Network Security Archives

Vulnerability Development (date)

[Thread Index] [Top] [All Lists]

May 31, 2005

[Full-disclosure] A short warning on the X11 Editres protocol, Florian Weimer, 20:25
504T and now also 604T remote access., alessandro, 20:25
[Full-disclosure] Reminder: XGrabKeyboard is not a security interface, Florian Weimer, 20:25
Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4, Alberto Trivero, 20:25
Re: Citrix security contact, security curmudgeon, 20:25
[Full-disclosure] ISR :: Infobyte Security Research :: (ISR-form.pl), famato, 20:25
Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Justin, 20:25
Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Todd C. Miller, 20:25
multiple vulnerability Calendarix Advanced, DarkBicho, 20:25
Re: [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Ow Mun Heng, 20:25
Wide-scale industrial espionage using Trojan horses in Israel, Gadi Evron, 20:24
[XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Xnuxer Security, 20:24
PowerDownload Remote File Inclusion, SoulBlack Group, 20:24
Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Marcus Meissner, 20:24
Re: Microsoft Internet Explorer - Crash on JavaScript "window()"-calling (05/28/2005), Benton Lam, 20:24
Nortel VPN Router Malformed Packet DoS Vulnerability, Roy Hills, 20:24
RE: Microsoft Internet Explorer - Crash on adding sites to restri cted zone (05/28/2005), Hohn, Joerg, 20:24
TSL-2005-0025 - binutils, Trustix Security Advisor, 20:24
Spam exploiting MS05-016, Nick FitzGerald, 20:24
TSL-2005-0026 - multi, Trustix Security Advisor, 20:24
Re: Microsoft Internet Explorer - Crash on JavaScript "window()"-calling (05/28/2005), - k -, 20:24
SyScAN'05, organiser@syscan.org, 20:24
[Full-disclosure] [Argeniss] MS05-012 Exploit, Cesar, 20:24
MDKSA-2005:095 - Updated gdb packages fix vulnerabilities, Mandriva Security Team, 20:23
Multiple vulnerabilities in x-cart Gold, CENSORED, 20:23
MyBB 1.0 RC4 XSS Bug, August Christopher, 20:23
CYBSEC - PHPMailer Infinite Loop Denial of Service, Mariano Nuñez Di Croce, 20:23
[Full-disclosure] Crash in Stronghold 2 1.2, Luigi Auriemma, 20:23
Format String Vulnerability In Peercast 0.1211 And Earlier, GulfTech Security Research, 20:23
PicoWebServer Remote Unicode Stack Overflow, Dennis Elser, 20:23
Microsoft Internet Explorer - Crash on to many stack overflows (05/28/2005), Benjamin Tobias Franz, 20:23
Microsoft Internet Explorer - Crash on processing embedded files with endless loop (05/28/2005), Benjamin Tobias Franz, 20:23
Microsoft Internet Explorer - Crash on JavaScript "window()"-calling (05/28/2005), Benjamin Tobias Franz, 20:23
Microsoft Internet Explorer - Crash on adding sites to restricted zone (05/28/2005), Benjamin Tobias Franz, 20:23

May 29, 2005

[Full-disclosure] Compuware Softice (DbgMsg driver) Local Denial Of Service, Piotr Bania, 09:55

May 28, 2005

[Full-disclosure] Cygwin Bash Buffer Overflow, Rodrigo Gutierrez, 22:51

May 27, 2005

SQL Injection Exploit for myBloggie 2.1.1 - 2.1.2, Alberto Trivero, 19:20
Re: User32.dll Icon Size Crash, Daniel Souza, 19:10
RE: ACROS Security: HTML Injection in BEA WebLogic Server Console (2), ACROS Security, 18:59
Re: [SECURITY] [DSA 729-1] New PHP4 packages fix denial of service, John GALLET, 18:49
Citrix security contact, Eyal Udassin, 18:29
DSL-504T (and maybe many other) remote access without password bug, alessandro, 18:29
RE: CAID 32896 - Computer Associates Vet Antivirus engine heap overflow vulnerability, Williams, James K, 18:09
[Full-disclosure] [AppSecInc Advisory BEA05-V0100] BEA WebLogic Administration Console error page cross-site scripting vulnerability, Team SHATTER, 16:38
[Full-disclosure] [AppSecInc Advisory BEA05-V0101] BEA WebLogic Administration Console login page cross-site scripting vulnerability, Team SHATTER, 16:38
User32.dll Icon Size Crash, - k -, 16:08
PostNuke Critical SQL Injection and XSS 0.750=>x, sp3x, 15:18
PHP Stat Administrative User Authentication Bypass, SoulBlack Group, 14:57
[Full-disclosure] [USN-136-2] Fixed packages for USN-136-1, Martin Pitt, 12:45
[Full-disclosure] [USN-136-1] binutils vulnerability, Martin Pitt, 09:44
[Full-disclosure] [ GLSA 200505-20 ] Mailutils: Multiple vulnerabilities in imap4d and mail, Thierry Carrez, 09:44
[Full-disclosure] [USN-135-1] gdb vulnerabilities, Martin Pitt, 09:34
[Full-disclosure] [USN-114-2] Fixed packages for USN-114-1, Martin Pitt, 09:24

