Network Security Archives

Vulnerability Development (date)

[Thread Index] [Top] [All Lists]

July 31, 2005

[Full-disclosure] [ GLSA 200508-01 ] Compress::Zlib: Buffer overflow, Sune Kloppenborg Jeppesen, 23:37
Re: [Full-disclosure] OT: Looking for beta testers for Two-FactorAuthentication Service, Mohit Muthanna, 19:05
Re: [Full-disclosure] OT: Looking for beta testers for Two-FactorAuthentication Service, Kurt Seifried, 18:15
[Full-disclosure] OT: Looking for beta testers for Two-Factor Authentication Service, Mohit Muthanna, 17:45
[Full-disclosure] [ GLSA 200507-29 ] pstotext: Remote execution of arbitrary code, Stefan Cornelius, 09:31
Re: [Full-disclosure] Undisclosed Sudo Vulnerability ?, Jim Clausing, 04:59

July 30, 2005

[Full-disclosure] Did you miss us yet?, Phrack Staff, 21:26
Re: Undisclosed Sudo Vulnerability ?, babarr, 16:34
Re: Undisclosed Sudo Vulnerability ?, Kurt Seifried, 16:34
[Full-disclosure] The Java applet sandbox and stateful firewalls, Florian Weimer, 16:04
Undisclosed Sudo Vulnerability ?, Esler, Joel - Contractor, 15:24
[Full-disclosure] [ GLSA 200507-28 ] AMD64 x86 emulation base libraries: Buffer overflow, Thierry Carrez, 12:53
RO CP root exploit, fjlj, 11:52
[HSC Security Group] SQL Injection in Product Cart 2.6, zinho, 11:42
Trillian Ver 3.1 saves password's in plain Text, Suramya Tomar, 11:42
Tool release: Xprobe2 v0.3, Ofir Arkin, 11:32
Kent's Guestbook database exploit, l--s, 11:22
PC-EXPERIENCE/TOPPE CMS Security Advisory, rat, 10:32
Kayako liveResponse Multiple Vulnerabilities, GulfTech Security Research, 10:21
RE: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices, Alexander Klimov, 10:11
RE: [VOIPSEC] VoIP-Phones: Weakness in proccessing SIP-Notify-Messages, Walton, John Michael (John), 10:01

July 29, 2005

[Full-disclosure] Kshout Data Disclosure, group@soulblack.com.ar, 16:43
Re[2]: [Full-disclosure] SPIDynamics WebInspect Cross-ApplicationScripting (XAS), 3APA3A, 08:56
MDKSA-2005:127 - Updated mozilla-thunderbird packages fix multiple vulnerabilities, Mandriva Security Team, 08:26
MDKSA-2005:126 - Updated fetchmail packages fix vulnerability, Mandriva Security Team, 08:26
SPIDynamics WebInspect Cross-ApplicationScripting (XAS), Security-Alert, 08:16
[Full-disclosure] [USN-156-1] TIFF vulnerability, Martin Pitt, 03:23

July 28, 2005

[Full-disclosure] nProtect solutions arbitrary file download and execute vulnerability, Park Gyutae, 22:01
[Full-disclosure] [FLSA-2005:163559] Updated php packages fix security issues, Marc Deslauriers, 20:51
Website Baker Project Multiple Vulnerabilities, thegreatone2176, 20:20
Re: eBay phishing - phishers are getting better, [at], 19:50
Re: Re : [Firefox Bug 302187] New: Shared section vulnerability when opening microsoft office document resulting in DoS, sylvain . roger, 18:59
Cross Site Scripting vulnerabilities in GForge, Joxean Koret, 18:29
[OpenPKG-SA-2005.015] OpenPKG Security Advisory (spamassassin), OpenPKG, 18:19
Re: several vulnerabilities present in Belkin wireless routers, E. Kellinis, 16:08
[Full-disclosure] Advisory 12/2005: UseBB Multiple Vulnerabilities, Stefan Esser, 15:37
Thomson Web Skill Vantage Manager, walter . sobchak, 15:37
Re: eBay phishing - phishers are getting better, Ivaylo Zashev, 15:07
Re: On classifying attacks, Crispin Cowan, 14:57
Vulnerability in Linksys Router access, Nick Simicich, 14:37
Re: Getting round website authentication with Firefox, James Tait, 14:17
Re: PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities, at, 13:56
PhpList Sql Injection and Path Disclosure, thegreatone2176, 13:46
Re: Getting round website authentication with Firefox, Nate Smith, 13:26
Re: LSS Security Advisory: Winamp remote buffer overflow vulnerability, b0fnet, 13:26
[Full-disclosure] [USN-155-2] Updated Epiphany packages to match Mozilla security update, Martin Pitt, 13:16
Re: 3Com launches vulnerability-buying program, Paul Schmehl, 11:55
uguestbook exploit, l--s, 11:35
Re: 3Com launches vulnerability-buying program, Matt Palmer, 11:25
Re: RE: Peter Gutmann data deletion theaory?, Simple Nomad, 11:15
Re: Getting round website authentication with Firefox, Christopher Kunz, 10:45
Re: several vulnerabilities present in Belkin wireless routers, E. Kellinis, 10:14
HAURI live update. Arbitrary remote file download and execute vulnerability, saintlinu, 10:14
[OpenPKG-SA-2005.016] OpenPKG Security Advisory (fetchmail), OpenPKG, 10:04
GNU Mailutils imap4d v0.6 remote format string exploit, coki, 09:54
SUSE Security Announcement: zlib denial of service (SUSE-SA:2005:043), Ludwig Nussel, 09:44
[OpenPKG-SA-2005.014] OpenPKG Security Advisory (zlib), OpenPKG, 07:43
MDKSA-2005:125 - Updated clamav packages fix more vulnerabilities, Mandriva Security Team, 07:23
[VulnWatch] HP OpenView Radia Management Agent remote command execution via directory traversal, NGSSoftware Insight Security Research, 06:32
[Full-disclosure] [USN-149-3] Ubuntu 4.10 update for Firefox vulnerabilities, Martin Pitt, 03:51

July 27, 2005

[Full-disclosure] [ GLSA 200507-27 ] Ethereal: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 23:09
[Full-disclosure] UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : RPCBind updated to prevent remote Denial of Service attack, please_reply_to_security, 19:07
Re: [BugTraq] Peter Gutmann data deletion theaory?, Volker Kuhlmann, 18:37
RE: Peter Gutmann data deletion theaory?, dave kleiman, 18:27
Re: Peter Gutmann data deletion theaory?, Casper . Dik, 18:07
Re: Peter Gutmann data deletion theaory?, devnull, 17:57
Getting round website authentication with Firefox, account . throw, 17:27
Re: On classifying attacks, Crispin Cowan, 16:16
Spyware database lists, Paul Laudanski, 15:35
Re: Peter Gutmann data deletion theaory?, Alexander L. Ivanchev, 14:45
Re: Getting round website authentication with Firefox, Shalom Carmel, 14:25
RE: Peter Gutmann data deletion theaory?, Bret Morey, 12:54
Re: Peter Gutmann data deletion theaory?, Casper . Dik, 12:34
RE: On classifying attacks, Black, Michael, 11:54
RE: [Full-disclosure] SPIDynamics WebInspect Cross-ApplicationScripting (XAS), DAN MORRILL, 11:44
FreeBSD Security Advisory FreeBSD-SA-05:18.zlib, FreeBSD Security Advisories, 11:33
Re: Peter Gutmann data deletion theaory?, Andreas Beck, 10:53
Shared section vulnerability when opening microsoft office document resulting in DoS, sylvain . roger, 10:13
Re: Peter Gutmann data deletion theaory?, Jake Appelbaum, 09:52
Re: RE: Peter Gutmann data deletion theaory?, Ron van Daal, 09:32
Re : [Firefox Bug 302187] New: Shared section vulnerability when opening microsoft office document resulting in DoS, sylvain . roger, 09:32
FreeBSD Security Advisory FreeBSD-SA-05:19.ipsec, FreeBSD Security Advisories, 09:02
[NILESA-20050701] UnixWare 7.x RPC portmapper Dos Vulnerability, Jonglim Yun, 08:01
[Full-disclosure] [ GLSA 200507-26 ] GNU Gadu, CenterICQ, Kadu, EKG, libgadu: Remote code execution in Gadu library, Sune Kloppenborg Jeppesen, 00:38

