Vulnerability Development (thread)

[Full-disclosure] Microsoft WINS Vulnerability + OS/SP Scanner, class, 2005/04/30
[Full-disclosure] Defcon Capture the Flag registration is open, Kenshoto, 2005/04/30
[Full-disclosure] [ GLSA 200504-30 ] phpMyAdmin: Insecure SQL script installation, Sune Kloppenborg Jeppesen, 2005/04/30
[Full-disclosure] [Articles] brute forcing - discovering weak logins and more, Sumy, 2005/04/30
[Full-disclosure] [ GLSA 200504-29 ] Pound: Buffer overflow vulnerability, Thierry Carrez, 2005/04/30
Apache hacks (./atac, d0s.txt), Andrew Y Ng, 2005/04/29
Snmppd SNMP proxy daemon format string exploit, cybertronic, 2005/04/29
Mac OS X Cocktail 3.5.4 admin password disclosure, sonderling, 2005/04/29
DEF CON - New CTF Organizers chosen!, The Dark Tangent, 2005/04/29
[CAN-2005-1062] Administration protocol abuse allows local/remote password cracking, Secure Computer Group, 2005/04/29
[CAN-2005-1063] Administration protocol abuse leads to Service and System Denial of Service, Secure Computer Group, 2005/04/29
MDKSA-2005:078 - Updated squid packages fix vulnerability, Mandriva Security Team, 2005/04/29
MDKSA-2005:079 - Updated perl packages to fix rmtree vulnerability, Mandriva Security Team, 2005/04/29
Multiples Full Path Disclosure in php-nuke 7.6 (and below), Luis Fernando, 2005/04/29
MDKSA-2005:080 - Updated libxpm4 packages fix libXpm vulnerabilities, Mandriva Security Team, 2005/04/29
Golden FTP Server Pro remote stack BOF exploit (IHSTeam), c0d3r, 2005/04/29
NY sues Spyware Intermix, funded by Tiaa-Cref, Paul Laudanski, 2005/04/28
Safari HTTPS Overflow, Gilbert Verdian, 2005/04/28
- Re: Safari HTTPS Overflow, David Riley, 2005/04/29
- Re: Safari HTTPS Overflow, Braden Thomas, 2005/04/29
Multiple Sql injections in phpCoin v1.2.2 and below, dcrab, 2005/04/28
DHS Security Contact, Jason Coombs, 2005/04/28
Cross Site Scripting in BEA Admin Console, Alexander Kornbrust, 2005/04/28
[HSC Security Group] Ocean12 Mailing List Manager Pro SQL injection, Zinho, 2005/04/28
File appending vulnerability in Oracle Webcache 9i, Alexander Kornbrust, 2005/04/28
[Security Bulletin] SSRT5958 rev.0 - HP OpenView Radia Mgmt. Portal (RMP) Radia Mgmt. Agent Remote unauthorized Privileged Access and (DoS), Boren, Rich (SSRT), 2005/04/28
Webcache Client Requests Bypass OHS mod_access Restrictions, Alexander Kornbrust, 2005/04/28
Cross Site Scripting in Oracle Webcache 9i Adminstrator Application, Alexander Kornbrust, 2005/04/28
insecure user account lam-runtime-7.0.6-2mdk rpm, Scott Grayban, 2005/04/28
Borland Security Contact, Dave Armstrong, 2005/04/28
- Re: Borland Security Contact, KF (lists), 2005/04/28
  - Re: [bugtraq] Re: Borland Security Contact, Markus Stenzel, 2005/04/29
Netflix Site may assist Phishing, Sara Togian, 2005/04/28
- RE: Netflix Site may assist Phishing, pak_ml, 2005/04/28
phpBB Notes Mod SQL Injection Vulnerability, GulfTech Security Research, 2005/04/28
Security contact at sourceforge?, Joxean Koret, 2005/04/28
- Re: Security contact at sourceforge?, Scott Grayban, 2005/04/28
[VulnWatch] High risk flaw in HP OpenView Radia Management Agent, NGSSoftware Insight Security Research, 2005/04/28
[Full-disclosure] [ GLSA 200504-28 ] Heimdal: Buffer overflow vulnerabilities, Sune Kloppenborg Jeppesen, 2005/04/28
[Full-disclosure] OT: Two Factor Authentication on Linux / Mac / Windows, Mohit Muthanna, 2005/04/28
ZRCSA-200501 - Multiple vulnerabilities in Claroline, Sieg Fried, 2005/04/27
[CLA-2005:948] Conectiva Security Announcement - squid, Conectiva Updates, 2005/04/27
[Full-disclosure] Privilege escalation in BakBone NetVault 7.1, Reed Arvin, 2005/04/27
[Full-disclosure] Privilege escalation and password protection bypass in Altiris Client Service for Windows (Version 6.0.88), Reed Arvin, 2005/04/27
[Full-disclosure] Privilege escalation in BulletProof FTP Server v2.4.0.31, Reed Arvin, 2005/04/27
[Full-disclosure] Buffer overflow in KMiNT21 Software Golden FTP Server Pro v2.52 (10.04.2005), Reed Arvin, 2005/04/27
SQL-injections in koobi-cms, CENSORED, 2005/04/27
[CLA-2005:950] Conectiva Security Announcement - evolution, Conectiva Updates, 2005/04/27
[CLA-2005:949] Conectiva Security Announcement - gaim, Conectiva Updates, 2005/04/27
[Full-disclosure] iDEFENSE Labs Releases dltrace, iDEFENSE Labs, 2005/04/27
myPHP Forum v3 (possible v1 & 2 also) Identification 'spoof', Terencentanio Enache, 2005/04/27
[HSC Security Group] Comersus v6 Script injection, Zinho, 2005/04/27
Black Hat USA 2005 Reminder CFP closing soon!, Jeff Moss, 2005/04/27
SUSE Security Announcement: Mozilla Firefox, Mozilla various security problems (SUSE-SA:2005:028), Marcus Meissner, 2005/04/27
New Whitepaper: Stopping Automated Attack Tools, Gunter Ollmann (NGS), 2005/04/26
[Hackers Center Security Group] Sqwebmail Http Splitting Vulnerability, Zinho, 2005/04/26
Discovering and Stopping Phishing/Scam Attacks, steven, 2005/04/26
- Re: Discovering and Stopping Phishing/Scam Attacks, Randy, 2005/04/26
  - Re: Discovering and Stopping Phishing/Scam Attacks, Lode Vermeiren, 2005/04/26
    - RE: Discovering and Stopping Phishing/Scam Attacks, matt.neeley, 2005/04/26
- Re: Discovering and Stopping Phishing/Scam Attacks, byte_jump, 2005/04/26
- Re: Discovering and Stopping Phishing/Scam Attacks, Crispin Cowan, 2005/04/27
- RE: Discovering and Stopping Phishing/Scam Attacks, Scovetta, Michael V, 2005/04/27
- Re: Re: Discovering and Stopping Phishing/Scam Attacks, J. Oquendo, 2005/04/28
[Full-disclosure] [ GLSA 200504-27 ] xine-lib: Two heap overflow vulnerabilities, Thierry Carrez, 2005/04/26
SQL-injections in Invision Power Board v2.0.1, CENSORED, 2005/04/26
- Re: SQL-injections in Invision Power Board v2.0.1, Steven M. Christey, 2005/04/27
IE - cross site click detection?, ViPeR, 2005/04/26
- RE: IE - cross site click detection?, ViPeR, 2005/04/27