May 26, 2005

[Full-disclosure] Mozilla 1.7.8 filehandle-error/win32, the.soylent, 18:37
[security bulletin] SSRT5899 rev.0 - HP-UX trusted system remote unauthorized access, Boren, Rich (SSRT), 17:27
Re: Commonly used disk imaging and wiping tools can be tricked to miss parts of a disk, Arne Vidström, 16:36
[security bulletin] SSRT4884 rev.0 - HP-UX TCP/IP Remote Denial of Service (DoS), Boren, Rich (SSRT), 16:26
Re: ACROS Security: HTML Injection in BEA WebLogic Server Console (2), Will Schroeder, 16:26
[security bulletin] SSRT5954 rev.1 - HP-UX TCP/IP Remote Denial of Service (DoS), Boren, Rich (SSRT), 16:16
Re: [Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability, jamesbug, 16:16
Meteor FTP Server: PoC Exploit, Dim K0r0l, 15:56
Re: Multiple Sql injection and XSS vulnerabilities in phpBB Plus v.1.52 and below and some of its modules., security curmudgeon, 15:46
Re: PowerLink WAN Aggregator - Vunerability, preasoner, 15:46
Invision Power Board 1.* and 2.* Exploit (BID 13529), Petey Beege, 14:55
Re: PHP Injection in PHP Poll Creator, Michael Cordover, 14:45
Alwil Software Avast Antivirus Device Driver Memory Overwrite Vulnerability, Piotr Bania, 14:35
[Full-disclosure] Buffer-overflow in C'Nedra 0.4.0, Luigi Auriemma, 13:55
[Full-disclosure] Buffer-overflow and crash in Terminator 3: War of the Machines 1.16, Luigi Auriemma, 13:45
[Full-disclosure] [USN-134-1] Firefox vulnerabilities, Martin Pitt, 13:34
Re: [Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability, jamesbug, 11:23
[Full-disclosure] [USN-133-1] Apache utility vulnerability, Martin Pitt, 10:53
[Full-disclosure] [ GLSA 200505-19 ] gxine: Format string vulnerability, Thierry Carrez, 09:22

May 25, 2005

davfs2 does not honour Unix permissions, martin f krafft, 19:17
High Risk Vulnerability in L-Soft's LISTSERV Server, NGSSoftware Insight Security Research, 18:46
[Full-disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : nwprint privilege escalation, please_reply_to_security, 18:26
PHP Injection in PHP Poll Creator, rash ilusion, 16:35
[Full-disclosure] shtool insecure temporary file creation, ZATAZ.net, 16:05
exim 4.40 exploit, plugger, 15:55
[Full-disclosure] iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 imap4d Format String Vulnerability, iDEFENSE Labs, 15:35
[Full-disclosure] iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 imap4d FETCH Command Resource Consumption DoS Vulnerability, iDEFENSE Labs, 15:35
[Full-disclosure] iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 imap4d fetch_io Heap overflow Vulnerability, iDEFENSE Labs, 15:35
[Full-disclosure] iDEFENSE Security Advisory 05.25.05: GNU Mailutils 0.6 mail header_get_field_name() Buffer Overflow Vulnerability, iDEFENSE Labs, 15:35
[Full-disclosure] Zone Labs ZoneAlarm Vet anti-virus engine OLE processing vulnerability, Zone Labs Product Security, 14:24

May 24, 2005

Javamail Multiple Information Disclosure Vulnerabilities, Ricky Latt, 19:46
[Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP SELECT Command DoS Vulnerability, iDEFENSE Labs, 18:26
[Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability, iDEFENSE Labs, 18:26
[Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP LOGIN Remote Buffer Overflow Vulnerabilities, iDEFENSE Labs, 18:26
[Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP STATUS Remote Buffer Overflow Vulnerability, iDEFENSE Labs, 18:16
[Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP LSUB DoS Vulnerability, iDEFENSE Labs, 18:16
[Full-disclosure] Re: Endless loop in Halo 1.06, Joel Esler, 17:05
[Full-disclosure] Re: Endless loop in Halo 1.06, Joel Esler, 17:05
ACROS Security: HTML Injection in BEA WebLogic Server Console (1), ACROS Security, 16:45
ACROS Security: HTML Injection in BEA WebLogic Server Console (2), ACROS Security, 16:25
Gforge - viewFile.php security flaw, Filippo Spike Morelli, 16:15
Blue Coat Reporter multiple remote vulnerabilities, Oliver Karow, 15:54
CAID 32896 - Computer Associates Vet Antivirus engine heap overflow vulnerability, Williams, James K, 15:44
[Full-disclosure] Endless loop in Halo 1.06, Luigi Auriemma, 14:03