July 26, 2005

[Full-disclosure] [ISR] - Novell GroupWise Client Remote Buffer Overflow, Francisco Amato, 21:46
[Full-disclosure] New Whitepaper "Software Misuse: from malicious actions to mind control", Andrey Bayora, 16:54
[Full-disclosure] [USN-155-1] Mozilla vulnerabilities, Martin Pitt, 14:33
[Full-disclosure] [ GLSA 200507-25 ] Clam AntiVirus: Integer overflows, Sune Kloppenborg Jeppesen, 14:13
CYBSEC - Security Advisory: Default Configuration Information Disclosure in Lotus Domino, Leandro Meiners, 13:42
3Com launches vulnerability-buying program, Ghaith Nasrawi, 13:32
Re: Re: Local privilege escalation using runasp V3.5.1, securityfocus . 5 . stele, 13:22
Re: Local privilege escalation using runasp V3.5.1, securityfocus . 5 . stele, 13:22
Internet Explorer AJAX Bug, anakin, 13:12
RE: ClamAV Multiple Rem0te Buffer Overflows, Sec-Tec Lists, 13:02
[Full-disclosure] [ GLSA 200507-24 ] Mozilla Suite: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 13:02
[HSC Security Group] XSS in CartWiz, zinho, 12:52
Vulnerability in IBM access, sylvain . roger, 12:42
fetchmail security announcement fetchmail-SA-2005-01, Matthias Andree, 09:40
Ares FileShare 1.1 'Long Searched String' Buffer Overflow Vulnerability, kozan, 09:10
[Full-disclosure] [USN-154-1] vim vulnerability, Martin Pitt, 07:19
Re: [Full-disclosure] Re: ClamAV Multiple Rem0te Buffer Overflows, Stelian Ene, 06:08
[Full-disclosure] Re: ClamAV Multiple Rem0te Buffer Overflows, nick, 05:18
[Full-disclosure] [USN-153-1] fetchmail vulnerability, Martin Pitt, 04:17
[Full-disclosure] SPIDynamics WebInspect Cross-Application Scripting (XAS), 3APA3A, 03:17
[Full-disclosure] Denial of service vulnerability in FTPshell Server Version 3.38, Reed Arvin, 01:26

July 25, 2005

[Full-disclosure] [USN-149-2] Fixed Firefox packages for USN-149-1, Martin Pitt, 16:22
[security bulletin] SSRT4884 rev.5 - HP-UX TCP/IP Remote Denial of Service (DoS), security-alert, 13:31
[security bulletin] SSRT5954 rev.5 - HP-UX TCP/IP Remote Denial of Service (DoS), security-alert, 13:21
[Full-disclosure] [ GLSA 200507-23 ] Kopete: Vulnerability in included Gadu library, Sune Kloppenborg Jeppesen, 12:10
[Full-disclosure] [ GLSA 200507-22 ] sandbox: Insecure temporary file handling, Sune Kloppenborg Jeppesen, 11:40
[Full-disclosure] [ GLSA 200507-21 ] fetchmail: Buffer Overflow, Sune Kloppenborg Jeppesen, 11:40
Siemens SANTIS 50 Authentication Vulnerability, luca . carettoni, 10:09
Corsaire Security Advisory: SAP Internet Graphics Server traversal issue, advisories, 09:49
Beehive Forum Multiple Vulnerabilities, thegreatone2176, 09:39
Chroot Security Group Advisory 2005-07-25 -- ftplocate, [at], 09:39
ECI router login bypass, D ., 09:28
PHP FirstPost remote file include vulnerability, gb . network, 09:18
Arbitrary code execution in SlimFTPd v3.16 - Exploit, redsand, 09:08
[Conectiva-updates] [CLA-2005:980] Conectiva Security Announcement - php4, Conectiva Updates, 08:58
Atomic Photo Album (APA) apa_phpinclude.inc.php remote file include, gr0up . pclabs, 08:48
[Full-disclosure] ClamAV Multiple Rem0te Buffer Overflows, list, 07:07
Re: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices, Petko Petkov, 02:15

July 24, 2005

[Full-disclosure] [FLSA-2005:152842] Updated lvm package fixes security issue, Marc Deslauriers, 08:28
[Full-disclosure] [FLSA-2005:154276] Updated krb5 packages fix security issues, Marc Deslauriers, 08:28

July 23, 2005

Realchat user impersonation - BSA 200506110001, Andreas Beck, 17:52
GoodTech SMTP server 5.16 RCPT TO command remote buffer overflow, Raphaël Rigo, 17:42
MDKSA-2005:124 - Updated zlib packages fix vulnerability, Mandriva Security Team, 17:32
RE: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices, Bojan Zdrnja, 16:22
Strange and very small email - new virus, security-list, 07:28

July 22, 2005

[Full-disclosure] ICMP attacks against TCP: Conclusions, Fernando Gont, 20:23
Critical Patch Update April 2005 for Database 9.2 and 10.1 Update - Correction, unbelievable, 19:53
User privilege escalation exploit., sunos5 . 8, 19:33
RE: Peter Gutmann data deletion theaory?, Robert Thompson Jr., 18:33
Re: Peter Gutmann data deletion theaory?, Thor (Hammer of God), 18:02
Re: [BugTraq] Peter Gutmann data deletion theaory?, Robin Whittle, 17:42
RE: Peter Gutmann data deletion theaory?, Jared Johnson, 17:32
RE: Peter Gutmann data deletion theaory?, Earnhart, Benjamin J, 17:02
Re: several vulnerabilities present in Belkin wireless routers, Roman Daszczyszak, 16:42
Re: RE: Peter Gutmann data deletion theaory?, underwood-de, 16:32
Re: Peter Gutmann data deletion theaory?, "Vincent DUVERNET (Nolmë Informatique)", 16:21
Re: Peter Gutmann data deletion theaory?, Dana Hudes, 16:11
Re: Peter Gutmann data deletion theaory?, Volker Tanger, 16:01
[Full-disclosure] [Argeniss] Oracle 9R2 Unpatched vulnerability on CWM2_OLAP_AW_AWUTIL package, Cesar, 15:51
[PTsecurity] MaxPatrol Network Security Scanner - Free unlimited version has been released., Alexander Anisimov, 15:51
RE: Peter Gutmann data deletion theaory?, Tiago Halm, 15:41
Re: Oracle and setting the record straight, Adam Laurie, 15:31
eBay phishing - phishers are getting better, John Gateley, 15:01
Advisory 11/2005: Multiple vulnerabilities in Contrexx, Christopher Kunz, 15:01
SlimFTPd Server: PoC Exploit, Dim K0r0l, 14:51
RE: Peter Gutmann data deletion theaory?, D. Weiss, 14:40
[Full-disclosure] [USN-151-2] zlib vulnerabilities, Martin Pitt, 10:28
[Full-disclosure] Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954, Dana Hudes, 03:44
[Full-disclosure] Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954, Darren Reed, 03:44

July 21, 2005

Re: Re: [HSC Security Group] Invision PowerBoard 1.3.x - 2-x Exploit and Patch, [at], 23:43
Re: Peter Gutmann data deletion theaory?, Simple Nomad, 23:22
[Full-disclosure] [ GLSA 200507-20 ] Shorewall: Security policy bypass, Sune Kloppenborg Jeppesen, 23:12
[Full-disclosure] [ GLSA 200507-19 ] zlib: Buffer overflow, Sune Kloppenborg Jeppesen, 23:12
Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4 - HP-UX TCP/IP Remote Denial of Service (DoS)), Dennis Lubert, 23:12
[Full-disclosure] Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954, Fernando Gont, 21:32
[Full-disclosure] Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954, Fernando Gont, 21:32
[Full-disclosure] ICMP-based blind connection-reset attack, Fernando Gont, 21:22
Mozilla XPCOM Library Race Condition, GulfTech Security Research, 18:20
Re: Peter Gutmann data deletion theaory?, Jay D. Dyson, 17:28
RE: Peter Gutmann data deletion theaory?, Barbara Lockwood, 16:17
Multiple vulnerabilities in libgadu and ekg package, Wojtek Kaniewski, 16:07
RE: Peter Gutmann data deletion theaory?, Glenn.Everhart, 15:57
RE: Peter Gutmann data deletion theaory?, Jeremy Epstein, 15:27
Re: [Full-disclosure] ICMP Security Vulnerabilities - NEW (cough), Vic Vandal, 15:06
MDKSA-2005:122 - Updated kdelibs packages fix vulnerability in kate and kwrite, Mandriva Security Team, 13:15
Oracle and setting the record straight, David Litchfield, 12:45
MDKSA-2005:123 - Updated shorewall packages fix vulnerability, Mandriva Security Team, 12:25
[KDE Security Advisory] Multiple libgadu vulnerabilities, Dirk Mueller, 12:15
Peter Gutmann data deletion theaory?, Jared Johnson, 12:05
Re: ICMP-based blind performance-degrading attack, Darren Reed, 11:34
Re: PHPNews SQL injection vulnerability, foster, 11:24
[Full-disclosure] Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954, Casper . Dik, 11:14
Arbitrary code execution in SlimFTPd v3.16, Raphaël Rigo, 10:44
[Full-disclosure] [USN-152-1] PAM/NSS LDAP vulnerabilitiy, Martin Pitt, 07:53
[Full-disclosure] [USN-151-1] zlib vulnerability, Martin Pitt, 03:41
[Full-disclosure] [USN-150-1] KDE library vulnerability, Martin Pitt, 03:20
[Full-disclosure] Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954, Darren Reed, 02:30
[Full-disclosure] [USN-149-1] Firefox vulnerabilities, Martin Pitt, 00:49

