerability advisories, security curmudgeon, 19:04
Re: DJB's students release 44 *nix software vulnerability advisories, cees-bart, 18:34
Re: *nix data wipe tools, Thomas C. Greene, 18:04
[Full-Disclosure] Re: Linux kernel IGMP vulnerabilities, Timothy Hall, 17:33
4 Vulnerabilities in GamePort, amoXi Devilkin, 17:23
Re: *nix data wipe tools, Wietse Venema, 17:03
phphpbb2 + php version < 4.3.10 unserialize() memory dump sql password from config.php exploit, bad boy, 16:53
[ GLSA 200412-12 ] Adobe Acrobat Reader: Buffer overflow vulnerability, Luke Macken, 16:33
NetBSD Security Advisory 2004-010: Insufficient argument validation in compat code, NetBSD Security-Officer, 16:13
Gadu-Gadu, another two bugs, Jaroslaw Sajko, 15:32
[OpenPKG-SA-2004.054] OpenPKG Security Advisory (samba), OpenPKG, 14:52
RE: Linux kernel IGMP vulnerabilities, Jirka Kosina, 14:42
Re: DJB's students release 44 *nix software vulnerability advisories, Crispin Cowan, 14:32
Unchecked returns from kernel_read() in linux-2.6.10-rc2 kernel, Katrina Tsipenyuk, 14:12
[Full-Disclosure] OpenText FirstClass 8.0 HTTP Daemon /Search Remote DoS Vulnerability, dila, 00:06

December 16, 2004

RE: STG Security Advisory: [SSA-20041215-17] Vulnerability of uploading files with multiple extensions in JSBoard, Richard Stanway, 22:05
Re: *nix data wipe tools, David Cannings, 22:05
[SIG^2 G-TEC] singapore Image Gallery Web Application v0.9.10 Multiple Vulnerabilities, chewkeong, 22:05
[ GLSA 200412-11 ] Cscope: Insecure creation of temporary files, Luke Macken, 22:05
Discussion: Microsoft(R) PowerPoint Action Settings feature allows invocation of default browser pointed at arbitrary URL., Monte Ratzlaff, 22:05
[OpenPKG-SA-2004.053] OpenPKG Security Advisory (php), OpenPKG, 22:05
Hotmail Cross-Site Scripting Vulnerability #1, Rafel Ivgi, The-Insider, 22:05
Hotmail Cross-Site Scripting Vulnerability #2, Rafel Ivgi, The-Insider, 22:05
iDEFENSE Security Advisory 12.16.04: MPlayer Bitmap Parsing Remote Heap Overflow Vulnerability, iDEFENSE Security Advisory, 22:05
Yahoo! Mail Cross-Site Scripting Vulnerability, Rafel Ivgi, The-Insider, 22:05
iDEFENSE Security Advisory 12.16.04: MPlayer MMST Streaming Stack Overflow Vulnerability, iDEFENSE Security Advisory, 22:05
[USN-40-1] PHP vulnerabilities, Martin Pitt, 22:05
[USN-39-1] Linux amd64 kernel vulnerability, Martin Pitt, 22:05
iDEFENSE Security Advisory 12.16.04: MPlayer Remote RTSP HeapOverflow Vulnerability, iDEFENSE Security Advisory, 22:05
iDEFENSE Security Advisory 12.16.04: Veritas Backup Exec Agent Browser Registration Request Buffer Overflow Vulnerability, iDEFENSE Security Advisory, 22:05
iDEFENSE Security Advisory 12.16.04: Samba smbd Security Descriptor Integer Overflow Vulnerability, iDEFENSE Security Advisory, 22:05
Re: [ GLSA 200412-10 ] Vim, gVim: Vulnerable options in modelines, Alexey I. Froloff, 22:05
PHP Input Validation Vulnerabilities, Daniel Fabian, 22:05
DJB's students release 44 *nix software vulnerability advisories, Thor Larholm, 22:05
[MaxPatrol] SQL-injection in Ikonboard 3.1.x, Alexander Anisimov, 22:05
Multiple XSS Vulnerabilities in Wordpress 1.2.1, Thomas Waldegger, 22:05