May 23, 2005

[Full-disclosure] [ GLSA 200505-18 ] Net-SNMP: fixproc insecure temporary file creation, Sune Kloppenborg Jeppesen, 18:34
[Full-disclosure] [ GLSA 200505-17 ] Qpopper: Multiple Vulnerabilities, Sune Kloppenborg Jeppesen, 17:54
[Full-disclosure] RE: Security issue in Microsoft Outlook, Keenan Smith, 17:44
Meteor FTP Server v1.5 Buffer Overflow, Auston J, 15:23
Cookie Cart Default Installation Multiple Vulnerabilities, SoulBlack Group, 15:03
SQL injections in PortailPHP, CENSORED, 14:52
[Full-disclosure] Format string and crash in Warrior Kings 1.3 and Battles 1.23, Luigi Auriemma, 13:42
[Full-disclosure] Computer Associates Vet Antivirus Library Remote Heap Overflow, list, 12:41
[Full-disclosure] [USN-132-1] ImageMagick vulnerabilities, Martin Pitt, 10:00
[Full-disclosure] [USN-131-1] Linux kernel vulnerabilities, Martin Pitt, 07:19

May 21, 2005

[SECURITYREASON.COM] PostNuke SQL Injection 0.750=>x, Maksymilian Arciemowicz, 19:05
pst.advisory 2005-21: gxine remote exploitable . opensource is god .lol windows, yan feng, 18:15
[SECURITYREASON.COM] PostNuke Non Critical SQL Injection and Include 0.760-RC3=>x, Maksymilian Arciemowicz, 18:15
[SECURITYREASON.COM] PostNuke XSS and Full path disclosure 0.760RC3=>x, Maksymilian Arciemowicz, 18:05
[SECURITYREASON.COM] PostNuke XSS 0.760{RC2,RC3}, Maksymilian Arciemowicz, 17:55
[Full-disclosure] [ GLSA 200505-16 ] ImageMagick, GraphicsMagick: Denial of Service vulnerability, Thierry Carrez, 13:43

May 20, 2005

[UPDATE] UNICODE BUFFER OVERFLOW IN MS-WORD, Bahaa Naamneh, 18:25
[Full-disclosure] RE: Security issue in Microsoft Outlook, David Corn, 17:24
[BuHa Security] Wordpress SQL-Injection, Thomas Waldegger, 16:54
Security contact for Trillian, Suramya Tomar, 16:54
Re: [Full-disclosure] Security issue in Microsoft Outlook, Dan Margolis, 16:44
episodex guestbook security bypass & html injection, farhad koosha, 16:44
worm "postcard" e-mail issue, M. Perri, 16:34
picasm error handling stack overflow vulnerability, Shaun Colley, 16:24
pst.advisory: gedit fun. opensource is god .lol windows, yan feng, 15:54
[Full-disclosure] RE: Security issue in Microsoft Outlook, David Corn, 14:03
[Full-disclosure] [ GLSA 200505-15 ] gdb: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 11:01
[Full-disclosure] ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability, Sune Kloppenborg Jeppesen, 10:41
[Full-disclosure] UPDATE: [ GLSA 200504-23 ] Kommander: Insecure remote script execution, Sune Kloppenborg Jeppesen, 10:31
[Full-disclosure] AW: Security issue in Microsoft Outlook, Aufmuth Andreas, 08:00

May 19, 2005

[Full-disclosure] RE: Security issue in Microsoft Outlook, Patch Now, 21:55
[Full-disclosure] Possible proxy scan for proactive countermeasures?, the rxmr, 17:43
phpATM arbitrary PHP code inclusion, Ingvar Gilbert, 17:43
UNICODE BUFFER OVERFLOW IN MS-WORD, Bahaa Naamneh, 17:43
JavaMail Information Disclosure (msgno), Ricky Latt, 17:33
Re: [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05), deluxe, 17:23
D-Link DSL routers authentication bypass, Francesco Orro, 16:53
Re: [Full-disclosure] NOVELL ZENWORKS MULTIPLE REMXXTE STACK & HEAP OVERFLOWS, bart2k, 16:53
MDKSA-2005:092 - Updated gzip packages fix several vulnerabilities, Mandriva Security Team, 16:43
MDKSA-2005:091 - Updated bzip2 packages fix multiple vulnerabilities, Mandriva Security Team, 16:33
MDKSA-2005:090 - Updated nasm packages fix vulnerability, Mandriva Security Team, 16:23
MDKSA-2005:089 - Updated cdrdao packages fix local root vulnerability, Mandriva Security Team, 16:12
[Full-disclosure] [ GLSA 200505-14 ] Cheetah: Untrusted module search path, Sune Kloppenborg Jeppesen, 14:42
[Full-disclosure] [USN-130-1] TIFF library vulnerability, Martin Pitt, 13:11
[Full-disclosure] Re: Security issue in Microsoft Outlook, M. Moreno, 12:10
Re: [Full-disclosure] Re: Security issue in Microsoft Outlook, Joachim Schipper, 12:10
[Full-disclosure] Re: Security issue in Microsoft Outlook, Kevin Martin, 12:10
[Full-disclosure] RE: Security issue in Microsoft Outlook, Steve Bostedor, 12:00
[Full-disclosure] Re: Security issue in Microsoft Outlook, Jens Becker, 08:58
RE: [Active Spam - GGL Filter] [Full-disclosure] AW: Security issue in Microsoft Outlook, irfan . syed, 08:37
[Full-disclosure] Re: Security issue in Microsoft Outlook, Harshad, 08:27
[Full-disclosure] Re: Security issue in Microsoft Outlook, Tom Gallagher, 08:27
[Full-disclosure] RE: Security issue in Microsoft Outlook, Simon Dever, 08:27
[Full-disclosure] Re: Security issue in Microsoft Outlook, Jesse Morgan, 08:27
[Full-disclosure] RE: Security issue in Microsoft Outlook, Scovetta, Michael V, 08:27
[Full-disclosure] AW: Security issue in Microsoft Outlook, Stein, Wilhelm Michael, 08:27
[Full-disclosure] RE: Security issue in Microsoft Outlook, Domingos Bruges, 08:17
[Full-disclosure] [FLSA-2005:152815] Updated libtiff packages fix security issues, Marc Deslauriers, 05:06