July 20, 2005

Re: Installation of software, and security. . ., joop gerritse, 20:27
Re: Installation of software, and security. . ., Peter Keel, 19:47
Re: Anonymous Anonymity - Request For Comments, Moritz Naumann, 19:37
RE: Installation of software, and security. . ., Glenn.Everhart, 19:17
Re: Re: several vulnerabilities present in Belkin wireless routers, steven . salaets, 18:56
SQL Injection in Chinese ASP Webcounter, r_i_t_b_15, 18:46
RE: Installation of software, and security. . ., Burton Strauss, 18:36
Re: Anonymous Anonymity - Request For Comments, S_Dorn/CIB, 18:26
Re: UPB: Discussion Board/Web-Site Takeover, rgod, 17:56
Re: On classifying attacks, Technica Forensis, 17:56
Re: Installation of software, and security. . ., John Richard Moser, 17:46
[Full-disclosure] Re: ICMP-based blind performance-degrading attack, Darren Reed, 17:26
FreeBSD Security Advisory FreeBSD-SA-05:17.devfs, FreeBSD Security Advisories, 16:45
[Full-disclosure] Re: ICMP-based blind performance-degrading attack, Fernando Gont, 16:35
[Full-disclosure] Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4, Darren Reed, 16:15
[Full-disclosure] Re: (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4, Fernando Gont, 16:15
Anonymous Web Attacks via Dedicated Mobile Services, Petko Petkov, 15:54
PHPNews SQL injection vulnerability, ghc, 15:04
[Fwd: phpBB 2.0.17 released], Christian Boenning, 14:44
PatchAdvisor Vulnerability Alert - Cisco CallManager Remote Denial of Service Vulnerability, vames, 14:13
Multiple Vulnerabilities in PHP Surveyor, thegreatone2176, 11:52
[Full-disclosure] Trivial BGP attacks (ICMP-based blind throughput-reduction attack), Fernando Gont, 06:09
[Full-disclosure] ICMP-based blind performance-degrading attack, Fernando Gont, 06:09
[Full-disclosure] PeanutHull Local Privilege Escalation Vulnerability, Sowhat ., 02:47
[Full-disclosure] [ GLSA 200507-18 ] MediaWiki: Cross-site scripting vulnerability, Thierry Carrez, 01:17

July 19, 2005

Re: SiteMinder Multiple Vulnerabilities, Williams, James K, 18:03
Oracle Security Advisory: Various Cross-Site-Scripting Vulnerabilities in Oracle Reports, ak, 17:23
RE: On classifying attacks, Black, Michael, 17:03
Oracle Security Advisory: Run any OS Command via unauthorized Oracle Reports, ak, 16:33
Pointless discussion (was Re: Installation of software, and security. . .), David F. Skoll, 16:22
Re: Anonymous Anonymity - Request For Comments, gandalf, 16:22
Oracle Security Advisory: Read parts of any XML-file via customize parameter in Oracle Reports, ak, 16:12
Re: Installation of software, and security. . ., Alexander Klimov, 16:12
Re: Installation of software, and security. . ., David F. Skoll, 16:02
[Full-disclosure] (ICMP attacks against TCP) (was Re: HPSBUX01137 SSRT5954 rev.4 - HP-UX TCP/IP Remote Denial of Service (DoS)), Fernando Gont, 15:52
Update Your Bookmarks, Valentin Vorovenci, 15:52
Oracle Security Advisory: Read parts of any file via desformat in Oracle Reports, ak, 15:42
Re: On classifying attacks, Dustin D. Trammell, 15:32
RE: Installation of software, and security. . ., Burton Strauss, 15:22
[TOOLS] CIRT.DK WebRoot Version v.1.7, CIRT.DK Advisory, 15:22
Re: Installation of software, and security. . ., Matt Beaumont, 15:12
Oracle Security Advisory: Run any OS Command via unauthorized Oracle Forms, ak, 15:02
Re: Installation of software, and security. . ., Jason Coombs, 15:02
Re: SiteMinder Multiple Vulnerabilities (solution), Williams, James K, 14:31
Re: On classifying attacks, Crispin Cowan, 14:11
[Full-disclosure] Mozilla cleartext credentials leak bug report to excuse myself (Re[2]: NTLM HTTP Authentication is insecure by design - a new writeup by Amit Klein), 3APA3A, 13:50
RE: Installation of software, and security. . ., Burton Strauss, 13:40
[Full-disclosure] Re: NTLM HTTP Authentication is insecure by design - a new writeup by Amit Klein, Amit Klein (AKsecurity), 13:20
Oracle Security Advisory: Overwrite any file via desname in Oracle Reports, ak, 12:59
Re: Installation of software, and security. . ., Kerry Thompson, 12:29
Re: NTLM HTTP Authentication is insecure by design - a new writeup by Amit Klein, 3APA3A, 12:09
Re: On classifying attacks, Adam Shostack, 11:48
HPSBUX01164 SSRT4884 rev.4 - HP-UX TCP/IP Remote Denial of Service (DoS), Security Alert, 11:28
Re: Installation of software, and security. . ., Tino Wildenhain, 10:58
Re: Internet Explorer / MSN ICC Profiles Crash PoC Exploit, mark . handy, 10:48
Re: [Full-disclosure] Anonymous Web Attacks via Dedicated MobileServices, Morning Wood, 10:38
Re: Anonymous Anonymity - Request For Comments, Craig Skelton, 10:28
HPSBUX01137 SSRT5954 rev.4 - HP-UX TCP/IP Remote Denial of Service (DoS), Security Alert, 10:18
Re: Installation of software, and security. . ., Tim Nelson, 10:07
MDKSA-2005:121 - Updated nss_ldap/pam_ldap packages fix vulnerabilities, Mandriva Security Team, 09:37
[Full-disclosure] [ISR] - Novell Groupwise WebAccess Cross-Site Scripting, Francisco Amato, 06:15
[Full-disclosure] Anonymous Web Attacks via Dedicated Mobile Services, Petko Petkov, 04:44

July 18, 2005

Re: On classifying attacks, Crispin Cowan, 21:00
Re: Installation of software, and security. . ., Klaus Schwenk, 20:00
Anonymous Anonymity - Request For Comments, Gandalf The White, 19:40
Re: On classifying attacks, Mihai Amarandei-Stavila, 18:49
Re: On classifying attacks, Steven M. Christey, 16:28
Re: On classifying attacks, James Longstreet, 16:18
Re: [HSC Security Group] Invision PowerBoard 1.3.x - 2-x Exploit and Patch, GulfTech Security Research, 15:57
Re: Installation of software, and security. . ., John Richard Moser, 15:27
MRV In-Reach console server: Port Access Control Bypass Vulnerability, spam, 13:56
Re: VoIP-Phones: Weakness in proccessing SIP-Notify-Messages, Javor Ninov, 13:16
[KDE Security Advisory]: Kate backup file permission leak, Dirk Mueller, 12:56
NTLM HTTP Authentication is insecure by design - a new writeup by Amit Klein, Amit Klein (AKsecurity), 12:36
Re: On classifying attacks, Godwin Stewart, 12:26
HPSBTU01210 SSRT4743, SSRT4884 rev.0 - HP Tru64 UNIX TCP/IP remote Denial of Service (DoS), Security Alert, 11:45
Re: several vulnerabilities present in Belkin wireless routers, ian . latter, 11:25
Re: Compromising pictures of Microsoft Internet Explorer!, Stefan Kelm, 11:05
[Full-disclosure] Broadcast format string and buffer-overflow in Race Driver 1.20, Luigi Auriemma, 10:14
RE: [Full-disclosure] RE: Why Vulnerability Databases can't do everything, aaron_kempf, 09:44
[Full-disclosure] [ GLSA 200507-17 ] Mozilla Thunderbird: Multiple vulnerabilities, Thierry Carrez, 01:18
Re: [Full-disclosure] Rooting Linux with a floppy, sec-list, 00:28