[PLSN-0005] new cvs package available, Peachtree Linux Security Team, 2005/04/26
[PLSN-0006] new libexif package available, Peachtree Linux Security Team, 2005/04/26
[PLSN-0007] new libcdaudio package available, Peachtree Linux Security Team, 2005/04/26
[Full-disclosure] [ GLSA 200504-26 ] Convert-UUlib: Buffer overflow, Sune Kloppenborg Jeppesen, 2005/04/26
tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits., Vade 79, 2005/04/26
- Re: tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits., Romain Francoise, 2005/04/28
tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop DOS., Vade 79, 2005/04/26
- Re: tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop DOS., Romain Francoise, 2005/04/28
GrayCMS php code injection, Kold, 2005/04/26
[exploits] phpMyVisites 1.3 local file retrieval, Max Cerny, 2005/04/26
[Full-disclosure] [ GLSA 200504-25 ] Rootkit Hunter: Insecure temporary file creation, Sune Kloppenborg Jeppesen, 2005/04/26
E-Cart E-Commerce Software EXPLOIT, Emanuele \"z\\\" Gentili, 2005/04/26
Multiple SQL Injections in MetaBid Auctions, dcrab, 2005/04/26
MetaCart2 for PayFlow Multiple Sql Injection Vulnerabilities, dcrab, 2005/04/26
Multiple SQL Injections in MetaCart2 for SQL Server Special Edition U.K, dcrab, 2005/04/26
Multiple SQL Injections in MetaCart2 for PayPal, dcrab, 2005/04/26
Multiple SQL Injections in MetaCart e-Shop V-8, dcrab, 2005/04/26
[Full-disclosure] ADV: NetTerm's NetFtpd 4.2.2 Buffer Overflow + PoC Exploit, shadown, 2005/04/26
[Full-disclosure] iDEFENSE Security Advisory 04.26.05: Citrix Program Neighborhood Agent Buffer Overflow, iDEFENSE Labs, 2005/04/26
[Full-disclosure] iDEFENSE Security Advisory 04.26.05: Citrix Program Neighborhood Agent Arbitrary Shortcut Creation Vulnerability, iDEFENSE Labs, 2005/04/26
[Full-disclosure] iDEFENSE Security Advisory 04.26.05: MySQL MaxDB Webtool Remote 'If' Stack Overflow Vulnerability, iDEFENSE Labs, 2005/04/26
[Full-disclosure] iDEFENSE Security Advisory 04.25.05: MySQL MaxDB Webtool Remote Lock-Token Stack Overflow Vulnerability, iDEFENSE Labs, 2005/04/25
[Full-disclosure] iDEFENSE Security Advisory 04.25.05: MySQL MaxDB Webtool Remote Stack Overflow Vulnerability, iDEFENSE Labs, 2005/04/25
dBpowerAMP Auxiliary - Abnormal execution, SecuBox fRoGGz, 2005/04/25
[security bulletin] SSRT5954 rev.0 HP-UX TCP/IP Remote Denial of Service (DoS), Boren, Rich (SSRT), 2005/04/25
remote command execution in ad.cgi script, fireboy fireboy, 2005/04/25
WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability (24.04.05), admin, 2005/04/25
remote command execution in forum.pl script, fireboy fireboy, 2005/04/25
index.cgi script XSS + file show, fireboy fireboy, 2005/04/25
- Re: index.cgi script XSS + file show, D.C. van Moolenbroek, 2005/04/25
remote command execution in text.cgi script, fireboy fireboy, 2005/04/25
MailEnable HTTPS Buffer Overflow [x0n3-h4ck], CorryL, 2005/04/25
[Overflow.pl] ImageMagick ReadPNMImage() Heap Overflow, Damian Put, 2005/04/25
E-Cart v1.1 Remote Command Execution Vulnerability, Emanuele \"z\\\" Gentili, 2005/04/25
Yager <= 5.24 Remote Buffer Overflow Exploit, cybertronic, 2005/04/25
Possible XSS in User-Agent, Nicolas Montoza, 2005/04/25
- RE: Possible XSS in User-Agent, Scovetta, Michael V, 2005/04/25
remote command execution in includer.cgi script, fireboy fireboy, 2005/04/25
remote command execution in citat.pl script, fireboy fireboy, 2005/04/25
hyper.cgi script file show bug, fireboy fireboy, 2005/04/25
MS05-019 Windows IP options DoS exploit, GomoR, 2005/04/25
remote command execution in include.cgi script, fireboy fireboy, 2005/04/25
Multiple SQL Injections in StorePortal 2.63, dcrab, 2005/04/25
DMA[2005-0423a] - 'Nokia Affix Bluetooth Integer Underflow', KF (lists), 2005/04/25
Sql Injection in Confixx 3.06 & 3.08 & 3.?? ?, Erich Klaus, 2005/04/25
remote command execution in inserter.cgi script, fireboy fireboy, 2005/04/25
[CIRT.DK - Advisory] Novell Nsure Audit 1.0.1 Denial of Service, CIRT.DK Advisory, 2005/04/25
[Full-disclosure] [ GLSA 200504-24 ] eGroupWare: XSS and SQL injection vulnerabilities, Matthias Geerdsen, 2005/04/25
[SNS Advisory No.80] nProtect:Netizen Arbitrary File Download Vulnerability, snsadv, 2005/04/25
TSLSA-2005-0015 - postgresql, Trustix Security Advisor, 2005/04/25
E-Cart v1.1 Remote Command Execution, Nicolas Montoza, 2005/04/23
Local file detection found through Adobe Reader ActiveX control, Hyperdose Security, 2005/04/23
Multiple Sql injection and XSS in CartWIZ ASP Cart, dcrab, 2005/04/23
artmedic_links5 remote file access exploit, Adam n30n Simuntis, 2005/04/23
-==phpBB 2.0.14 Multiple Vulnerabilities==-, HaCkZaTaN, 2005/04/23
- [Full-disclosure] Re: -==phpBB 2.0.14 Multiple Vulnerabilities==-, Paul Laudanski, 2005/04/23
- [Full-disclosure] [VulnDiscuss] Re: -==phpBB 2.0.14 Multiple Vulnerabilities==-[Scanned], Paul Laudanski, 2005/04/23
  - Re: [Full-disclosure] [VulnDiscuss] Re: -==phpBB 2.0.14 Multiple Vulnerabilities==-[Scanned], Dave Aitel, 2005/04/24
    - Re: [Full-disclosure] [VulnDiscuss] Re: -==phpBB 2.0.14 Multiple Vulnerabilities==-[Scanned], Steve Friedl, 2005/04/24
    - Re: [Full-disclosure] [VulnDiscuss] Re: -==phpBB 2.0.14 Multiple Vulnerabilities==-[Scanned], bkfsec, 2005/04/25
    - [Full-disclosure] Re: -==phpBB 2.0.14 Multiple Vulnerabilities==-, Paul Laudanski, 2005/04/26
New auto download / install / exploit URL?, Gandalf The White, 2005/04/23
- RE: New auto download / install / exploit URL?, Geoff Vass, 2005/04/25
- Re: New auto download / install / exploit URL?, joke0, 2005/04/26
  - Re: New auto download / install / exploit URL?, Hermann Arens, 2005/04/28
    - Re: New auto download / install / exploit URL?, Nicob, 2005/04/28
ACSblog bug, farhad koosha, 2005/04/23
Multiple Sql injection vulnerabilities in BK Forum v.4, dcrab, 2005/04/23