May 18, 2005

[Full-disclosure] Re: Security issue in Microsoft Outlook, Nick FitzGerald, 21:22
[FLSA-2005:152771] Updated pam packages fix security issue, Marc Deslauriers, 20:22
[FLSA-2005:152883] Updated mozilla packages fix security issues, Marc Deslauriers, 20:12
[Full-disclosure] Security issue in Microsoft Outlook, Bakchodiya, 19:52
[Full-disclosure] NOVELL ZENWORKS MULTIPLE REMÃTE STACK & HEAP OVERFLOWS, list, 19:21
Re: Mac OS X - Adobe Version Cue local root exploit [c version exploit], Vade 79, 18:31
[Full-disclosure] UnixWare 7.1.4 : Updated mozilla fixes many security issues, please_reply_to_security, 18:21
Re: Yahoo! Messenger may be storing all session data 'Unencoded' on the local machine, Torseq Tech., 18:01
Re: [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05), Steven M. Christey, 17:30
Windows (XP, 2k3, Longhorn) is vulnerable to IpV6 Land attack., Konrad Malewski, 16:29
Help Center Live Vulnerabilities, GulfTech Security Research, 15:18
Re: Windows image size crash, cmthemc, 15:08
Yahoo! Messenger may be storing all session data 'Unencoded' on the local machine, Torseq Tech., 14:57
[Full-disclosure] [USN-129-1] Squid vulnerability, Martin Pitt, 11:46
[VulnWatch] Linux kernel pktcdvd ioctl break user space limit vulnerability [corrected], bugs, 01:42

May 17, 2005

MDKSA-2005:088-1 - Updated mozilla-firefox packages re-enable extensions, Mandriva Security Team, 21:00
[CLA-2005:953] Conectiva Security Announcement - kde, Conectiva Updates, 20:40
Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability, alert7, 20:30
[Full-disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : telnet client multiple issues, please_reply_to_security, 18:18
[Full-disclosure] [USN-128-1] nasm vulnerability, Martin Pitt, 14:16
[Full-disclosure] [ GLSA 200505-13 ] FreeRADIUS: Buffer overflow and SQL injection vulnerability, Sune Kloppenborg Jeppesen, 12:35
[Full-disclosure] [USN-127-1] bzip2 vulnerabilities, Martin Pitt, 11:04
[Full-disclosure] MySQL < 4.0.12 && MySQL <= 5.0.4 : Insecure tmp file handling, ZATAZ.net, 08:53

May 16, 2005

cdrdao exploit for mandrake 10.2 ( Mandriva 2005), newbug Tseng, 19:17
[SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05), deluxe, 19:07
Mac OS X - Adobe Version Cue local root exploit [c version exploit], ali reza AcTiOnSpIdEr, 18:57
Pico Server (pServ) Remote Command Injection, Claus R. F. Overbeck, 18:37
Pico Server (pServ) Information Disclosure Of CGI Sources, Claus R. F. Overbeck, 18:17
Pico Server (pServ) Local Information Disclosure, Claus R. F. Overbeck, 18:07
Woltlab Burning Board SQL Injection Vulnerability, GulfTech Security Research, 17:57
DotNetNuke (Multiple XSS), Mark Woan, 17:47
Multiple Vulnerabilities in MetaCart e-Shop, dedi dwianto, 17:26
[Full-disclosure] Re: Postnuke 0.750 - 0.760rc4 local file inclusion, Paul Laudanski, 14:15
[Full-disclosure] Postnuke 0.750 - 0.760rc4 local file inclusion, pokley, 03:20

May 15, 2005

[Full-disclosure] [ GLSA 200505-12 ] PostgreSQL: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 08:52
[Full-disclosure] [ GLSA 200505-11 ] Mozilla Suite, Mozilla Firefox: Remote compromise, Sune Kloppenborg Jeppesen, 06:21

May 14, 2005

MDKSA-2005:088 - Updated mozilla packages fix multiple vulnerabilities, Mandriva Security Team, 17:56
Skull-Splitter's Guestbook Multiple XXS/HTML injection, Morinex Eneco, 17:26
Re: Windows image size crash, Bernhard Mitterer, 17:06
Gaim 1.2.1 -- PoC Stack Overflow, Ron, 16:15
[Full-disclosure] [ GLSA 200505-10 ] phpBB: Cross-Site Scripting Vulnerability, Sune Kloppenborg Jeppesen, 12:04