iDEFENSE Security Advisory 12.15.04: Computer Associates eTrust EZ Antivirus Insecure File Permission Vulnerability, customer service mailbox, 22:05
[Full-Disclosure] Re: NetWare Screensaver Authentication Bypass From The Local Console, Roger McLaren, 22:05
STG Security Advisory: [SSA-20041215-19] Vulnerability of uploading files with multiple extensions in MediaWiki, advisory, 22:05
STG Security Advisory: [SSA-20041215-18] Vulnerability of uploading files with multiple extensions in phpBB Attachment Mod, advisory, 22:05
STG Security Advisory: [SSA-20041215-17] Vulnerability of uploading files with multiple extensions in JSBoard, advisory, 22:05
[SAMBA] CAN-2004-1154 : Integer overflow could lead to remote code execution in Samba 2.x, 3.0.x <= 3.0.9, Gerald Carter, 22:04
Re: php unserialize, Stefan Esser, 22:04
[Full-Disclosure] RE: Linux kernel scm_send local DoS, Paul Starzetz, 22:04
[Full-Disclosure] Hotmail Cross-Site Scripting Vulnerability #2, Rafel Ivgi, The-Insider, 22:04
Re: Linux kernel IGMP vulnerabilities, matthew-bugtraq, 22:04
RE: CSS in phpBB 1.4.4, Paul Owen, 22:04
MDKSA-2004:150 - Updated kdelibs and kdebase packages fix vulnerability, Mandrake Linux Security Team, 22:04
Re: Linux kernel scm_send local DoS, gadgeteer, 22:04
Cisco Security Advisory: Cisco Unity Integrated with Exchange Has Default Passwords, Cisco Systems Product Security Incident Response Team, 22:04
php unserialize, Martin Eiszner, 22:04
[Full-Disclosure] RE: Linux kernel scm_send local DoS, Leif Sawyer, 22:04
CSS in phpBB 1.4.4, SandI], 22:04
Re: Linux kernel IGMP vulnerabilities, stephen joseph butler, 22:04
Cisco Security Advisory: Default Administrative Password in Cisco Guard and Traffic Anomaly Detector, Cisco Systems Product Security Incident Response Team, 22:04
Re: Linux kernel scm_send local DoS, even multiplexed, 22:04
STG Security Advisory: [SSA-20041215-15] Vulnerability of uploading files with multiple extensions in MoniWiki, advisory, 22:04
iwebnegar is vulnerable to all kind of sql injections, shervin khaleghjou, 22:04
Re: Linux kernel IGMP vulnerabilities, Paul Starzetz, 22:04
Advisory 01/2004: Multiple vulnerabilities in PHP 4/5, Stefan Esser, 22:04
Re: RICOH Aficio 450/455 PCL 5e Printer ICMP DOS vulnerability, Hongzhen Zhou, 22:03
[ GLSA 200412-10 ] Vim, gVim: Vulnerable options in modelines, Thierry Carrez, 22:03
Security Advisory for CVS Slash, Jamie McCarthy, 22:03
HyperTerminal - Buffer Overflow In .ht File, Brett Moore, 22:03
STG Security Advisory: [SSA-20041214-14] GNUBoard PHP injection vulnerability, advisory, 22:03
[OpenPKG-SA-2004.052] OpenPKG Security Advisory (vim), OpenPKG, 22:03
MSIE DHTML Edit Control Cross Site Scripting Vulnerability, Paul, 22:03
Re: Linux kernel scm_send local DoS, Paul Starzetz, 22:03
Re: Linux kernel scm_send local DoS, even multiplexed, 22:03
[ GLSA 200412-09 ] ncpfs: Buffer overflow in ncplogin and ncpmap, Thierry Carrez, 22:03
Re: rpcl_icmpdos.c, x90c, 22:03
Asante FM2008 10/100 Ethernet switch backdoor login, Joe Philipps, 22:03
3cdaemon tftp server DOS vulnerability, Wang Ning, 22:03
*nix data wipe tools, Thomas C. Greene, 22:03
Yahoo! Mail Cross-Site Scripting Vulnerability, Rafel Ivgi, 22:03