[SePro Bugtraq] WBB - WoltLab Burning Board <= 2.3.1 - XSS Vulnerability (22.04.05), deluxe, 2005/04/22
FreeBSD Security Advisory FreeBSD-SA-05:05.cvs, FreeBSD Security Advisories, 2005/04/22
BitDefender 8 - Race condition vulnerability, SecuBox fRoGGz, 2005/04/22
- Re: BitDefender 8 - Race condition vulnerability, Ovidiu Constantin, 2005/04/25
[PLSN-0001] - Multiple vulnerabilities in Gaim, Peachtree Linux Security Team, 2005/04/22
RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Mark Senior, 2005/04/22
[Full-disclosure] [ GLSA 200504-23 ] Kommander: Insecure remote script execution, Sune Kloppenborg Jeppesen, 2005/04/22
[Full-disclosure] [ GLSA 200504-22 ] KDE kimgio: PCX handling buffer overflow, Sune Kloppenborg Jeppesen, 2005/04/22
Multiple vulnerabilities in Argosoft Mail Server 1.8.7.6, ShineShadow, 2005/04/22
[KDE Security Advisory]: Kommander untrusted code execution, Dirk Mueller, 2005/04/22
[KDE Security Advisory]: kimgio input validation errors, Dirk Mueller, 2005/04/22
Multiple Sql injection and XSS in Asp Nuke 0.80 (Working exploits included), dcrab, 2005/04/22
[PLSN-0003] - Remote exploits in mplayer, Peachtree Linux Security Team, 2005/04/22
- [PLSN-0003] - Remote exploits in MPlayer, Peachtree Linux Security Team, 2005/04/22
[Full-disclosure] [ GLSA 200504-21 ] RealPlayer, Helix Player: Buffer overflow vulnerability, Thierry Carrez, 2005/04/22
[Full-disclosure] UPDATE: [ GLSA 200410-10 ] gettext: Insecure temporary file handling, Sune Kloppenborg Jeppesen, 2005/04/22
[Full-disclosure] UPDATE: [ GLSA 200504-16 ] CVS: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 2005/04/22
[PLSN-0002] - Multiple vulnerabilities in Gaim, Peachtree Linux Security Team, 2005/04/21
- [PLSN-0002] - Multiple vulnerabilities in Gaim, Peachtree Linux Security Team, 2005/04/22
Canonicalization and directory traversal in iSeries FTP security products, Shalom Carmel, 2005/04/21
MDKSA-2005:077 - Updated cdrecord packages fix vulnerability, Mandriva Security Team, 2005/04/21
TSLSA-2005-0013 - cvs, Trustix Security Advisor, 2005/04/21
APG Classmaster Workstation Windows SMB share access vulnerability, Alex Garrett, 2005/04/21
[PLSN-0001] - Multiple PHP vulnerabilities, Peachtree Linux Security Team, 2005/04/21
xine security announcement: multiple heap overflows in MMS and Real RTSP streaming clients, Michael Roitzsch, 2005/04/21
MDKSA-2005:075 - Updated libcdaudio1 packages fix vulnerability, Mandriva Security Team, 2005/04/21
Vulnerability kali's tagboard, piker piker, 2005/04/21
- Re: Vulnerability kali's tagboard, Jason Dodson, 2005/04/21
- Re: Vulnerability kali's tagboard, security curmudgeon, 2005/04/28
  - Re: Vulnerability kali's tagboard, Jesus, 2005/04/28
MDKSA-2005:073 - Updated cvs packages fix vulnerability, Mandriva Security Team, 2005/04/21
MDKSA-2005:074 - Updated gnome-vfs2 packages fix vulnerability, Mandriva Security Team, 2005/04/21
MDKSA-2005:076 - Updated xli packages fix multiple vulnerabilities, Mandriva Security Team, 2005/04/21
[PLSN-0004] - Buffer overflow in PostgreSQL, Peachtree Linux Security Team, 2005/04/21
[Full-disclosure] directory traversal in Yawcam 0.2.5, Donato Ferrante, 2005/04/21
[Full-disclosure] [ GLSA 200504-20 ] openMosixview: Insecure temporary file creation, Thierry Carrez, 2005/04/21
cpio directory traversal vulnerability, Imran Ghory, 2005/04/20
PMsoftware mini http server remote stack overflow exploit (IHSTeam), c0d3r, 2005/04/20
gzip directory traversal vulnerability, Imran Ghory, 2005/04/20
Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Stephen Frost, 2005/04/20
- Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, David F. Skoll, 2005/04/20
  - Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Stephen Frost, 2005/04/20
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Tom Lane, 2005/04/20
  - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Jim C. Nasby, 2005/04/20
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Tom Lane, 2005/04/20
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Bruce Momjian, 2005/04/20
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Tom Lane, 2005/04/20
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, David F. Skoll, 2005/04/21
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Jim C. Nasby, 2005/04/20
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Stephen Frost, 2005/04/21
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Bruno Wolff III, 2005/04/22
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Stephen Frost, 2005/04/22
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Antoine Martin, 2005/04/22
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted, Stephen Frost, 2005/04/23
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted, Antoine Martin, 2005/04/23
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Joshua D. Drake, 2005/04/21
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Stephen Frost, 2005/04/21
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Lance James, 2005/04/21
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Tino Wildenhain, 2005/04/21
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted, Rod Taylor, 2005/04/21
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted, Tino Wildenhain, 2005/04/21
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted, Michael Samuel, 2005/04/22
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Jim Knoble, 2005/04/21
    - RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Mike Fratto, 2005/04/21
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Stephen Frost, 2005/04/21
    - RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Mike Fratto, 2005/04/22
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Stephen Frost, 2005/04/22
    - RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Mike Fratto, 2005/04/22
    - Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Jim Knoble, 2005/04/22
- Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords, Josh Berkus, 2005/04/21
Secure Science Corporation Application Software Advisory 055, SSC Advisory Notice, 2005/04/20
[OpenPKG-SA-2005.006] OpenPKG Security Advisory (mysql), OpenPKG, 2005/04/20
Linux vsyscalls may be used as attack vectors, Clad Strife, 2005/04/20
- Linux vsyscalls may be used as attack vectors, Clad Strife, 2005/04/20
Shoutbox SCRIPT <= 3.0.2 Administrative MD5 Username and Password Retrieval [x0n3-h4ck], CorryL, 2005/04/20
Ecommerce-Carts SQL injection vulnerability ( IHSTeam ), c0d3r, 2005/04/20
[waraxe-2005-SA#042] - Multiple vulnerabilities in Coppermine Photo Gallery 1.3.2, Janek Vind, 2005/04/20
Annuaire Netref v4.2 [ fwrite php ] vulnerability, jaguar, 2005/04/20
Multiple Security Issues Found In AZBB, GulfTech Security Research, 2005/04/20
RE: iDEFENSE Security Advisory 04.18.05: McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability, Boyce, Nick, 2005/04/20
Multiple eGroupware Vulnerabilities, GulfTech Security Research, 2005/04/20
ICMP attacks against TCP (Proof-of-Concept code) (MS05-019, CISCO:20050412), houseofdabus HOD, 2005/04/20
Neslo Desktop Rover Remote DoS Vulnerability, Adam Baldwin, 2005/04/20
[HSC Security Group] Ocean12 Calendar manager 1.01 SQL injection, Zinho, 2005/04/20
SUSE Security Announcement: RealPlayer buffer overflow in RAM file handling (SUSE-SA:2005:026), Marcus Meissner, 2005/04/20
SUSE Security Announcement: PostgreSQL buffer overflow problems (SUSE-SA-2005:027), Marcus Meissner, 2005/04/20
DUportal Pro 3.4 has MANY Sql injection and Sql Errors., dcrab, 2005/04/20
[CLA-2005:947] Conectiva Security Announcement - MySQL, Conectiva Updates, 2005/04/20
[Full-disclosure] RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Overflow, Piotr Bania, 2005/04/20
- Re: RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Overflow, Göran Sandahl, 2005/04/22
[Full-disclosure] [ GLSA 200504-19 ] MPlayer: Two heap overflow vulnerabilities, Matthias Geerdsen, 2005/04/20
Capital One's website inadvertently assists phishing, Joseph Barillari, 2005/04/19
- Message not available
  - Re: Capital One's website inadvertently assists phishing, Joseph Barillari, 2005/04/20
- Re: Capital One's website inadvertently assists phishing, Allen Parker, 2005/04/20
- RE: Capital One's website inadvertently assists phishing, Rager, Anton (Anton), 2005/04/28
Announcing PAKCON II (2005)!, Ayaz Ahmed Khan, 2005/04/19
PAKCON II: Call for Papers (CfP - 2005), Ayaz Ahmed Khan, 2005/04/19
CAU - New Tool: hcraft - HTTP Vuln Request Crafter, I)ruid, 2005/04/19
File Selection May Lead to Command Execution (GM#015-IE), GreyMagic Security, 2005/04/19
UBB Thread printthread.php SQL Injection, Hillel Himovich, 2005/04/19
RE: ERNW Security Advisory 01/2005 [ EXPLOIT ], cybertronic, 2005/04/19
Directoy Traversal Attack in apexec.pl (.%00./-Bug), msdarkflyer, 2005/04/19
Portcullis Security Advisory 05-012 Ebay Session Riding Vulnerability, Paul J Docherty, 2005/04/19
- RE: Portcullis Security Advisory 05-012 Ebay Session Riding Vulnerability, GulfTech Security Research, 2005/04/19
MDKSA-2005:072 - Updated php packages fix multiple vulnerabilities, Mandriva Security Team, 2005/04/19
[Full-disclosure] MS05-021 Microsoft Exchange X-LINK2STATE Heap Overflow PoC, Evgeny Pinchuk, 2005/04/19
[Full-disclosure] [ GLSA 200504-18 ] Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities, Thierry Carrez, 2005/04/19
[Full-disclosure] [ GLSA 200504-17 ] XV: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 2005/04/19
[Full-disclosure] - Argeniss - Oracle exploits and workarounds, Cesar, 2005/04/18
The first open source spyware, gilbert nzeka, 2005/04/18
[Full-disclosure] iDEFENSE Security Advisory 04.18.05: McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability, iDEFENSE Labs, 2005/04/18
[Full-disclosure] [ GLSA 200504-16 ] CVS: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 2005/04/18
[Full-disclosure] [AppSecInc Team SHATTER Security Advisory] SQL Injection in CREATE_SCN_CHANGE_SET procedure, Team SHATTER, 2005/04/18
[Full-disclosure] [AppSecInc Team SHATTER Security Advisory] SQL Injection in ALTER_MANUALLOG_CHANGE_SOURCE procedure, Team SHATTER, 2005/04/18
[Full-disclosure] [AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_METADATA package, Team SHATTER, 2005/04/18
[Full-disclosure] [AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages, Team SHATTER, 2005/04/18
[Full-disclosure] [AppSecInc Team SHATTER Security Advisory] Denial of Service in Oracle interMedia, Team SHATTER, 2005/04/18
[Full-disclosure] RE: Firelinking [Firefox 1.0.2], Scovetta, Michael V, 2005/04/18
[Full-disclosure] ERNW Security Advisory 01/2005, Mailinglists, 2005/04/18
phpBB - Knowledge Base MOD - SQL-Injection and Full Path Disclosure, deluxe, 2005/04/18
Vulnerability in Coppermine Photo Gallery 1.3.*, GHC team, 2005/04/18
- Re: Vulnerability in Coppermine Photo Gallery 1.3.*, nibbler999, 2005/04/20
SUSE Security Announcement: cvs (SUSE-SA:2005:024), Sebastian Krahmer, 2005/04/18
[Full-disclosure] [ GLSA 200504-15 ] PHP: Multiple vulnerabilities, Thierry Carrez, 2005/04/18
[Full-disclosure] Firelinking [Firefox 1.0.2], mikx, 2005/04/18
[Full-disclosure] Firesearching 1 + 2 [Firefox 1.0.2], mikx, 2005/04/18
[Full-disclosure] [ECL] Windows IP Options DoS POC [ECL], Yuri Gushin, 2005/04/17
Require many large corporate emails for contact regarding vulnerability., dcrab, 2005/04/16
phpBB datenbank mod has XSS/SQL Injection in the id variable, tom cruise, 2005/04/16
[DR001] AppleWebKit XMLHttpRequest arbitrary file disclosure vulnerability, David Remahl, 2005/04/16
Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below, dcrab, 2005/04/15