May 13, 2005

Yahoo! Chat Add Buddy Without Consent Privacy Issue, Torseq Tech., 20:58
PHPHeaven PHPMyChat Cross-site Scripting Vulnerablitiy, Megasky, 19:57
Re: Windows image size crash, Oliver J. Morais, 19:37
Re: Windows image size crash, Giuseppe `lan` Marocchio, 19:37
Yahoo! Messenger URL Handler Remote DoS Vulnerability, Torseq Tech., 19:27
Re: Linux kernel ELF core dump privilege elevation, codeQ, 19:17
OpenBB SQL Injection & Cross-site Scripting Vulnerability, Megasky, 19:07
Re: Linux kernel ELF core dump privilege elevation (kernel module workaround), chris, 18:57
Re: phpbb 2.0.15 released - patches high critical vuln, Paul Laudanski, 18:47
cross-domain cookie theft: who's to blame?, Tim Tompkins, 18:36
Windows image size crash, RSnake, 18:36
Willings WebCam - Password Disclosure Issue, SecuBox fRoGGz, 18:16
Ultimate PHP Board (UPB) Security Advisory, Morinex Eneco, 14:54
[Full-disclosure] OpenServer 5.0.7 UnixWare 7.1.4 UnixWare 7.1.3 : Hyper-Threading information leakage, please_reply_to_security, 14:44
Re: Linux kernel ELF core dump privilege elevation, Pedro Venda, 14:44
32-bit qmail fun (qmail-pop3d) (fwd), Lars Olsson, 14:34
ITU 2005 Call For Papers, Michal Szymanski, 14:24
FreeBSD Security Advisory FreeBSD-SA-05:09.htt [REVISED], FreeBSD Security Advisories, 14:04
[Full-disclosure] OllyDbg "INT3 AT" Format String Vulnerability, Piotr Bania, 11:33
[Full-disclosure] [FLSA-2005:155508] Updated cvs package fixes security issues, Marc Deslauriers, 08:51
[Full-disclosure] [USN-126-1] GNU TLS library vulnerability, Martin Pitt, 08:01
[Full-disclosure] [FLSA-2005:152871] Updated nfs-utils package fixes security issue, Marc Deslauriers, 05:00
[Full-disclosure] [FLSA-2005:152912] Updated imap packages fix security issues, Marc Deslauriers, 05:00
[Full-disclosure] [FLSA-2005:154988] Updated openoffice.org packages fix security issues, Marc Deslauriers, 04:50
[Full-disclosure] [FLSA-2005:152763] Updated qt packages fixes security issues, Marc Deslauriers, 03:19
[Full-disclosure] [FLSA-2005:152768] Updated ruby package fixes security issues, Marc Deslauriers, 03:19
[Full-disclosure] [FLSA-2005:152804] Updated openmotif packages fix image vulnerability, Marc Deslauriers, 03:19
[Full-disclosure] [FLSA-2005:152856] Updated sudo packages fix security issue, Marc Deslauriers, 03:19

May 12, 2005

[Full-disclosure] Netvault Remote Heap Overflow (another one), nolimit bugtraq, 22:05
[Full-disclosure] Re: phpbb 2.0.15 released - patches high critical vuln, Paul Laudanski, 20:24
htdigest exploit code [bid 13537], K sPecial, 19:24
Re: Linux kernel ELF core dump privilege elevation, antoine, 19:04
Re: Linux kernel ELF core dump privilege elevation (kernel module workaround), Andrew Griffiths, 18:54
MDKSA-2005:084 - Updated gnutls packages fix vulnerabilities, Mandriva Security Team, 17:53
MDKSA-2005:085 - Updated kdelibs packages fix vulnerabilities, Mandriva Security Team, 17:43
MDKSA-2005:086 - Updated gaim packages fix multiple vulnerabilities, Mandriva Security Team, 17:33
MDKSA-2005:087 - Updated tcpdump packages fix multiple vulnerabilities, Mandriva Security Team, 17:23
Acrowave AAP-3100AR authetication bypass, Martin Tornwall, 17:13
Directtopics Multiple Vulnerabilities (Security Advisory), Morinex Eneco, 17:03
Re: Commonly used disk imaging and wiping tools can be tricked to miss parts of a disk, Thor Arne Johansen, 16:22
Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks, Anton Ivanov, 16:12
Security Advisory for Bugzilla 2.18, 2.19.2, and 2.16.8, Max Kanat-Alexander, 16:02
Firefox 1.0.4 released. Several vulnerabilities fixed, Paul, 15:52
[Full-disclosure] [USN-125-1] Gaim vulnerabilities, Martin Pitt, 14:52
[Full-disclosure] [USN-124-2] Fixed packages for USN-124-1, Martin Pitt, 14:42
Re: [Full-disclosure] [DR018] Quartz Composer / QuickTime 7 information leakage, adf--at--Code511.com, 09:29
[Full-disclosure] [ GLSA 200505-09 ] Gaim: Denial of Service and buffer overflow vulnerabilties, Sune Kloppenborg Jeppesen, 02:36
RE: TCP/IP implementations do not adequately validate ICMP error messages, David Schwartz, 01:16
Yappa-NG Multiple Vulnerabilities, GulfTech Security Research, 01:06
Re: SPAM-HIGH: TCP/IP implementations do not adequately validate ICMP error messages, David Nichols, 00:05
Re: Firefox Crash??, Jeremy Kelley, 00:05