Hotmail Cross-Site Scripting Vulnerability #1, Rafel Ivgi, 22:03
Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ], GulfTech Security, 22:03
[VulnWatch] Hotmail Cross Site Scripting Vulnerability #2, Rafel Ivgi, 22:03
[VulnWatch] Hotmail Cross-Site Scripting Vulnerability #1, Rafel Ivgi, The-Insider, 22:02
[VulnWatch] Yahoo! Mail Cross-Site Scripting Vulnerability, Rafel Ivgi, The-Insider, 22:02
iDEFENSE Security Advisory 12.14.04 - Microsoft Word 6.0/95 Document Converter Buffer Overflow Vulnerability, customer service mailbox, 22:02
[USN-38-1] Linux kernel vulnerabilities, Martin Pitt, 22:02
ASP-rider is vulnerable to sql injection attack, shervin khaleghjou, 22:02
[Correction For]: Secure Network Operations SNOsoft Research Team [SRT2004-12-14-0322] Symantec LiveUpdate Advisory, Secure Network Operations, Inc., 22:02
Re: Linux kernel IGMP vulnerabilities, Pekka Savola, 22:02
[ GLSA 200412-08 ] nfs-utils: Multiple remote vulnerabilities, Luke Macken, 22:02
Re: NetWare Screensaver Authentication Bypass From The Local Console, Brad Bendily, 22:02
iDEFENSE Security Advisory 12.13.04: Adobe Reader 6.0 .ETD File Format String Vulnerability, customer service mailbox, 22:02
[CAN-2004-1023] Insecure default file system permissions on Microsoft versions of Kerio Software, Secure Computer Group, 22:02
MDKSA-2004:149 - Updated postgresql packages fix temporary file vulnerability, Mandrake Linux Security Team, 22:02
[SECURITY] [DSA 608-1] New zgv packages fix arbitrary code execution, Martin Schulze, 22:02
Possible local root vulnerability in Roxio Toast on Mac OS X, fintler, 22:02
STG Security Advisory: [SSA-20041209-13] UseModWiki XSS vulnerability, advisory, 22:02
RICOH Aficio 450/455 PCL 5e Printer ICMP DOS vulnerability, Hongzhen Zhou, 22:02
Re: Citadel/UX <= v6.27 Remote Format String Vulnerability, Michael Hampton, 22:02
[CAN-2004-1022] Insecure Credential Storage on Kerio Software, Secure Computer Group, 22:02
ASP Calendar Vulnerability <www.ashiyane.com>, ali reza AcTiOnSpIdEr, 22:02
MDKSA-2004:148 - Updated iproute2 packages fix temporary file vulnerability, Mandrake Linux Security Team, 22:02
[SECURITY] [DSA 609-1] New atari800 packages fix local root exploit, Martin Schulze, 22:02
iDEFENSE Security Advisory 12.14.04 - Adobe Acrobat Reader 5.0.9 mailListIsPdf() Buffer Overflow Vulnerability, customer service mailbox, 22:02
[ZH2004-18SA] Content-Type spoofing in Mozilla Firefox and Opera could allow users to bypass security restrictions, Giovanni Delvecchio, 22:02
[VulnWatch] phpBB Attachment Mod Directory Traversal HTTP POST Injection, Paul Laudanski, 22:02
Re: [Full-Disclosure] [HV-LOW] Symantec LiveUpdate issues may cause DoS, Dan Margolis, 22:02
Linux kernel scm_send local DoS, Paul Starzetz, 22:01
Re: Secure Network Operations SNOsoft Research Team [SRT2004-12-14-0322] Symantec LiveUpdate Advisory, secure, 22:01
Linux kernel IGMP vulnerabilities, Paul Starzetz, 22:01

December 02, 2004

[Full-Disclosure] Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities, Stefan Esser, 10:34
[Full-Disclosure] Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities, Stefan Esser, 10:34
[Full-Disclosure] [HV-LOW] Symantec LiveUpdate issues may cause DoS, vuln, 10:34