- Re: Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below, Amit Klein (AKsecurity), 2005/04/18
- Re: Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below, JeiAr, 2005/04/15
  - [Full-disclosure] Re: Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below, Paul Laudanski, 2005/04/15
  - [Full-disclosure] [VulnDiscuss] Re: Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below[Scanned], Paul Laudanski, 2005/04/16
[Overflow.pl] Libsafe - Safety Check Bypass Vulnerability, Overflow.pl, 2005/04/15
Mafia Blog, Francisco Alisson, 2005/04/15
[ECHO_ADV_12$2005] Vulnerabilities in sphpblog, echo staff, 2005/04/15
Vulnerabilities in sphpblog, echo staff, 2005/04/15
Enumeration of AS/400 users and their status via POP3, Shalom Carmel, 2005/04/15
Arbitrary file overwrite possible by Musicmatch ActiveX control, Hyperdose Security, 2005/04/15
myBloggie 2.1.1, Francisco Alisson, 2005/04/15
Dameware NT Utilities and MiniRemote Control <= 4.9 vulnerability, Jordi Corrales, 2005/04/15
[Overflow.pl] GOCR - Multiple vulnerabilities, Overflow.pl, 2005/04/15
windux-linux-gui-rainbow-lanman-cracker released, Philippe Oechslin, 2005/04/15
Improper log file storage in Musicmatch software, Hyperdose Security, 2005/04/15
FreeBSD Security Advisory FreeBSD-SA-05:04.ifconf, FreeBSD Security Advisories, 2005/04/15
[Full-disclosure] [ GLSA 200504-14 ] monkeyd: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 2005/04/15
[Full-disclosure] [ GLSA 200504-13 ] OpenOffice.Org: DOC document Heap Overflow, Sune Kloppenborg Jeppesen, 2005/04/15
Trusted Site Cross Site Scripting Elevation of Privilege in Musicmatch, Hyperdose Security, 2005/04/14
Trojan file issue in Musicmatch software, Hyperdose Security, 2005/04/14
Multiple multiple sql injection/errors and xss vulnerabilities in OneWorldStore, dcrab, 2005/04/14
BCS Asia 2005 Slides and pictures, Anthony Zboralski, 2005/04/14
Computer Associates BrightStor ARCserve Backup and BrightStor Enterprise Backup UniversalAgent buffer overflow vulnerability, Williams, James K, 2005/04/14
Security Contact for NetApp ?, Fabrice Marie, 2005/04/14
- Re: Security Contact for NetApp ?, Antonio Varni, 2005/04/14
sumus[v0.2.2]: (httpd) remote buffer overflow exploit., Vade 79, 2005/04/14
All4WWW-Homepagecreator Remote Command Execution, Francisco Alisson, 2005/04/14
MDKSA-2005:071 - Updated gaim packages fix multiple vulnerabilities, Mandriva Security Team, 2005/04/14
[Full-disclosure] Multiple vulnerabilities in Yager 5.24, Luigi Auriemma, 2005/04/14
[Full-disclosure] Internet Explorer wininet.dll URL parsing memory corruption technical details, 3APA3A, 2005/04/14
[Full-disclosure] [USN-112-1] PHP4 vulnerabilities, Martin Pitt, 2005/04/14
[Full-disclosure] [USN-111-1] Squid vulnerability, Martin Pitt, 2005/04/14
serendipity SQL Injection vulnerability, kreon, 2005/04/13
- Re: serendipity SQL Injection vulnerability, sebastian, 2005/04/14
Multiple Sql injection and XSS vulnerabilities in phpBB Plus v.1.52 and below and some of its modules., dcrab, 2005/04/13
LG U8120 Mobile Phone Denial of Service, Luca Ercoli, 2005/04/13
HTTP RESPONSE SPLITTING by Diabolic Crab, dcrab, 2005/04/13
- Re: HTTP RESPONSE SPLITTING by Diabolic Crab, Amit Klein (AKsecurity), 2005/04/18
ms05016 POC, zwell zwell, 2005/04/13
MDKSA-2005:070 - Updated MySQL packages fix vulnerability, Mandrakelinux Security Team, 2005/04/13
NetManage RUMBA 7.4 Profile Handling Multiple Buffer Overflow Vulnerabilities, Bahaa Naamneh, 2005/04/13
cpio TOCTOU file-permissions vulnerability, Imran Ghory, 2005/04/13
- Re: cpio TOCTOU file-permissions vulnerability, Steve G, 2005/04/19
Gld 1.5 released (security fix), Salim Gasmi, 2005/04/13
[Full-disclosure] IBM WebSphere Widespread configuration JSP disclosure, SPI Labs, 2005/04/13
[Full-disclosure] [ GLSA 200504-12 ] rsnapshot: Local privilege escalation, Thierry Carrez, 2005/04/13
[VulnWatch] Windows kernel overflow fixed, NGSSoftware Insight Security Research, 2005/04/13
[Full-disclosure] [ GLSA 200504-11 ] JunkBuster: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 2005/04/13
zOOM Media Gallery - Simple SQL Injection discovery, Andreas Constantinides, 2005/04/13
'Widcomm BTW (Microsoft Windows BT stack) Directory Transversal', KF (lists), 2005/04/13
[Full-disclosure] [ GLSA 200504-10 ] Gld: Remote execution of arbitrary code, Sune Kloppenborg Jeppesen, 2005/04/13
[VulnWatch] Multiple medium risk flaws fixed in new version of PHP (late advisory), NGSSoftware Insight Security Research, 2005/04/13
[VulnWatch] Patch available for critical Veritas i3 Server vulnerability, NGSSoftware Insight Security Research, 2005/04/13
[VulnWatch] Multiple High Risk flaws fixed in Oracle, NGSSoftware Insight Security Research, 2005/04/13
WordPress XSS and HTML injection, Nicolas Montoza, 2005/04/13
Window Washer 6.0: False Sense of Security, WBG Links, 2005/04/13
DoKuWiki file-upload vulnerabilities, kreon, 2005/04/13
JavaMail allows directory traversal in attachments, Rafael San Miguel Carrasco, 2005/04/12
QuickTime for Windows malformed GIF DoS, liquid, 2005/04/12
Re: Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3, Dionysios G. Synodinos, 2005/04/12
Centra 7 XSS Exploit, Clorox, 2005/04/12
[Full-disclosure] Placing Backdoors Through Firewalls, Sumy, 2005/04/12
eGroupWare Leaks Files, Gerald Quakenbush, 2005/04/12
IRM 011: Sygate,Security Agent (Sygate Secure Enterprise) Fail Open DoS, IRM Advisories, 2005/04/12
[Full-disclosure] Details and PoC for MS05-020 MSIE DHTML Object handling vulnerabilities, Berend-Jan Wever, 2005/04/12
iDEFENSE Security Advisory 04.12.05: Microsoft Internet Explorer DHTML Engine Race Condition Vulnerability, iDEFENSE Labs, 2005/04/12
[Full-disclosure] [ GLSA 200504-09 ] Axel: Vulnerability in HTTP redirection handling, vorlon, 2005/04/12
iDEFENSE Security Advisory 04.12.05: Microsoft Windows Internet Explorer Long Hostname Heap Corruption Vulnerability, iDEFENSE Labs, 2005/04/12