May 11, 2005

Re: Linux kernel ELF core dump privilege elevation, Paul Starzetz, 23:55
Re: Firefox Crash??, Joxean Koret, 22:55
Re: Linux kernel ELF core dump privilege elevation, Greg KH, 22:55
Re: Firefox Crash??, Christophe Lucas, 22:45
[Full-disclosure] [DR018] Quartz Composer / QuickTime 7 information leakage, David Remahl, 22:14
Re: Authentication bypass, sql injections and xss in ArticleLive 2005, Steven M. Christey, 21:54
Re: Linux kernel ELF core dump privilege elevation, Bruno Lustosa, 21:34
Ethereal <= 0.10.10 SIP dissector stack overflow DoS exploit, Shaun Colley, 21:14
Re: TCP/IP implementations do not adequately validate ICMP error messages, Maciej Soltysiak, 20:54
Commonly used disk imaging and wiping tools can be tricked to miss parts of a disk, Arne Vidström, 20:44
Re: Linux kernel ELF core dump privilege elevation, Greg KH, 20:24
Re: TCP/IP implementations do not adequately validate ICMP error messages, Peter Keel, 20:13
[HSC Security Group] MaxWebPortal - Multiple SQL injection/XSS, Zinho, 20:13
Re: [Full-disclosure] Which is the best anti-spyware cleaner?, Paul Laudanski, 20:13
[Full-disclosure] Which is the best anti-spyware cleaner?, Paul Laudanski, 20:03
[Full-disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : chroot A known exploit can break a chroot prison., please_reply_to_security, 16:21
Metasploit Framework v2.4, H D Moore, 15:10
MDKSA-2005:083 - Updated ethereal packages fix multiple vulnerabilities, Mandriva Security Team, 14:50
[VulnWatch] Linux kernel ELF core dump privilege elevation, Paul Starzetz, 14:39
Re: [Full-disclosure] BakBone NetVault last warning, class, 11:04
[Full-disclosure] BakBone NetVault last warning, class, 10:54
[Full-disclosure] [Scan Associates Advisory] Neteyes Nexusway multiple vulnerability, pokley, 08:53
[Full-disclosure] [USN-124-1] Mozilla and Firefox vulnerabilities, Martin Pitt, 05:11

May 10, 2005

[Full-disclosure] Guesbook Pro XSS & HTML Injection, SoulBlack Group, 22:49
WowBB view_user.php SQL Injection Vulnerability, Megasky, 21:38
CAIF 1.2 released, Oliver Goebel, 19:07
Gamespy cd-key validation system: "Cd-key in use" DoS versus many games, Luigi Auriemma, 19:07
Firefox Crash??, orebla Orebla, 18:46
TCP/IP implementations do not adequately validate ICMP error messages, Alok Menghrajani - Ilion Security SA, 18:36
TSLSA-2005-0021 - squid, Trustix Security Advisor, 18:26
[Full-disclosure] [ GLSA 200505-08 ] HT Editor: Multiple buffer overflows, Sune Kloppenborg Jeppesen, 18:16
[Full-disclosure] [ GLSA 200505-07 ] libTIFF: Buffer overflow, Sune Kloppenborg Jeppesen, 18:16
New Macromedia Security Zone Bulletin Posted, Macromedia Security Zone, 18:16
[Full-disclosure] Crash in Zoidcom 1.0 beta 4, Luigi Auriemma, 17:25
Esqo advisory: GeoVision Digital Video Surveillance System - Multiple authentication issues, Tirath Rai, 14:14
[Full-disclosure] remote root security bug in ethereal 0.9.13 >= and <= 0.10.10, suresec advisories, 07:00

May 09, 2005

Viruses can evade Sophos Anti-Virus, xerces8, 18:04
[Full-disclosure] [ GLSA 200505-06 ] TCPDump: Decoding routines Denial of Service vulnerability, Sune Kloppenborg Jeppesen, 17:44
[Full-disclosure] [ GLSA 200505-05 ] gzip: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 17:34
Re: firefox 1.0.3 spoof+auto dl, Paul, 17:34
Advanced Guestbook 2.3.1, Spy Hat, 17:24
Firefox Remote Compromise Technical Details, Paul, 17:14
Re: Can't trust COMODO - An Update, Gunter Ollmann, 16:43
Firefox Remote Compromise Leaked, Paul, 16:33
Announcement: The Web Security Mailing List, contact, 16:33
NISCC Vulnerability Advisory IPSEC - 004033, albatross, 16:23
Re: MegaBook V2.0 - Cross Site Scripting Exploit, Spy Hat, 15:33
PwsPHP v1.2.2 Final - Multiples vulnerabilities, SecuBox fRoGGz, 15:23
[Full-disclosure] [ GLSA 200505-04 ] GnuTLS: Denial of Service vulnerability, Matthias Geerdsen, 06:58