July 17, 2005

[Full-disclosure] Shorewall MACLIST Problem, Patrick Blitz, 17:04
[Full-disclosure] [gentoo-announce] [ GLSA 200503-13 ] mlterm: Integer overflow vulnerability, Luke Macken, 09:31
[Full-disclosure] [gentoo-announce] [ GLSA 200503-27 ] Xzabite dyndnsupdate: Multiple vulnerabilities, Thierry Carrez, 09:31
[Full-disclosure] [gentoo-announce] [ GLSA 200503-28 ] Sun Java: Web Start argument injection vulnerability, Thierry Carrez, 09:21
[Full-disclosure] [gentoo-announce] [ GLSA 200503-29 ] GnuPG: OpenPGP protocol attack, Thierry Carrez, 09:21
[Full-disclosure] [gentoo-announce] [ GLSA 200503-30 ] Mozilla Suite: Multiple vulnerabilities, Thierry Carrez, 09:21
[Full-disclosure] [gentoo-announce] [ GLSA 200503-31 ] Mozilla Firefox: Multiple vulnerabilities, Thierry Carrez, 09:21
[Full-disclosure] [gentoo-announce] [ GLSA 200503-32 ] Mozilla Thunderbird: Multiple vulnerabilities, Thierry Carrez, 09:21
[Full-disclosure] [gentoo-announce] [ GLSA 200503-33 ] IPsec-Tools: racoon Denial of Service, Matthias Geerdsen, 09:11
[Full-disclosure] [gentoo-announce] [ GLSA 200503-34 ] mpg321: Format string vulnerability, Sune Kloppenborg Jeppesen, 09:11
[Full-disclosure] [gentoo-announce] [ GLSA 200504-02 ] Sylpheed, Sylpheed-claws: Buffer overflow on message display, Thierry Carrez, 09:11
[Full-disclosure] [gentoo-announce] [ GLSA 200504-03 ] Dnsmasq: Poisoning and Denial of Service vulnerabilities, Thierry Carrez, 09:00
[Full-disclosure] [gentoo-announce] [ GLSA 200504-04 ] mit-krb5: Multiple buffer overflows in telnet client, Thierry Carrez, 09:00
[Full-disclosure] [gentoo-announce] [ GLSA 200504-05 ] Gaim: Denial of Service issues, Luke Macken, 09:00
[Full-disclosure] [gentoo-announce] [ GLSA 200504-06 ] sharutils: Insecure temporary file creation, Luke Macken, 09:00
[Full-disclosure] [gentoo-announce] [ GLSA 200503-14 ] KDE dcopidlng: Insecure temporary file creation, Sune Kloppenborg Jeppesen, 09:00
[Full-disclosure] [gentoo-announce] [ GLSA 200503-15 ] X.org: libXpm vulnerability, Matthias Geerdsen, 08:50
[Full-disclosure] [gentoo-announce] [ GLSA 200503-18 ] Ringtone Tools: Buffer overflow vulnerability, Luke Macken, 08:50
[Full-disclosure] [gentoo-announce] [ GLSA 200503-16 ] Ethereal: Multiple vulnerabilities, Luke Macken, 08:50
[Full-disclosure] [gentoo-announce] [ GLSA 200503-17 ] libexif: Buffer overflow vulnerability, Luke Macken, 08:50
[Full-disclosure] [gentoo-announce] UPDATE: [ GLSA 200501-38 ] Perl: rmtree and DBI tmpfile vulnerabilities, Thierry Carrez, 08:50
[Full-disclosure] [gentoo-announce] [ GLSA 200503-23 ] rxvt-unicode: Buffer overflow, Sune Kloppenborg Jeppesen, 08:50
[Full-disclosure] [gentoo-announce] [ GLSA 200503-24 ] LTris: Buffer overflow, Sune Kloppenborg Jeppesen, 08:40
[Full-disclosure] [gentoo-announce] [ GLSA 200503-25 ] OpenSLP: Multiple buffer overflows, Thierry Carrez, 08:40
[Full-disclosure] [gentoo-announce] [ GLSA 200503-26 ] Sylpheed, Sylpheed-claws: Message reply overflow, Luke Macken, 08:40
[Full-disclosure] [gentoo-announce] [ GLSA 200503-36 ] netkit-telnetd: Buffer overflow, Thierry Carrez, 08:40
[Full-disclosure] [gentoo-announce] [ GLSA 200503-35 ] Smarty: Template vulnerability, Thierry Carrez, 08:40
[Full-disclosure] [gentoo-announce] [ GLSA 200503-37 ] LimeWire: Disclosure of sensitive information, Thierry Carrez, 08:30
[Full-disclosure] [gentoo-announce] [ GLSA 200504-01 ] telnet-bsd: Multiple buffer overflows, Thierry Carrez, 08:30
[Full-disclosure] [gentoo-announce] [ GLSA 200503-20 ] curl: NTLM response buffer overflow, Sune Kloppenborg Jeppesen, 08:30
[Full-disclosure] [gentoo-announce] [ GLSA 200503-19 ] MySQL: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 08:30
[Full-disclosure] [gentoo-announce] [ GLSA 200503-21 ] Grip: CDDB response overflow, Luke Macken, 08:20
[Full-disclosure] [gentoo-announce] [ GLSA 200503-22 ] KDE: Local Denial of Service, Sune Kloppenborg Jeppesen, 08:20
[Full-disclosure] [gentoo-announce] [ GLSA 200504-12 ] rsnapshot: Local privilege escalation, Thierry Carrez, 08:20
[Full-disclosure] [gentoo-announce] [ GLSA 200504-14 ] monkeyd: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 08:20
[Full-disclosure] [gentoo-announce] [ GLSA 200504-19 ] MPlayer: Two heap overflow vulnerabilities, Matthias Geerdsen, 08:20
[Full-disclosure] [gentoo-announce] [ GLSA 200505-16 ] ImageMagick, GraphicsMagick: Denial of Service vulnerability, Thierry Carrez, 08:20
[Full-disclosure] [gentoo-announce] [ GLSA 200505-15 ] gdb: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 08:20
[Full-disclosure] [gentoo-announce] [ GLSA 200505-12 ] PostgreSQL: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 08:10
[Full-disclosure] [gentoo-announce] [ GLSA 200504-22 ] KDE kimgio: PCX handling buffer overflow, Sune Kloppenborg Jeppesen, 08:10
[Full-disclosure] [gentoo-announce] [ GLSA 200505-10 ] phpBB: Cross-Site Scripting Vulnerability, Sune Kloppenborg Jeppesen, 08:10
[Full-disclosure] [gentoo-announce] [ GLSA 200505-13 ] FreeRADIUS: Buffer overflow and SQL injection vulnerability, Sune Kloppenborg Jeppesen, 07:59
[Full-disclosure] [gentoo-announce] [ GLSA 200505-20 ] Mailutils: Multiple vulnerabilities in imap4d and mail, Thierry Carrez, 07:59
[Full-disclosure] [gentoo-announce] [ GLSA 200505-18 ] Net-SNMP: fixproc insecure temporary file creation, Sune Kloppenborg Jeppesen, 07:59
[Full-disclosure] [gentoo-announce] [ GLSA 200506-03 ] Dzip: Directory traversal vulnerability, Thierry Carrez, 07:59
[Full-disclosure] [gentoo-announce] UPDATE: [ GLSA 200504-23 ] Kommander: Insecure remote script execution, Sune Kloppenborg Jeppesen, 07:59
[Full-disclosure] [gentoo-announce] [ GLSA 200506-10 ] LutelWall: Insecure temporary file creation, Thierry Carrez, 07:49
[Full-disclosure] [gentoo-announce] [ GLSA 200506-08 ] GNU shtool, ocaml-mysql: Insecure temporary file creation, Thierry Carrez, 07:49
[Full-disclosure] [gentoo-announce] [ GLSA 200506-11 ] Gaim: Denial of Service vulnerabilities, Thierry Carrez, 07:49
[Full-disclosure] [gentoo-announce] [ GLSA 200506-02 ] Mailutils: SQL Injection, Thierry Carrez, 07:49
[Full-disclosure] [gentoo-announce] UPDATE: [ GLSA 200505-06 ] TCPDump: Decoding routines Denial of Service vulnerability, Thierry Carrez, 07:49
[Full-disclosure] [gentoo-announce] [ GLSA 200506-14 ] Sun and Blackdown Java: Applet privilege escalation, Sune Kloppenborg Jeppesen, 07:39
[Full-disclosure] [gentoo-announce] [ GLSA 200506-20 ] Cacti: Several vulnerabilities, Sune Kloppenborg Jeppesen, 07:39
[Full-disclosure] [gentoo-announce] [ GLSA 200504-20 ] openMosixview: Insecure temporary file creation, Thierry Carrez, 07:39
[Full-disclosure] [gentoo-announce] [ GLSA 200504-11 ] JunkBuster: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 07:39
[Full-disclosure] [gentoo-announce] [ GLSA 200504-30 ] phpMyAdmin: Insecure SQL script installation, Sune Kloppenborg Jeppesen, 07:39
[Full-disclosure] [gentoo-announce] [ GLSA 200506-13 ] webapp-config: Insecure temporary file handling, Sune Kloppenborg Jeppesen, 07:29
[Full-disclosure] [gentoo-announce] [ GLSA 200504-13 ] OpenOffice.Org: DOC document Heap Overflow, Sune Kloppenborg Jeppesen, 07:29
[Full-disclosure] [gentoo-announce] [ GLSA 200505-14 ] Cheetah: Untrusted module search path, Sune Kloppenborg Jeppesen, 07:29
[Full-disclosure] [gentoo-announce] [ GLSA 200504-21 ] RealPlayer, Helix Player: Buffer overflow vulnerability, Thierry Carrez, 07:29
[Full-disclosure] [gentoo-announce] ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability, Sune Kloppenborg Jeppesen, 07:19
[Full-disclosure] [gentoo-announce] [ GLSA 200506-09 ] gedit: Format string vulnerability, Thierry Carrez, 07:19
[Full-disclosure] [gentoo-announce] [ GLSA 200506-07 ] Ettercap: Format string vulnerability, Thierry Carrez, 07:19
[Full-disclosure] [gentoo-announce] [ GLSA 200505-19 ] gxine: Format string vulnerability, Thierry Carrez, 07:19
[Full-disclosure] [gentoo-announce] [ GLSA 200504-08 ] phpMyAdmin: Cross-site scripting vulnerability, Luke Macken, 07:19
[Full-disclosure] [gentoo-announce] [ GLSA 200505-17 ] Qpopper: Multiple Vulnerabilities, Sune Kloppenborg Jeppesen, 07:19
[Full-disclosure] [gentoo-announce] [ GLSA 200506-12 ] MediaWiki: Cross-site scripting vulnerability, Sune Kloppenborg Jeppesen, 07:19
[Full-disclosure] [gentoo-announce] [ GLSA 200506-21 ] Trac: File upload vulnerability, Sune Kloppenborg Jeppesen, 07:08
[Full-disclosure] [gentoo-announce] [ GLSA 200506-23 ] Clam AntiVirus: Denial of Service vulnerability, Sune Kloppenborg Jeppesen, 07:08
[Full-disclosure] [gentoo-announce] [ GLSA 200506-22 ] sudo: Arbitrary command execution, Sune Kloppenborg Jeppesen, 07:08
[Full-disclosure] [gentoo-announce] [ GLSA 200506-24 ] Heimdal: Buffer overflow vulnerabilities, Sune Kloppenborg Jeppesen, 07:08
[Full-disclosure] [gentoo-announce] [ GLSA 200506-15 ] PeerCast: Format string vulnerability, Thierry Carrez, 06:58
[Full-disclosure] [gentoo-announce] [ GLSA 200506-16 ] cpio: Directory traversal vulnerability, Luke Macken, 06:48
[Full-disclosure] [gentoo-announce] [ GLSA 200506-17 ] SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability, Sune Kloppenborg Jeppesen, 06:48
[Full-disclosure] [gentoo-announce] [ GLSA 200506-19 ] SquirrelMail: Several XSS vulnerabilities, Sune Kloppenborg Jeppesen, 06:48
[Full-disclosure] [gentoo-announce] [ GLSA 200506-18 ] Tor: Information disclosure, Thierry Carrez, 06:48