[Full-Disclosure] [HV-MED] Zip/Linux long path buffer overflow, vuln, 10:34
What's "may have exploitable buffer overflows" mean in tcpdump?, Dragos Ruiu, 10:34
Secure Network Operations SNOsoft Research Team [SRT2004-12-14-0322] Symantec LiveUpdate Advisory, Secure Network Operations, Inc., 10:34
Socket unreacheable in the Lithtech engine (new protocol), Luigi Auriemma, 10:34
[ GLSA 200412-07 ] file: Arbitrary code execution, Matthias Geerdsen, 10:34
RE: zone transfers, a spammer's dream?, Marcin Pacyna, 10:24
Winamp 5.07 (latest version) Remote Crash + other stupid shizle, b0f www.b0f.net, 10:24
[ZH2004-19SA] Possible execution of remote shell commands in Opera with kfmclien, Giovanni Delvecchio, 10:23
iDEFENSE Security Advisory 12.13.04 - Multiple Vendor xzgv PRF Parsing Integer Overflow Vulnerability, customer service mailbox, 10:23
KDE Security Advisory: Konqueror Window Injection Vulnerability, Waldo Bastian, 10:13
MS IE User's Authentication Details (userid/password) Sharing Issue, Debasis Mohanty, 10:13
Citadel/UX <= v6.27 Remote Format String Vulnerability, CoKi, 10:13
Gadu-Gadu several vulnerabilities, Jaroslaw Sajko, 10:13
Re: MD5 To Be Considered Harmful Someday, Solar Designer, 10:13
[VulnWatch] Multiple vulnerabilities in phpMyAdmin, Nicolas Gregoire, 10:13
[Full-Disclosure] SugarSales Multiple Vulnerabilities, Daniel Fabian, 10:12
[Full-Disclosure] NetWare Screensaver Authentication Bypass From The Local Console, Adam Gray, 09:41
Local off-by-one in mtr versions 0.55 to 0.65, venglin, 08:30
[Full-Disclosure] [ GLSA 200412-06 ] PHProjekt: setup.php vulnerability, Thierry Carrez, 07:50
[SECURITY] [DSA 607-1] New libxpm packages fix several vulnerabilities, Martin Schulze, 07:29
In-game buffer-overflow in the Gamespy cd-key validation SDK, Luigi Auriemma, 07:29
wget: Arbitrary file overwriting/appending/creating and other vulnerabilities, Jan Minar, 07:19
CodeCon CFP deadline nearing, Len Sassaman, 07:19
Re: Multiple Vulnerabilities in paFileDB 3.1, Rafael San Miguel Carrasco, 06:37
F-Secure Policy Manager - physical path disclosure, oliver, 06:37
Re: MD5 To Be Considered Harmful Someday, Pavel Kankovsky, 06:27
Re: MD5 To Be Considered Harmful Someday, Adam Shostack, 06:26
KDE Security Advisory: kfax libtiff vulnerabilities, Dirk Mueller, 06:26
KDE Security Advisory: plain text password exposure, Dirk Mueller, 06:26
TSLSA-2004-0064 - nfs-utils, Trustix Security Advisor, 06:26
Re: MD5 To Be Considered Harmful Today, Dan Kaminsky, 05:34
Re: MD5 To Be Considered Harmful Today, Pavel Machek, 05:34
Re: MD5 To Be Considered Harmful Today, Dan Kaminsky, 05:34
Re: MD5 To Be Considered Harmful Someday, Jack Lloyd, 05:34
Re: MD5 To Be Considered Harmful Someday, David F. Skoll, 05:34
Re: IE6 Vulnerability - Local File Detection, RSnake, 05:34
Re: MD5 To Be Considered Harmful Someday, Steve Friedl, 05:34
Re: MD5 To Be Considered Harmful Someday, Dan Kaminsky, 05:34
Re: MD5 To Be Considered Harmful Someday, Solar Designer, 05:34
Re: MD5 To Be Considered Harmful Someday, Paul Wouters, 05:34
Re: MD5 To Be Considered Harmful Someday, George Georgalis, 05:34
Re: MD5 To Be Considered Harmful Someday, Paul Wouters, 05:34