May 08, 2005

[Full-disclosure] Easy Message Board Directory Traversal and Remote Command, SoulBlack Group, 20:14
[Full-disclosure] 32-bit qmail fun (qmail-pop3d), Lars Olsson, 08:59
[Full-disclosure] phpbb 2.0.15 released - patches high critical vuln, Paul Laudanski, 02:17
[Full-disclosure] [SecurityLab] Ethereal 0.10.10 SIP Dissector Overflow, Ejovi Nuwere, 00:26

May 07, 2005

firefox 1.0.3 spoof+auto dl, john smith, 17:33
[Full-disclosure] Ethereal <= 0.10.10 single UDP packet DoS, Nicob, 10:40
[Full-disclosure] Re: [SEC-1 LTD] RSA SecurID Web Agent Heap Overflow, Vin McLellan, 10:40
[USN-120-1] Apache 2 vulnerability, Martin Pitt, 01:26

May 06, 2005

[Full-disclosure] Re: [SEC-1 LTD] RSA SecurID Web Agent Heap Overflow, Kevin, 21:05
4d WebSTAR 5.x Web Server Mac OS X Buffer Overflow, Braden Thomas, 20:14
Secure Science Corporation Advisory CSA-056, SSC Advisory Notice, 17:53
PHP Advanced Transfer Manager v1.21, tjomi4, 16:12
FreeBSD Security Advisory FreeBSD-SA-05:08.kmem, FreeBSD Security Advisories, 16:02
FreeBSD Security Advisory FreeBSD-SA-05:07.ldt, FreeBSD Security Advisories, 15:52
FreeBSD Security Advisory FreeBSD-SA-05:06.iir, FreeBSD Security Advisories, 15:42
[Full-disclosure] [ GLSA 200505-03 ] Ethereal: Numerous vulnerabilities, Sune Kloppenborg Jeppesen, 15:42
MDKSA-2005:081 - Updated XFree86/XOrg packages fix libXpm vulnerabilities, Mandriva Security Team, 15:32
Multiple Vulnerabilities In Invision Power Board, GulfTech Security Research, 15:22
Re: MegaBook V2.0 - Cross Site Scripting Exploit, Morning Wood, 15:01
MDKSA-2005:082 - Updated OpenOffice.org packages fix heap overflow vulnerability, Mandriva Security Team, 14:41
Sql Injection in CJ Ultra Plus v1.0.3-1.0.4, Kold, 14:21
Multiple vulnearabilities in e107 cms, hennoj, 14:11
Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks, Michal Zalewski, 14:01
Mac OS 10.4: new-account-wizzard in Mail 2.0 sends clear-text passwords, Markus Wörle, 14:01
[Full-disclosure] [USN-123-1] Xine library vulnerabilities, Martin Pitt, 12:30
MegaBook V2.0 - Cross Site Scripting Exploit, Spy Hat, 10:29
[Full-disclosure] [USN-122-1] Squid vulnerability, Martin Pitt, 09:08
[Full-disclosure] [USN-121-1] OpenOffice.org vulnerability, Martin Pitt, 07:58
[Full-disclosure] [SEC-1 LTD] RSA SecurID Web Agent Heap Overflow, Gary O'leary-Steele, 07:07
[Full-disclosure] [USN-119-1] tcpdump vulnerabilities, Martin Pitt, 05:47

May 05, 2005

[Full-disclosure] Re: directory traversal in SimpleCam 1.2, pingywon, 23:34
Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks, H D Moore, 21:53
[Full-disclosure] [ GLSA 200505-02 ] Oops!: Remote code execution, Luke Macken, 20:43
[hackgen-2005-#004] - Multiple bugs in MidiCart PHP Shopping Cart, Exoduks, 20:13
Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks, Michal Zalewski, 19:42
DMA[2005-0502a] - 'Apple OSX multiple Bluetooth vulnerabilities', Kevin Finisterre, 19:32
[Full-disclosure] Port 1025 netvenuechat, Sherwyn Williams, 18:42
Re: AWStats <= 6.4 Multiple vulnerabilities, Laurent Destailleur, 18:22
Multiple Vulnerabilities In osTicket, GulfTech Security Research, 17:31
RE: ASP.NET __VIEWSTATE crypto validation prone to replay attacks, Tim Farley, 17:11
Multiple Vulnerabilities In SitePanel2, GulfTech Security Research, 17:01
Multiple vulnerabilities in myBloggie 2.1.1, Alberto Trivero, 17:01
dSMTP - SMTP Mail Server 3.1b Linux Remote Root Format String Exploit, cybertronic, 16:41
Oracle 10g DBMS_SCHEDULER SESSION_USER issue, Alexander Kornbrust, 16:31
Oracle 9i / 10g Fine Grained Auditing Issue, Alexander Kornbrust, 16:20
MRO Maximo v4 & v5, Felix, 15:50
iDEFENSE Security Advisory 05.04.05: Apple Mac OS X vpnd Server_id Buffer Overflow Vulnerability, iDEFENSE Labs, 15:40
Local file detection bug found through Adobe SVG Viewer, Hyperdose Security, 15:20
Multiple vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, ShineShadow, 14:49
Gossamer Threads Links SQL login XSS Vulnerability, Nathan House, 14:39
iDEFENSE Security Advisory 05.03.05: Mac OS X Server NeST -target Buffer Overflow Vulnerability, iDEFENSE Labs, 14:19
Golden Ftp Server Pro - Directory Traversal Vuln, Lachlan. H, 14:09
Authentication bypass, sql injections and xss in ArticleLive 2005, dcrab, 14:09
Multiple SQL injections and XSS in FishCart 3.1, dcrab, 13:59
[HSC Security Group] ASP Inline Corporate Calendar SQL injection, Zinho, 13:38