July 16, 2005

Re: several vulnerabilities present in Belkin wireless routers, nicolas.ruff@gmail.com, 18:33
Re: several vulnerabilities present in Belkin wireless routers, Ian Clelland, 18:23
[ZH2005-16SA] Insecure temporary file creation in Skype for Linux, badpenguin, 18:12
Re: [HSC Security Group] Invision PowerBoard 1.3.x - 2-x Exploit and Patch, milw0rm Inc., 18:02
PowerDNS 2.9.18 fixes two security issues affecting users of LDAP backend or limited recursion, bert . hubert, 17:52
Re: [HSC Security Group] Invision PowerBoard 1.3.x - 2-x Exploit and Patch, augustusx00, 17:52
Re: [Full-disclosure] Why Vulnerability Databases can't do everything, Joel Maslak, 17:32
Re: [Full-disclosure] RE: Why Vulnerability Databases can't do everything, security curmudgeon, 17:12
Re: On classifying attacks, Indigo Haze, 16:32
Re: On classifying attacks, James Longstreet, 16:21
[HSC Security Group] Invision PowerBoard 1.3.x - 2-x Exploit and Patch, zinho, 15:51
Installation of software, and security. . ., John Richard Moser, 15:41
Re: On classifying attacks, Derek Martin, 15:31
RE: Any info on potential 0day RDP vuln?, Altheide, Cory B. (IARC), 15:21
Solaris Runtime Linker - Exploit Detection, petefran, 15:20
Internet Explorer / MSN ICC Profiles Crash PoC Exploit, edward11, 14:50
Re: [Full-disclosure] Rooting Linux with a floppy, als, 13:39
Re: [Full-disclosure] Why Vulnerability Databases can't do everything, J.A. Terranson, 11:48
Re: [Full-disclosure] Why Vulnerability Databases can't do everything, Jason Coombs, 11:28
[Full-disclosure] [FLSA-2005:152844] Updated PostgreSQL packages fix security issues, Marc Deslauriers, 10:07
[Full-disclosure] [FLSA-2005:152900] Updated squirrelmail package fixes security issue, Marc Deslauriers, 10:07
[Full-disclosure] RE: Why Vulnerability Databases can't do everything, aaron_kempf, 05:45