iDEFENSE Security Advisory 04.12.05: Microsoft MSHTA Script Execution Vulnerability, iDEFENSE Labs, 2005/04/12
iDEFENSE Security Advisory 04.12.05: Microsoft Windows CSRSS.EXE Stack Overflow Vulnerability, iDEFENSE Labs, 2005/04/12
[VulnWatch] GLD (Greylisting daemon for Postfix) multiple vulnerabilities., dong-hun you, 2005/04/12
WebCT 4.1 vulnerable to XSS attacks, lacertosum, 2005/04/12
7a69Adv#23 - Jar tool directory transversal vulnerability, Pluf, 2005/04/12
Microsoft Jet (msjet40.dll) Exploit, Stuart Pearson, 2005/04/11
rsnapshot Security Advisory 001, security, 2005/04/11
rpdump TOCTOU file-permissions vulnerability, Imran Ghory, 2005/04/11
XV multiple buffer overflows (update), Greg Roelofs, 2005/04/11
AzDGDatingPlatinum multiple vulnerabilities, kre0n, 2005/04/11
Directory transversal, sql injection and xss vulnerabilities in RadBids Gold v2, dcrab, 2005/04/11
Sql injection in jPortal version 2.3.1 (module banner), Marcin \"CiNU5\" Krupowicz, 2005/04/11
- Sql injection in jPortal version 2.3.1 (module banner), Marcin \"CiNU5\" Krupowicz, 2005/04/12
[WHITEPAPER] Bugger The Debugger, Brett Moore, 2005/04/11
Microsoft Windows image rendering DoS vuln, Andrew, 2005/04/11
- Re: Microsoft Windows image rendering DoS vuln, patrick, 2005/04/20
  - Message not available
    - Message not available
    - Message not available
    - Re: Microsoft Windows image rendering DoS vuln, patrick, 2005/04/21
    - Re: Microsoft Windows image rendering DoS vuln, Randy, 2005/04/22
    - Re: Microsoft Windows image rendering DoS vuln, Jesse Morgan, 2005/04/22
- Microsoft Windows image rendering DoS vuln, Luis Alberto Cortes Zavala, 2005/04/22
OpenOffice DOC document Heap Overflow, lee xiaojun, 2005/04/11
Invision board 1.3.1 and below are vulnerable to a sql injection vulnerability [PATCH INCLUDED], dcrab, 2005/04/11
Zone-H 2004 statistics are ready to be downloaded, Gerardo Astharot Di Giacomo, 2005/04/11
iDEFENSE Security Advisory 04.11.05: Computer Associates BrightStor ARCserve Backup UniversalAgent Buffer Overflow, iDEFENSE Labs, 2005/04/11
[Full-disclosure] [ GLSA 200504-08 ] phpMyAdmin: Cross-site scripting vulnerability, Luke Macken, 2005/04/11
================================ GNU Core Utilities race condition file-permissions vulnerability ================================ Software: mkdir, mknod, mkfifo Version: Part of GNU Core Utilities 5.2.1 Software URL: <http://www.gnu.org/software/cor, Imran Ghory, 2005/04/11
- Re: ================================ GNU Core Utilities race condition file-permissions vulnerability ================================ Software: mkdir, mknod, mkfifo Version: Part of GNU Core Utilities 5., Pavel Kankovsky, 2005/04/16
Miranda IM and Miranda Installer Let Local Users Execute Arbitrary Code, Kozan, 2005/04/11
- RE: Miranda IM and Miranda Installer Let Local Users Execute Arbitrary Code, Richard Stanway, 2005/04/11
TowerBlog <= 0.6 Admin Account View [x0n3-h4ck], CorryL, 2005/04/11
Multiple ModernBill 4.3.0 And Earlier Vulnerabilities, GulfTech Security Research, 2005/04/11
SUSE Security Announcement: various KDE security problems (SUSE-SA:2005:022), Marcus Meissner, 2005/04/11
OpenText FirstClass 8.0 Client Arbitrary File Execution, dila, 2005/04/11
RE: [Full-disclosure] How to Report a Security Vulnerability toMicrosoft, Airey, John, 2005/04/11
[VulnWatch] zOOM Media Gallery - Simple SQL Injection discovery, Andreas Constantinides, 2005/04/11
[Full-disclosure] OpenOffice DOC document Heap Overflow, adlab, 2005/04/11
[Full-disclosure] [USN-110-1] Linux kernel vulnerabilities, Martin Pitt, 2005/04/11
[Full-disclosure] UPDATE: [ GLSA 200503-35 ] Smarty: Template vulnerability, Thierry Carrez, 2005/04/10
[Full-disclosure] [Artice] Click Fraud FAQ, Sumy, 2005/04/09
UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : telnet client multiple issues, please_reply_to_security, 2005/04/09
iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability, iDEFENSE Labs, 2005/04/09
- RE: iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability, Larry Seltzer, 2005/04/13
Double Choco Latte Remote Code Execution, JeiAr, 2005/04/09
Pafiledb ACTION Parameter XSS, tom cruise, 2005/04/09
PunBB <= 1.2.4 - change email to become admin exploit, exploits@nopiracy.de, 2005/04/09
phpBB Upload Script "up.php" Arbitrary File Upload, Status-x, 2005/04/08
[Full-disclosure] How to Report a Security Vulnerability to Microsoft, Microsoft Security Response Center, 2005/04/08
- RE: [Full-disclosure] How to Report a Security Vulnerability toMicrosoft, Randall M, 2005/04/09
MDKSA-2005:069 - Updated gdk-pixbuf packages fix vulnerability, Mandrakelinux Security Team, 2005/04/08
MDKSA-2005:068 - Updated gtk+2.0 packages fix vulnerability, Mandrakelinux Security Team, 2005/04/08
MacOSX Java Runtime Environment Remote Denial-of-Service (DoS) Vulnerability, Marc Schoenefeld, 2005/04/08
Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3, dcrab, 2005/04/08
- Re: Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3, Maksymilian Arciemowicz, 2005/04/13
MDKSA-2005:067 - Updated sharutils packages fix multiple vulnerabilities, Mandrakelinux Security Team, 2005/04/08
[Full-disclosure] [ GLSA 200504-07 ] GnomeVFS, libcdaudio: CDDB response overflow, Thierry Carrez, 2005/04/08
[Full-disclosure] Article: Web Server Defacements, Sumy, 2005/04/07
OpenServer 5.0.6 OpenServer 5.0.7 : cscope local attacker can remove arbitrary files, please_reply_to_security, 2005/04/07
UnixWare 7.1.4 : cdrecord local root exploit, please_reply_to_security, 2005/04/07
UnixWare 7.1.4 : libtiff Multiple vulnerabilities, please_reply_to_security, 2005/04/07
UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : CDE dtlogin unspecified double free, please_reply_to_security, 2005/04/07