May 04, 2005

[Full-disclosure] directory traversal in SimpleCam 1.2, Donato Ferrante, 15:48
[Full-disclosure] Gamespy cd-key validation system: Cd-key never in use, Luigi Auriemma, 15:18
[Full-disclosure] Gamespy cd-key validation system: "Cd-key in use" DoS versus many games, Luigi Auriemma, 15:18
[VulnWatch] leafnode security announcement leafnode-SA-2005-01, Matthias Andree, 15:07
RE: [Full-disclosure] Re: [VulnWatch] Hotmail Advisories, Luis A. Cortes Zavala, 14:27
[Full-disclosure] [USN-118-1] PostgreSQL vulnerabilities, Martin Pitt, 13:06
[Full-disclosure] Local root vuln in VPN daemon on MacOS X, Pieter de Boer, 12:16
Re: [Full-disclosure] Re: [VulnWatch] Hotmail Advisories, Jerome Athias, 10:55
[Full-disclosure] Re: [VulnWatch] Hotmail Advisories, Sherwyn Williams, 10:25
[Full-disclosure] Hotmail Advisories, Luis A. Cortes Zavala, 07:44
[Full-disclosure] Hotmail Advisories, Luis A. Cortes Zavala, 07:34
[Full-disclosure] [USN-117-1] cvs vulnerability, Martin Pitt, 07:34
[Full-disclosure] [USN-116-1] gzip vulnerabilities, Martin Pitt, 07:34

May 03, 2005

[VulnWatch] Advisories for 4 vulnerabilities addressed by Apple SU 2005-005, David Remahl, 20:39
[VulnWatch] Hotmail Advisories, Luis A. Cortes Zavala, 19:38
[Full-disclosure] [USN-115-1] Kommander vulnerability, Martin Pitt, 14:26
ASP.NET __VIEWSTATE crypto validation prone to replay attacks, Michal Zalewski, 13:05
[Full-disclosure] [USN-114-1] kimgio vulnerability, Martin Pitt, 10:13
[Full-disclosure] [USN-113-1] libnet-ssleay-perl vulnerability, Martin Pitt, 09:33

May 02, 2005

Re: Apache hacks (./atac, d0s.txt), Nick Bright, 21:57
tHorK FrameWork Beta v0.1::: another exploit framework, gilbert nzeka, 21:47
[CLA-2005:952] Conectiva Security Announcement - kernel, Conectiva Updates, 21:37
Directory Traversal Vuln - RaidenFTPD 2.4 < Build 2241, Lachlan. H, 21:17
Re: Apache hacks (./atac, d0s.txt), Steve Kemp, 21:17
Re: Apache hacks (./atac, d0s.txt), Jay D. Dyson, 21:07
Re: Apache hacks (./atac, d0s.txt), KF (lists), 20:57
Re: Privilege escalation in BulletProof FTP Server v2.4.0.31 [PoC], Jerome ATHIAS, 20:36
Re: Apache hacks (./atac, d0s.txt), Robert Zilbauer, 20:26
Can't trust COMODO, Gunter Ollmann (NGS), 20:16
Re: Apache hacks (./atac, d0s.txt), Skip Carter, 20:16
Re: Apache hacks (./atac, d0s.txt), Luiz Henrique, 20:06
Regions bank phishing scam, Ryan S, 19:56
Re: Apache hacks (./atac, d0s.txt), Daniel Cid, 19:56
Re: Apache hacks (./atac, d0s.txt), Sagiko, 19:46
Re: Apache hacks (./atac, d0s.txt), Chris Umphress, 19:36
JGS-Portal 3.0.1 SQL-Injection, admin, 19:26
Golden FTP Server Pro Remote Buffer Overflow Exploit, mohamed amhemed, 19:16
Re: Apache hacks (./atac, d0s.txt), a.list.address@gmail.com, 18:45
Insecure pty permissions in OS X < 10.4, Matt Johnston, 18:45
DMA[2005-0501a] - 'ARPUS/Ce setuid buffer overflow and file overwrite', KF (lists), 16:24
[Full-disclosure] Multiple Vulnerabilities in Video Cam Server 1.0.0, Donato Ferrante, 10:10

May 01, 2005

[Full-disclosure] [ GLSA 200505-01 ] Horde Framework: Multiple XSS vulnerabilities, Luke Macken, 14:22
[Full-disclosure] Clients format string and server crash in Mtp-Target 1.2.2, Luigi Auriemma, 14:02