Re: MD5 To Be Considered Harmful Someday, Dan Kaminsky, 05:34
Re: MD5 To Be Considered Harmful Someday, Dan Kaminsky, 05:34
Re: MD5 To Be Considered Harmful Someday, Ruth A. Kramer, 05:34
Re: MD5 To Be Considered Harmful Someday, Jack Lloyd, 05:34
Re: MD5 To Be Considered Harmful Someday, Dragos Ruiu, 05:34
Re: MD5 To Be Considered Harmful Someday, Keith Oxenrider, 05:34
RE: MD5 To Be Considered Harmful Someday, David Schwartz, 05:34
Re: Bypass personal firewall application protection . Again., Chris Paget, 05:23
Re: MD5 To Be Considered Harmful Someday, Gandalf The White, 05:23
7a69Adv#15 - Internet Explorer FTP command injection, Albert Puigsech Galicia, 05:23
Re: MD5 To Be Considered Harmful Someday, Joel Maslak, 05:23
RE: MD5 To Be Considered Harmful Someday, Rager, Anton (Anton), 05:23
Re: MD5 To Be Considered Harmful Someday, Joel Maslak, 05:23
Re: MD5 To Be Considered Harmful Someday, Tim, 05:23
Re: 7a69Adv#16 - Konqueror FTP command injection, Albert Puigsech Galicia, 05:23
Re: MDKSA-2004:145 - Updated rp-pppoe packages fix vulnerability, David F. Skoll, 05:23
[SECURITY] [DSA 606-1] New nfs-utils packages fix denial of service, Martin Schulze, 05:23
MD5 To Be Considered Harmful Today, Pavel Machek, 05:23
[VulnWatch] Re: [Full-Disclosure] Multiple vulnerabilities in w3who ISAPI DLL, Nicolas Gregoire, 05:13
MDKSA-2004:144 - Updated lvm1 packages fix temporary file vulnerability, Mandrake Linux Security Team, 04:39
MDKSA-2004:145 - Updated rp-pppoe packages fix vulnerability, Mandrake Linux Security Team, 04:29
MDKSA-2004:146 - Updated nfs-utils packages fix remote DoS vulnerability, Mandrake Linux Security Team, 04:29
MDKSA-2004:147 - Updated openssl packages fix temporary file vulnerability, Mandrake Linux Security Team, 04:29
IE6 Vulnerability - Local File Detection, ViPeR, 04:29
Re: MD5 To Be Considered Harmful Someday, Gandalf The White, 04:29
Re: Online Script Decoder, Stefan Paletta, 04:29
MDKSA-2004:143 - Updated ImageMagick packages fix vulnerability, Mandrake Linux Security Team, 04:29
zone transfers, a spammer's dream?, Lode Vermeiren, 04:29
7a69Adv#16 - Konqueror FTP command injection, Albert Puigsech Galicia, 04:29
Online Script Decoder, GreyMagic Security, 04:29
Cleartext SMB passwords in Novell Desktop Linux using KDE, Mike DeMaria, 04:29
Re: Local root exploit on Mac OS X with Adobe Version Cue, Chet Ramey, 04:29
MD5 To Be Considered Harmful Someday, Dan Kaminsky, 04:29
Remote Web Server Text File Viewing Vulnerability in WebLibs 1.0, John Bissell, 04:29
Multiple Vulnerabilities in paFileDB 3.1, Ahmad Muammar, 04:29
Tool Announcement: AIRT -- the Advanced Incident Response Tool (linux), madsys, 04:18
[Full-Disclosure] VA Appliance Deployment White Paper, Martin Mkrtchian, 04:18
RE: Disclosure of file system information in Mozilla Firefox and Opera Browser:, Thor Larholm, 04:17
MDKSA-2004:142 - Updated gzip packages fix temporary file vulnerability, Mandrake Linux Security Team, 04:16
Broadcast client crash in Battlefield 1942 1.6.19 and Vietnam 1.2, Luigi Auriemma, 04:16
Re: [Full-Disclosure] [Advisory] Mozilla Products Remote Crash Vulnerability, Heikki Toivonen, 04:16