OpenServer 5.0.6 OpenServer 5.0.7 : termsh atcronsh auditsh environment buffer overflows, please_reply_to_security, 2005/04/07
Macromedia Security Bulletin - ColdFusion MX 6.1, Macromedia Security Zone, 2005/04/07
[SECURITYREASON.COM] phpnuke 7.6 Multiple vulnerabilities in Web_Links Module cXIb8O3.14, Maksymilian Arciemowicz, 2005/04/07
[SECURITYREASON.COM] phpnuke 7.6 Multiple vulnerabilities in Downloads Module cXIb8O3.13, Maksymilian Arciemowicz, 2005/04/07
iDEFENSE Security Advisory 04.07.05: SGI IRIX gr_osview File Overwrite Vulnerability, iDEFENSE Labs, 2005/04/07
iDEFENSE Security Advisory 04.07.05: SGI IRIX gr_osview Information Disclosure Vulnerability, iDEFENSE Labs, 2005/04/07
[SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability, chewkeong, 2005/04/07
Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability, Adam Back, 2005/04/07
[Full-disclosure] Nokia Terminal Gateway default installation vulnerability, Miracle Maker, 2005/04/07
[Full-disclosure] [ GLSA 200504-06 ] sharutils: Insecure temporary file creation, Luke Macken, 2005/04/06
[waraxe-2005-SA#041] - Critical Sql Injection in PhpNuke 6.x-7.6 Top module, Janek Vind, 2005/04/06
- [Full-disclosure] Re: [waraxe-2005-SA#041] - Critical Sql Injection in PhpNuke 6.x-7.6 Top module, Paul Laudanski, 2005/04/09
- [Full-disclosure] [VulnDiscuss] Re: [waraxe-2005-SA#041] - Critical Sql Injection in PhpNuke 6.x-7.6 Top module[Scanned], Paul Laudanski, 2005/04/09
LiteCommerce Sql injection and reveling errors vulnerability, dcrab, 2005/04/06
[NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure, John Cobb, 2005/04/06
- RE: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure, Ravish Ahuja, 2005/04/06
- RE: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure, John Cobb, 2005/04/06
iDEFENSE Security Advisory 04.06.05: IBM Lotus Domino Server Web Service DoS Vulnerability, iDEFENSE Labs, 2005/04/06
FreeBSD Security Advisory FreeBSD-SA-05:03.amd64, FreeBSD Security Advisories, 2005/04/06
Active Auction House has multiple Sql injection, error and XSS vulnerabilities, dcrab, 2005/04/06
OSX - trojan apps can bypass authentication controls and gain root privilages, bert, 2005/04/06
- Re: OSX - trojan apps can bypass authentication controls and gain root privilages, KF (lists), 2005/04/06
runcms/e-xoops 1.1A and below file upload vulnerability, pokley, 2005/04/06
- [Full-disclosure] Re: runcms/e-xoops 1.1A and below file upload vulnerability, pokley, 2005/04/07
Microsoft Explorer Denial of Service, Luca Ercoli, 2005/04/06
- RE: Microsoft Explorer Denial of Service, Larry Seltzer, 2005/04/06
- Re: Microsoft Explorer Denial of Service, Des Ward, 2005/04/06
- Re: Microsoft Explorer Denial of Service, Luca Ercoli, 2005/04/11
drone armies C&C report - March/2005, Gadi Evron, 2005/04/06
[Full-disclosure] [ GLSA 200504-05 ] Gaim: Denial of Service issues, Luke Macken, 2005/04/06
[Full-disclosure] [ GLSA 200504-04 ] mit-krb5: Multiple buffer overflows in telnet client, Thierry Carrez, 2005/04/06
[Full-disclosure] [USN-109-1] MySQL vulnerability, Martin Pitt, 2005/04/06
[Full-disclosure] crontab from vixie-cron allows read other users crontabs, Karol Więsek, 2005/04/06
- Re: crontab from vixie-cron allows read other users crontabs, Richard Moore, 2005/04/06
- [Full-disclosure] Re: crontab from vixie-cron allows read other users crontabs, Gadi Evron, 2005/04/06
- [Full-disclosure] Re: crontab from vixie-cron allows read other users crontabs, David Malone, 2005/04/06
Smartcard-Logon and NTLM-Backward Compatability, Jan P. Monsch, 2005/04/05
- Re: Smartcard-Logon and NTLM-Backward Compatability, Saqib Ali, 2005/04/06
MailEnable Smtpd remote Dos [x0n3-h4ck], CorryL, 2005/04/05
iDEFENSE Security Advisory 04.05.05: Computer Associates eTrust Intrusion Detection System CPImportKey DoS, iDEFENSE Labs, 2005/04/05
[OpenPKG-SA-2005.005] OpenPKG Security Advisory (imapd), OpenPKG, 2005/04/05
[Full-disclosure] [USN-108-1] GDK vulnerability, Martin Pitt, 2005/04/05
Sanboxed browsing and authentication credentials, Max Moser, 2005/04/05
SQL INJECTION in DLMan Pro. PHPBB Mod., rock master, 2005/04/05
iDEFENSE Labs Releases OllyDbg Breakpoint Manager, iDEFENSE Labs, 2005/04/05
TSLSA-2005-0011 - kernel, Trustix Security Advisor, 2005/04/05
[Full-disclosure] MailEnable Imapd remote BoF + Exploit [x0n3-h4ck], expanders, 2005/04/05
FreeBSD Security Advisory FreeBSD-SA-05:02.sendfile, FreeBSD Security Advisories, 2005/04/05
[SECURITYREASON.COM] Full path disclosure and XSS in PHPNuke part 3, sp3x, 2005/04/05
Logics Software BS2000 Host to Web Client ALL PLATFORMS, Román Ramírez, 2005/04/05
SQL INJECTION in LinksLinks Pro. PHPBB Mod., rock master, 2005/04/05
gzip TOCTOU file-permissions vulnerability, Imran Ghory, 2005/04/05
- Re: gzip TOCTOU file-permissions vulnerability, Martin Pitt, 2005/04/13
  - Re: gzip TOCTOU file-permissions vulnerability, Derek Martin, 2005/04/13
  - Re: gzip TOCTOU file-permissions vulnerability, Peter J. Holzer, 2005/04/13
  - Re: gzip TOCTOU file-permissions vulnerability, Joey Hess, 2005/04/13
    - Re: gzip TOCTOU file-permissions vulnerability, psz, 2005/04/14
    - Re: gzip TOCTOU file-permissions vulnerability, Theodor Milkov, 2005/04/15
  - Re: gzip TOCTOU file-permissions vulnerability, Derek Martin, 2005/04/14
- RE: gzip TOCTOU file-permissions vulnerability, Mark Senior, 2005/04/14
  - Re: gzip TOCTOU file-permissions vulnerability, Derek Martin, 2005/04/14
  - Re: gzip TOCTOU file-permissions vulnerability, devnull, 2005/04/15
    - Re: gzip TOCTOU file-permissions vulnerability, Dmitry Yu. Bolkhovityanov, 2005/04/16
  - Re: gzip TOCTOU file-permissions vulnerability, Peter J. Holzer, 2005/04/15
  - Re: gzip TOCTOU file-permissions vulnerability, Scott Gifford, 2005/04/15
- Re: gzip TOCTOU file-permissions vulnerability, Steve Grubb, 2005/04/14