July 15, 2005

[Full-disclosure] [FLSA-2005:152769] Updated kdelibs/kdebase packages fix security issues, Marc Deslauriers, 20:00
[Full-disclosure] [FLSA-2005:152838] Updated gd packages fix security issues, Marc Deslauriers, 19:50
[Full-disclosure] [FLSA-2005:152841] Updated openssl packages fix security issues, Marc Deslauriers, 19:50
[Full-disclosure] [FLSA-2005:152874] Updated samba packages fix security issues, Marc Deslauriers, 19:50
[Full-disclosure] [FLSA-2005:152891] Updated cpio package fixes security issue, Marc Deslauriers, 19:50
[Full-disclosure] [FLSA-2005:152917] Updated curl packages fix a security issue, Marc Deslauriers, 19:40
[Full-disclosure] [FLSA-2005:152925] Updated mysql packages fix security issues, Marc Deslauriers, 19:40
[Full-disclosure] [FLSA-2005:154272] Updated gdk-pixbuf packages fix a security issue, Marc Deslauriers, 19:40
[Full-disclosure] [FLSA-2005:158149] Updated mozilla packages fix security issues, Marc Deslauriers, 19:40
Any info on potential 0day RDP vuln?, Mark, 15:28
Re: Silently fixed security bugs in Oracle Critical Patch Update July 2005, David Litchfield, 14:58
Stack-Based Buffer Overflow in Sybase EAServer 4.2.5 to 5.2, SPI Labs, 14:47
Re: Compromising pictures of Microsoft Internet Explorer!, Steve Kemp, 14:37
AW: Silently fixed security bugs in Oracle Critical Patch Update July 2005, Kornbrust, Alexander, 14:27
[Full-disclosure] [ GLSA 200507-16 ] dhcpcd: Denial of Service vulnerability, Thierry Carrez, 13:57
[Full-disclosure] Why Vulnerability Databases can't do everything, Steven M. Christey, 12:16
LSS Security Advisory: Winamp remote buffer overflow vulnerability, Leon Juranic, 11:56
Re: several vulnerabilities present in Belkin wireless routers, Steve Kemp, 11:15
Compromising pictures of Microsoft Internet Explorer!, Michal Zalewski, 10:55
Silently fixed security bugs in Oracle Critical Patch Update July 2005, ak, 10:35
RE: On classifying attacks, Bryan McAninch, 10:25
RE: [Full-disclosure] Rooting Linux with a floppy, James Longstreet, 09:24
On classifying attacks, Derek Martin, 09:24
several vulnerabilities present in Belkin wireless routers, [at], 08:54
[Full-disclosure] [ GLSA 200507-15 ] PHP: Script injection through XML-RPC, Thierry Carrez, 08:03
Re: [Full-disclosure] Rooting Linux with a floppy, Dan Becker, 06:53
Re: [Full-disclosure] Multiple ZeroLen Attachments, Jerome Athias, 05:42
RE: [Full-disclosure] Rooting Linux with a floppy, Lauro, John, 04:52
Re: [Full-disclosure] Rooting Linux with a floppy, sec-list, 03:21
Re: [Full-disclosure] Rooting Linux with a floppy, Kurt Seifried, 03:11
[Full-disclosure] Rooting Linux with a floppy, Sumy, 02:51
[Full-disclosure] Multiple ZeroLen Attachments, {tonyFelice}, 02:31
[Full-disclosure] [ GLSA 200507-14 ] Mozilla Firefox: Multiple vulnerabilities, Thierry Carrez, 02:00

July 14, 2005

MDKSA-2005:119 - Updated krb5 packages fix multiple vulnerabilities, Mandriva Security Team, 15:46
MDKSA-2005:120 - Updated mozilla-firefox packages fix multiple vulnerabilities, Mandriva Security Team, 15:46
[Full-disclosure] iDEFENSE Security Advisory 07.14.05: Sophos Anti-Virus Zip File Handling DoS Vulnerability, iDEFENSE Labs, 15:25
Re: blogtorrent remote/local user password disclosure, trashtrash, 15:15
XSS in forums Simple Message Board Version 2.0 Beta 1, stormhacker, 14:55
05_07_14-bitdefender_malicious_content_bypass, Alexander Hagenah, 14:45
SquirrelMail Arbitrary Variable Overwriting Vulnerability, GulfTech Security Research, 14:45
[SM-ANNOUNCE] Patch available for CAN-2005-2095, Jonathan Angliss, 14:35
TSLSA-2005-0036 - multi, Trustix Security Advisor, 14:25
1st European Conference on Computer Network Defence (EC2ND), Blyth A J C (Comp), 14:15
YaBBSe 1.5.5c Path disclosure problem, priestmaster, 14:15
Re: [Full-disclosure] ICMP Security Vulnerabilities - NEW (cough), Fernando Gont, 12:03
[Full-disclosure] [ GLSA 200507-13 ] pam_ldap and nss_ldap: Plain text authentication leak, Thierry Carrez, 03:45

July 13, 2005

Re: Microsoft Word Protection Bypass, Johan De Meersman, 16:37
Path Disclosure and XSS problem in PHP Counter 7.2, priestmaster, 16:26
Advisory: Oracle Forms Builder Password in Temp Files, ak, 16:16
Advisory: Oracle Forms Insecure Temporary File Handling, ak, 16:16
Advisory: Oracle JDeveloper Plaintext Passwords, ak, 15:36
[SM-ANNOUNCE] SquirrelMail 1.4.5 Released, Jonathan Angliss, 15:16
Advisory: Oracle JDeveloper passes Plaintext Password, ak, 15:16
PHPsFTPd - Admin password leak, Steve, 14:56
WPS Web-Portal-System v.0.7.0 (wps_shop.cgi) remote commands execution vulnerability, blahplok, 14:45
[Full-disclosure] [ GLSA 200507-12 ] Bugzilla: Unauthorized access and information disclosure, Thierry Carrez, 14:15
[Full-disclosure] Endless loop in NetPanzer 0.8, Luigi Auriemma, 13:14
MDKSA-2005:118 - Updated ruby packages fix vulnerabilities, Mandriva Security Team, 10:41
MDKSA-2005:117 - Updated dhcpcd packages fix vulnerabilities, Mandriva Security Team, 10:41
[VulnWatch] CORE-2005-0629: MailEnable Buffer Overflow Vulnerability, Core Security Technologies Advisories, 09:59
[Full-disclosure] APPLE Darwin Streaming Server Web Admin Remote Denial of Serivce, Sowhat ., 02:59

July 12, 2005

SoftiaCom MailServer v2.0 - Denial Of Service, unsecure, 21:26
MITKRB5-SA-2005-002: buffer overflow, heap corruption in KDC, Tom Yu, 20:26
Full Disclosure - XMLRPC Exploit Code written in Python jul 2005, Anonymous, 19:55
Dragonfly Shopping Cart Multiple vulnerabilities, dcrab, 19:25
Re: MITKRB5-SA-2005-003: double-free in krb5_recvauth, Tom Yu, 19:05
Re: /dev/random is probably not, Francesco Messineo, 18:55
DMA[2005-0712a] - 'Nokia Affix Bluetooth btftp client buffer overflow', KF (lists), 18:35
PacSec/core05 Call For Papers, Dragos Ruiu, 17:14
Multiple High Risk Vulnerabilities in Oracle E-Business Suite 11i - Critical Patch Update July 2005, Integrigy Security, 16:33
Metasploit exploit for PHP XMLRPC, comsatcat, 16:23
Possible security issue with FreeBSD 5.4 jailing and BPF, ronvdaal, 16:03
[Full-disclosure] [FLSA-2005:152777] Updated ImageMagick packages fix security issues, Marc Deslauriers, 16:03
MDKSA-2005:113 - Updated clamav packages fix vulnerability, Mandriva Security Team, 15:53
MDKSA-2005:114 - Updated leafnode packages fix multiple vulnerabilities, Mandriva Security Team, 15:33
MDKSA-2005:115 - Updated mplayer packages fix vulnerabilities, Mandriva Security Team, 15:23
MDKSA-2005:116 - Updated cpio packages fix vulnerabilities, Mandriva Security Team, 15:02
Re: Problems with the Oracle Critical Patch Update for April 2005, David Litchfield, 14:52
Re: a new sql injection for aspjar guestbook, security curmudgeon, 14:32
SoftiaCom MailServer - Local Password Disclosure Vulnerability, unsecure, 14:32
MA[2005-0712b] - 'Nokia Affix Bluetooth btsrv/btobex poor use of system()', KF (lists), 14:02
MITKRB5-SA-2005-003: double-free in krb5_recvauth, Tom Yu, 14:02
[Full-disclosure] [ GLSA 200507-11 ] MIT Kerberos 5: Multiple vulnerabilities, Sune Kloppenborg Jeppesen, 12:51
[Full-disclosure] Advisory 10/2005: Yawp/YaWiki Remote URL Include Vulnerability, Stefan Esser, 12:11
[Full-disclosure] Detecting vulnerable zlib versions (CAN-2005-2096), Florian Weimer, 12:01
[Full-disclosure] iDEFENSE Security Advisory 07.12.05: Microsoft Word 2000 and Word 2002 Font Parsing Buffer Overflow Vulnerability, iDEFENSE Labs, 11:20

July 11, 2005

[Full-disclosure] Re: XSS in nested tag in phpbb 2.0.16, Paul Laudanski, 19:02
ASP.NET RCP/Encoded Web service DOS, SPI Labs, 17:41
[VulnWatch] Re: Problems with the Oracle Critical Patch Update for April 2005, Cesar, 17:21
[Full-disclosure] [FLSA-2005:152583] Updated telnet packages fix security issues, Marc Deslauriers, 16:10
[Full-disclosure] [FLSA-2005:123014] Updated openssh packages fix a security issue, Marc Deslauriers, 16:10
Re: SiteMinder Multiple Vulnerabilities, Tero Hänninen, 12:58
blogtorrent remote/local user password disclosure, Emanuele Gentili, 12:48
WASC-Articles: 'DOM Based Cross Site Scripting or XSS of the Third Kind: A look at an overlooked flavor of XSS', contact, 12:38
Bug Hosting Controller New (v6.1 - Hotfix 2.1), kehieuhoc, 10:36
McAfee Intrushield IPS Abuse Update is available, AsTriXs, 10:26
[Full-disclosure] [ GLSA 200507-10 ] Ruby: Arbitrary command execution through XML-RPC, Thierry Carrez, 08:25
[Full-disclosure] [ GLSA 200507-09 ] Adobe Acrobat Reader: Buffer overflow vulnerability, Matthias Geerdsen, 07:04
Re: [Full-disclosure] [ Suresec Advisories ] - Linux kernel ia32 compatibility (ia64/x86-64) race condition, Juergen Schmidt, 05:33
[Full-disclosure] [ Suresec Advisories ] - Linux kernel ia32 compatibility (ia64/x86-64) race condition, Suresec Advisories, 00:00