MaxDB WebTools <= 7.5.00.18 buffer overflow and Denial of Service, Evgeny Demidov, 04:15
Local root exploit on Mac OS X with Adobe Version Cue, fintler, 04:05
[Full-Disclosure] Bypass personal firewall application protection . Again., offtopic, 04:01
[Full-Disclosure] [ GLSA 200412-05 ] mirrorselect: Insecure temporary file creation, Luke Macken, 03:51
Re: [Full-Disclosure] [Advisory] Mozilla Products Remote Crash Vulnerability, Juergen Schmidt, 03:41
Web Application Security Consortium 'Guest Articles' Call for Papers, robert, 03:30
[Full-Disclosure] [ GLSA 200412-04 ] Perl: Insecure temporary file creation, Luke Macken, 03:30
DoS leading to crash of client in Remote Execute 2.30, headpimp, 03:30
Re: Advanced Guestbook, Spy Hat, 03:30
Hosting Controller, mouse small, 03:20
Re: [Full-Disclosure] [Advisory] Mozilla Products Remote Crash Vulnerability, Heikki Toivonen, 03:20
Winamp - Buffer Overflow In IN_CDDA.dll [ Patch Released ], Brett Moore, 03:19
[Full-Disclosure] DoS protection in N-Tiered Web Apps?, Lachniet, Mark, 03:19
Re: [Full-Disclosure] [Advisory] Mozilla Products Remote Crash Vulnerability, Kevin Finisterre, 03:19
[Full-Disclosure] [ GLSA 200412-03 ] imlib: Buffer overflows in image decoding, Thierry Carrez, 03:09
[Full-Disclosure] Re: [Advisory] Mozilla Products Remote Crash Vulnerability, Berend-Jan Wever, 02:58
[Full-Disclosure] [Advisory] Mozilla Products Remote Crash Vulnerability, Niek van der Maas, 02:58
[Full-Disclosure] Multiple vulnerabilities in w3who ISAPI DLL, Nicolas Gregoire, 02:58
[Full-Disclosure] [ GLSA 200412-02 ] PDFlib: Multiple overflows in the included TIFF library, Luke Macken, 02:05
Opera 7.54 vulnerabilities again (still unfixed), Marc Schoenefeld, 01:14
[Full-Disclosure] [FLSA-2004:2148] Updated httpd, apache and mod_ssl packages fix security issues, Marc Deslauriers, 00:33
[Full-Disclosure] [ GLSA 200412-01 ] rssh, scponly: Unrestricted command execution, Thierry Carrez, 00:00

December 01, 2004

[Full-Disclosure] RE: Official IFRAME patch - make sure it installs correctly, Rivera Alonso, David, 23:49
[Full-Disclosure] Tool Announcement: AIRT -- the Advanced Incident Response Tool (linux), madsys, 23:49
[Full-Disclosure] Re: Remote Mercury32 Imap exploit, class 101, 23:49
[Full-Disclosure] RE: Remote Mercury32 Imap exploit, Randal, Phil, 23:38
Advanced Guestbook, Emile van Elen, 23:38
FreeBSD Security Advisory FreeBSD-SA-04:17.procfs, FreeBSD Security Advisories, 23:28
Re: Disclosure of file system information in Mozilla Firefox and Opera Browser:, Liu Die Yu, 23:18
[CLA-2004:905] Conectiva Security Announcement - squirrelmail, Conectiva Updates, 23:06
RE: [Full-Disclosure] Official IFRAME patch - make sure it installs correctly, Todd Towles, 22:56
rssh and scponly arbitrary command execution, Jason Wies, 22:45
RE: [Full-Disclosure] Official IFRAME patch - make sure it installs correctly, Nick FitzGerald, 22:45
Multiple vulnerabilities in Kreed 1.05, Luigi Auriemma, 22:45
Cisco Security Advisory: Cisco CNS Network Registrar Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team, 22:45
Blog Torrent preview 0.8 - arbitary file download, Steve Kemp, 22:34