[Full-disclosure] [USN-107-1] racoon vulnerability, Martin Pitt, 2005/04/05
[VulnWatch] Sybase ASE Multiple Security Issues (#NISR05042005), NGSSoftware Insight Security Research, 2005/04/05
[Full-disclosure] [USN-106-1] Gaim vulnerabilities, Martin Pitt, 2005/04/05
Re: [Full-disclosure] I need uh Qwik-Fix please sho 'nuff!, Jason Coombs, 2005/04/05
- Re: [Full-disclosure] I need uh Qwik-Fix please sho 'nuff!, Jason Coombs, 2005/04/05
[Full-disclosure] [USN-105-1] PHP4 vulnerabilities, Martin Pitt, 2005/04/05
Authenticaion bypass, Directory transversal and XSS vulnerabilities in PayProCart 3.0 - Profitcode Software, dcrab, 2005/04/04
phpMyAdmin Cross-site Scripting Vulnerability, Oriol Torrent Santiago, 2005/04/04
Disclosure of AS/400 user accounts via the FTP server, Shalom Carmel, 2005/04/04
SonicWALL SOHO/10 - XSS vulnerability, Oliver Karow, 2005/04/04
[CLA-2005:946] Conectiva Security Announcement - MySQL, Conectiva Updates, 2005/04/04
ArGoSoft FTP Server is still vuln + PoC exploit code (IHSTeam), c0d3r, 2005/04/04
Full path disclosure and XSS in PHPNuke, SecurityReason, 2005/04/04
[SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12, Maksymilian Arciemowicz, 2005/04/04
- [Full-disclosure] Re: [SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12, Paul Laudanski, 2005/04/09
- [Full-disclosure] [VulnDiscuss] Re: [SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12[Scanned], Paul Laudanski, 2005/04/09
possible privilege escalation on Sco OpenServer 5.0.7, pasquale minervini, 2005/04/04
Local buffer overflow on Aeon<=0.2a, patr0n, 2005/04/04
SUSE Security Announcement: kernel local privilege escalation (SUSE-SA:2005:021), Marcus Meissner, 2005/04/04
[Full-disclosure] Microsoft Windows Internet Name Service (WINS) Remote Heap Overflow Exploit, class101@HAT-SQUAD.com, 2005/04/04
[Full-disclosure] [ GLSA 200504-03 ] Dnsmasq: Poisoning and Denial of Service vulnerabilities, Thierry Carrez, 2005/04/04
[Full-disclosure] [USN-104-1] unshar vulnerability, Martin Pitt, 2005/04/04
- Re: [Full-disclosure] [USN-104-1] unshar vulnerability, Florian Weimer, 2005/04/04
Re: [Full-disclosure] (PAPER) "Vision of danger: The Firefox Greasemonkey", Justin J. Novack, 2005/04/04
Yet Another Forum.net XSS vulnerabilities, maty siman, 2005/04/02
How to write remote exploits ( V. 1.1), Sumy, 2005/04/02
- Re: [Full-disclosure] How to write remote exploits ( V. 1.1), emilio, 2005/04/04
  - Re: [Full-disclosure] How to write remote exploits ( V. 1.1), Florian Maier, 2005/04/05
AlstraSoft EPay Pro v2.0 has file include and multiple xss vulnerabilities, dcrab, 2005/04/02
MDKSA-2005:065 - Updated ImageMagick packages fix multiple vulnerabilities, Mandrakelinux Security Team, 2005/04/02
MDKSA-2005:066 - Updated grip packages fix vulnerability, Mandrakelinux Security Team, 2005/04/02
RE: Microsoft Windows Server 2003 "Shell Folders" Directory Traversal Vulnerability, Eiji James Yoshida, 2005/04/02
In-game server crash in Call of Duty 1.5b and United Offensive 1.51b, Luigi Auriemma, 2005/04/02
In-game server buffer-overflow in Jedi Academy 1.011, Luigi Auriemma, 2005/04/02
In-game players kicking in the Quake 3 engine, Luigi Auriemma, 2005/04/02
Re: bzip2 TOCTOU file-permissions vulnerability, Steve Grubb, 2005/04/02
- Re: bzip2 TOCTOU file-permissions vulnerability, Jason V. Miller, 2005/04/02
- Re: bzip2 TOCTOU file-permissions vulnerability, Steve Grubb, 2005/04/14
[Full-disclosure] [ GLSA 200504-02 ] Sylpheed, Sylpheed-claws: Buffer overflow on message display, Thierry Carrez, 2005/04/02
multiple remote denial of service vulnerabilities in Gaim, Jean-Yves Lefort, 2005/04/01
Information leak in the Linux kernel ext2 implementation, Arkoon Security Team, 2005/04/01
Solaris 10 Containers / Zones Security Flaw, jim allan, 2005/04/01
- Re: Solaris 10 Containers / Zones Security Flaw, Robert Escue, 2005/04/02
- Re: Solaris 10 Containers / Zones Security Flaw, Jonathan Katz, 2005/04/02
- Re: Solaris 10 Containers / Zones Security Flaw, jim allan, 2005/04/04
  - Re: Solaris 10 Containers / Zones Security Flaw, Darren Reed, 2005/04/04
DMA[2005-0401a] - 'IVT BlueSoleil Directory Transversal', KF (Lists), 2005/04/01
Buffer Overflow within the RUMBA product, Bahaa Naamneh, 2005/04/01
Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities, Thor (Hammer of God), 2005/04/01
- Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities, Denis Jedig, 2005/04/02
  - Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities, Thor (Hammer of God), 2005/04/04
  - Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities, Steve Shockley, 2005/04/04
    - Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities, Son SonOfLilit, 2005/04/04
Re: cPanel/WHM demo account problems, Darren, 2005/04/01
[Hat-Squad Advisory] Bakbone NetVault Heap overflow Vulnerabilities, Hat-Squad Security Team, 2005/04/01
PayPal "security" measures, Jeremy Rasmussen, 2005/04/01
- AW: PayPal "security" measures, Michael Rueve, 2005/04/04
  - Re: AW: PayPal "security" measures, David F. Russell, 2005/04/04
  - Re: AW: PayPal 'security' measures, mike, 2005/04/04
  - RE: AW: PayPal "security" measures, J B, 2005/04/04
  - Re: AW: PayPal "security" measures, Rainer Duffner, 2005/04/04
- RE: PayPal "security" measures, McAllister, Andrew, 2005/04/04
  - Re: PayPal "security" measures, sh0rtie, 2005/04/06
- RE: PayPal "security" measures, McAllister, Andrew, 2005/04/06
iDEFENSE Security Advisory 03.31.05: PHP getimagesize() Multiple Denial of Service Vulnerabilities, iDEFENSE Labs, 2005/04/01
[Full-disclosure] CAU-2005-0001: Chat Service Users - "Oops! Wrong Window" Information Disclosure, I)ruid, 2005/04/01
[Full-disclosure] [ GLSA 200504-01 ] telnet-bsd: Multiple buffer overflows, Thierry Carrez, 2005/04/01
[Full-disclosure] [USN-103-1] Linux kernel vulnerabilities, Martin Pitt, 2005/04/01