July 10, 2005

[Full-disclosure] [FLSA-2005:152835] Updated dhcp package fixes security issue, Marc Deslauriers, 15:06
[Full-disclosure] [FLSA-2005:152895] Updated mailman package fixes security issue, Marc Deslauriers, 15:06
[Full-disclosure] [FLSA-2005:152908] Updated gftp package fixes security issue, Marc Deslauriers, 15:06
[Full-disclosure] [FLSA-2005:154991] Updated sharutils package fixes security issue, Marc Deslauriers, 15:06
[Full-disclosure] [FLSA-2005:155505] Updated php packages fix security issues, Marc Deslauriers, 15:06
[Full-disclosure] [ GLSA 200507-08 ] phpGroupWare, eGroupWare: PHP script injection vulnerability, Matthias Geerdsen, 13:05
[Full-disclosure] [ GLSA 200507-07 ] phpWebSite: Multiple vulnerabilities, Matthias Geerdsen, 05:02

July 09, 2005

Re: A comment on using CPU resources, Steven Champeon, 15:06
Re: A comment on using CPU resources, Steven Champeon, 14:56
Re: A comment on using CPU resources, Christian, 14:56
Re: A comment on using CPU resources, Joachim Schipper, 14:46
Re: Re: A comment on using CPU resources, securityfocus, 14:36
RE: A comment on using CPU resources, Scott Marburger, 14:35
RE: A comment on using CPU resources, Martin Konold, 14:25
Re: A comment on using CPU resources, Raghu Chinthoju, 13:15
RE: A comment on using CPU resources, Joseph Finley, 13:05
Re: A comment on using CPU resources, Andreas Bartelt, 12:55
A comment on using CPU resources, addendum., Jeroen van Rijn, 12:55
Re: A comment on using CPU resources, Security, 12:45
Re: A comment on using CPU resources, Jeroen van Rijn, 12:35
Re: ICMP Vulnerabilities, Joachim Schipper, 12:25
RE: [VOIPSEC] VoIP-Phones: Weakness in proccessing SIP-Notify-Messages, Walton, John Michael (John), 11:34
A comment on using CPU resources, Gandalf The White, 11:34

July 08, 2005

Re: /dev/random is probably not, Stefan Bethke, 14:56
Re: /dev/random is probably not (fwd), Bencsath Boldizsar, 14:46
WindowsUpdate sending unsigned ActiveX ?, Nestor Burma, 12:25
Vocera IP Phones, Holden Caulfield, 12:14
Re: /dev/random is probably not, Kai Howells, 12:04
Re: ICMP vulnerabilities, Bob Beck, 11:54
USENIX Security Symposium, July 31, Baltimore, Maryland, USA, Peter Mui, 11:44
RE: /dev/random is probably not, David Schwartz, 11:34
ToorCon 2005 Call for Papers, h1kari@toorcon.org, 11:14
Re: ICMP Vulnerabilities, Dragos Ruiu, 10:54
Security Advisory for Bugzilla 2.18.1 and 2.19.3, mkanat, 10:33
Fwd: [VOIPSEC] VoIP-Phones: Weakness in proccessing SIP-Notify-Messages, gary madsen, 10:23
SiteMinder Multiple Vulnerabilities, c0ntexb, 10:13
TSLSA-2005-0034 - multi, Trustix Security Advisor, 10:03
SUSE Security Announcement: php/pear XML RPC remote code execution (SUSE-SA:2005:041), Marcus Meissner, 09:43
Re: [Full-disclosure] Re: [USN-147-1] PHP XMLRPC vulnerability, Matt Zimmerman, 04:41
Re: [Full-disclosure] Re: [USN-147-1] PHP XMLRPC vulnerability, Matt Zimmerman, 04:41
Re: [Full-disclosure] Re: [USN-147-1] PHP XMLRPC vulnerability, Jan Schneider, 03:30
[Full-disclosure] Re: [USN-147-1] PHP XMLRPC vulnerability, Jan Schneider, 02:50

July 07, 2005

[Full-disclosure] Advisory 09/2005: PunBB arbitrary PHP code inclusion vulnerability, Stefan Esser, 16:25
[Full-disclosure] Advisory 08/2005: PunBB SQL Injection Vulnerability, Stefan Esser, 16:25
[Bday release] Comersus shopping cart has multiple Sql injection and Cross Site Scripting vulnerabilities, dcrab, 14:44
[Full-disclosure] UPDATE: [ GLSA 200506-20 ] Cacti: Several vulnerabilities, Thierry Carrez, 14:44
Re: Re: McAfee Intrushield IPS Abuse, c0ntexb, 14:14
NULL sessions vulnerabilities using alternate named pipes, Jean-Baptiste Marchand, 13:03
[OpenPKG-SA-2005.013] OpenPKG Security Advisory (zlib), OpenPKG, 12:23
Re: phpSlash account hijacking vulnerability, tobozo, 12:13
Re: ICMP vulnerabilities, J. Oquendo, 12:03
Multiple vulnerabilities in Lantronix SLC console server, spam, 11:53
SimplePHPBlog 0.4.0 <= Remote Password Disclosure, pjphem, 11:43
PNGƒJƒEƒ“ƒ^+—pƒƒO‰ƒXƒNƒŠƒvƒg remote commands execution vulnerability, blahplok, 11:23
RE: Microsoft Word Protection Bypass, Walter Wickersham, 11:13
Vulnerability in Whatpulse.Org profiles allows XSS and session hijacking, rift13, 11:02
RE: Microsoft Word Protection Bypass, Christian King, 11:02
ICMP vulnerabilities, Theo de Raadt, 10:42
Problems with the Oracle Critical Patch Update for April 2005, David Litchfield, 10:32
phpSlash account hijacking vulnerability, tobozo, 10:02
Re: Re: Microsoft Word Protection Bypass, dan, 09:51
MDKSA-2005:112 - Updated zlib packages fix vulnerability, Mandriva Security Team, 09:41

July 06, 2005

Re: Microsoft Word Protection Bypass, Dave . Collins, 20:25
Re: /dev/random is probably not, Michael Gnau, 19:45
Re: PHPXMAIL - Authentication Bypass, security, 18:54
Re: McAfee Intrushield IPS Abuse, shs_bulldog, 17:34
eRoom Multiple Security Issues, c0ntexb, 17:13
Re: ekg insecure temporary file creation and arbitrary code execution, Adam Wysocki, 16:53
eRoom Multiple Security Issues, c0ntexb, 16:33
[Full-disclosure] [ GLSA 200507-06 ] TikiWiki: Arbitrary command execution through XML-RPC, Sune Kloppenborg Jeppesen, 14:11
Cross site scripting in Lotus Notes web mail, shalom, 13:41
Solaris Socket Hijack, c0ntexb, 13:21
PHPXMAIL - Authentication Bypass, Steve, 13:10
Re: Imail Cookie Vulnerability (unhashed), Christophe Vandeplas, 13:00
VoIP-Phones: Weakness in proccessing SIP-Notify-Messages, Tobias Glemser, 12:50
Re: /dev/random is probably not, Alexey Toptygin, 12:40
Re: /dev/random is probably not, Thomas, 12:30
Re: /dev/random is probably not, Darren Reed, 12:20
Re: /dev/random is probably not, Thomas, 12:09
Re: /dev/random is probably not, ChayoteMu, 11:59
Re: /dev/random is probably not, Thomas, 11:49
Re: /dev/random is probably not, Chris Kuethe, 11:39
Re: Passwords in RAM dumps [formally Novell GroupWise Plain Text Password Vulnerability.], Jason Coombs, 11:29
Re: /dev/random is probably not, devnull, 11:29
Re: /dev/random is probably not, devnull, 11:19
[Full-disclosure] Re: Publishing exploit code - what is it good for, Lionel, 11:19
Re: Microsoft Internet Explorer "javaprxy.dll" Code Execution Exploit, berendjanwever, 11:09
GNATS - gen-index, pi3ki31ny, 10:38
SUSE Security Announcement: heimdal telnetd remote buffer overflow (SUSE-SA:2005:040), Marcus Meissner, 10:18
FreeBSD Security Advisory FreeBSD-SA-05:16.zlib, FreeBSD Security Advisories, 10:07
SUSE Security Announcement: zlib denial of service attack (SUSE-SA:2005:039), Marcus Meissner, 09:57
McAfee Intrushield IPS Abuse, c0ntexb, 09:47
[Full-disclosure] [USN-147-2] Fixed php4-pear packages for USN-147-1, Martin Pitt, 08:36
[Full-disclosure] [ GLSA 200507-05 ] zlib: Buffer overflow, Thierry Carrez, 08:06
[Full-disclosure] [USN-148-1] zlib vulnerability, Martin Pitt, 07:56
[Full-disclosure] [ GLSA 200507-04 ] RealPlayer: Heap overflow vulnerability, Thierry Carrez, 06:55