Re: [Full-Disclosure] Official IFRAME patch - make sure it installs correctly, daniel uriah clemens, 22:34
Re: [Full-Disclosure] Official IFRAME patch - make sure it installs correctly, Des Ward, 22:34
RE: [Full-Disclosure] Official IFRAME patch - make sure it instal ls correctly, Randal, Phil, 22:34
RE: [Full-Disclosure] Official IFRAME patch - make sure it installs correctly, Todd Towles, 22:34
[Full-Disclosure] [USN-37-1] cyrus21-imapd vulnerability, Martin Pitt, 22:34
Re: [Full-Disclosure] Official IFRAME patch - make sure it installs correctly, BillyBob, 22:33
[Full-Disclosure] Re: Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003., Laurent Saplairoles, 22:23
[KA Advisory 0411291] IPCop Cross Site Scripting Vulnerability in "proxylog.dat", Kurczaba Associates advisories, 22:23
Re: [Full-Disclosure] Official IFRAME patch - make sure it installs correctly, Kevin, 22:13
[CLA-2004:902] Conectiva Security Announcement - abiword, Conectiva Updates, 22:13
[ GLSA 200411-37 ] Open DC Hub: Remote code execution, Luke Macken, 22:02
[USN-33-1] libgd vulnerabilities, Martin Pitt, 22:02
[Full-Disclosure] Official IFRAME patch - make sure it installs correctly, Berend-Jan Wever, 21:52
[Full-Disclosure] Remote Mercury32 Imap exploit, JohnH, 21:52
RE: [Full-Disclosure] Web Application DoS, Lachniet, Mark, 19:24
Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003., Reed Arvin, 18:44
[CLA-2004:904] Conectiva Security Announcement - cyrus-imapd, Conectiva Updates, 18:34
Re: Pi3Web/2.0.0 File-Disclosure/Path Disclosure vuln, Holger Zimmermann, 17:33
Invision Power Board 'Allow auto login' setting override, Hillel Himovich, 16:43
Re: [Full-Disclosure] Web Application DoS, Goetz Von Berlichingen, 16:02
SUSE Security Announcement: various kernel problems (SUSE-SA:2004:042), Marcus Meissner, 15:22
Disclosure of file system information in Mozilla Firefox and Opera Browser:, Giovanni Delvecchio, 14:41
Re: Winamp - Buffer Overflow In IN_CDDA.dll, Black Dot, 14:11
[Full-Disclosure] [USN-36-1] NFS statd vulnerability, Martin Pitt, 13:21
[Full-Disclosure] [USN-35-1] imagemagick vulnerabilities, Martin Pitt, 02:46
RE: [Full-Disclosure] Web Application DoS, David Taylor, 02:46
[Fwd: RE: [Full-Disclosure] Remote Mercury32 Imap exploit], John, 02:46
RE: [Full-Disclosure] Remote Mercury32 Imap exploit, John, 02:46
[Full-Disclosure] Web Application DoS, kcope, 02:46
Endless loops in the http-server and pna-proxy modules of Jana server 2.4.4, Luigi Auriemma, 02:45
CuteFTP 6.0 Professional Remote Buffer Overflow Vulnerability, Hongzhen Zhou, 02:45
Re: Privilege escalation flaw in MDaemon 7.2., kf_lists, 02:45
MDKSA-2004:137-1 - Updated libxpm4 packages correct issues with previous update, Mandrake Linux Security Team, 02:45
[Full-Disclosure] Remote Mercury32 Imap exploit, JohnH, 02:45
[Full-Disclosure] [USN-34-1] OpenSSH information leakage, Martin Pitt, 02:45
[SHK-001]Payflow Link Default Config may lead to Hidden Field Modification, M. Shirk, 02:45
Linux Netwosix NEPOTE Updated!, Vincenzo Ciaglia, 02:45
TSL-2004-0063 - multi, Trustix Security Advisor, 02:45
Password Disclosure for SMB Shares in KDE's Konqueror, Daniel Fabian, 02:44
Privilege escalation flaw in MDaemon 7.2., Reed Arvin, 02:44