July 05, 2005

[Full-disclosure] Advisory 07/2005: Jaws Multiple Remote Code Execution Vulnerabilities, Stefan Esser, 18:09
Re: /dev/random is probably not, Jack Lloyd, 16:38
Re: /dev/random is probably not, Glynn Clements, 16:28
Passwords in RAM dumps [formally Novell GroupWise Plain Text Password Vulnerability.], Anything But Microsoft, 16:18
RE: /dev/random is probably not, David Schwartz, 16:18
Re: /dev/random is probably not, Robert Foxworth, 16:08
Imail Cookie Vulnerability (unhashed), Sintigan, 15:58
Re: /dev/random is probably not, Anton Ivanov, 15:47
Re: /dev/random is probably not, Darren Reed, 15:37
[covide] possible sql injection, Hans Wolters, 15:27
RE: [Full-disclosure] Solaris 9/10 ld.so fun, Glenn Pitcher, 14:57
[badroot security] probe.cgi: Remote Command Execution, mozako, 14:57
Re: [badroot security] AutoIndex PHP Script: XSS vulnerability, mozako, 14:47
Re: Microsoft Internet Explorer "javaprxy.dll" Code Execution Exploit, give_credit, 14:27
[Full-disclosure] iDEFENSE Security Advisory 07.05.05: Adobe Acrobat Reader UnixAppOpenFilePerform() Buffer Overflow Vulnerability, iDEFENSE Labs, 14:06
[Full-disclosure] MyGuestbook Remote File Inclusion., group@soulblack.com.ar, 13:06
[Full-disclosure] XSS in nested tag in phpbb 2.0.16, alex, 11:04
[Full-disclosure] RE: Publishing exploit code - what is it good for, wnorth, 11:04
[Full-disclosure] ekg insecure temporary file creation and arbitrary code execution, ZATAZ Audits, 08:42
[Full-disclosure] kpopper insecure temporary file creation, ZATAZ Audits, 08:42
[Full-disclosure] [USN-147-1] PHP XMLRPC vulnerability, Martin Pitt, 08:42
[Full-disclosure] [Fwd: Returned post for forensics@securityfocus.com], Jason Coombs, 08:41
[Full-disclosure] Advisory 06/2005: Geeklog SQL Injection Vulnerability, Stefan Esser, 08:41
a new sql injection for aspjar guestbook, arash_pc0, 08:41
PlanetFileServer v2.0.1.3 - Denial Of Service, unsecure, 08:41
Re: Microsoft Internet Explorer "javaprxy.dll" Code Execution Exploit, stupidfrenchdudes, 08:41
Re: Access right escalation / severe permission problems on Raritan Console Servers, spam, 08:41
Re: /dev/random is probably not, Zow, 08:41
[Full-disclosure] Re: Directory traversal in source.php not fixed., Kaf Oseo, 08:41
[Full-disclosure] UPDATE: [ GLSA 200506-17 ] SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability, Sune Kloppenborg Jeppesen, 08:41
pam_ldap/nss_ldap password leak in a master+slave+start_tls LDAP setup, Rob Holland, 08:41
XMLRPC remote commands execute exploit, duk3nn, 08:41
Re: /dev/random is probably not, McLain Causey, 08:41
[Full-disclosure] Re: Directory traversal in source.php not fixed., Seth Alan Woolley, 08:41
Three More Vulnerable to PHPXMLRPC code injection, GulfTech Security Research, 08:41
Re: /dev/random is probably not, exon, 08:41
[Full-disclosure] [ GLSA 200507-03 ] phpBB: Arbitrary command execution, Matthias Geerdsen, 08:40
[Full-disclosure] [ GLSA 200507-02 ] WordPress: Multiple vulnerabilities, Thierry Carrez, 08:40
[Full-disclosure] log4sh insecure temporary file creation, ZATAZ Audits, 08:40
[Full-disclosure] Directory traversal vulnerability in "Quick & Dirty PHPSource Printer" 1.0, Seth Alan Woolley, 08:40
[Full-disclosure] [ GLSA 200507-01 ] PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability, Thierry Carrez, 08:40
[Full-disclosure] JBoss jBPM 2.0: Remote code execution and classloader covert channel, Marc Schoenefeld, 08:40
Microsoft Internet Explorer "javaprxy.dll" Code Execution Exploit, team, 08:40
Re: [Full-disclosure] Solaris 9/10 ld.so fun, KF (lists), 08:40
Re: /dev/random is probably not, Chiaki, 08:40
Re: /dev/random is probably not, Thomas Wana, 08:40
[Full-disclosure] Re: In-game /ignore crash in Soldier of Fortune II 1.03, Slawek, 08:40
[Full-disclosure] RE: Publishing exploit code - what is it good for, Harry Metcalfe, 08:40
Re: [Full-disclosure] Publishing exploit code - what is it good for, ChayoteMu, 08:40
[Full-disclosure] Advisory 05/2005: Cacti Authentification/Addslashes Bypass Vulnerability, Stefan Esser, 08:40
[Full-disclosure] Advisory 04/2005: Cacti Remote Command Execution Vulnerability, Stefan Esser, 08:40
[Full-disclosure] Advisory 03/2005: Cacti Multiple SQL Injection Vulnerabilities [FIXED], Stefan Esser, 08:40
[Full-disclosure] Advisory 03/2005: Cacti Multiple SQL Injection Vulnerabilities, Stefan Esser, 08:40
Re: [Full-disclosure] Re: [VulnWatch] Microsoft Windows NTFS Information Disclosure, Matthew Murphy, 08:40
Re: [Full-disclosure] Re: [VulnWatch] Microsoft Windows NTFS Information Disclosure, James Tucker, 08:40
Re: [Full-disclosure] Publishing exploit code - what is it good for, Joachim Schipper, 08:39
[Full-disclosure] UnixWare 7.1.4 : Mozilla updated to 1.7.8 fixes security issues, please_reply_to_security, 08:39
TSLSA-2005-0031 - multi, Trustix Security Advisor, 08:39
PHPXMLRPC Remote Code Execution, GulfTech Security Research, 08:39
[SECURITY ALERT] osTicket bugs, ghc, 08:39
/dev/random is probably not, Charles M. Hannum, 08:39
PEAR XML_RPC Remote Code Execution Vulnerability, GulfTech Security Research, 08:39
MDKSA-2005:111 - Updated 2.4 kernel packages fix multiple vulnerabilities, Mandriva Security Team, 08:39
MDKSA-2005:110 - Updated 2.6 kernel packages fix multiple vulnerabilities, Mandriva Security Team, 08:39
MDKSA-2005:109 - Updated php-pear packages fix remotely exploitable vulnerability, Mandriva Security Team, 08:39
MDKSA-2005:108 - Updated squirrelmail packages fix XSS vulnerabilities, Mandriva Security Team, 08:39
[Full-disclosure] Re: Published exploit codes foo foo foo, Dave Korn, 08:39
[Full-disclosure] RE: Publishing exploit code - what is it good for, Morales, David (Seta), 08:39
[Full-disclosure] Re: Publishing exploit code - what is it good for, Curt Sampson, 08:39
[Full-disclosure] RE: Publishing exploit code - what is it good for, Socrates, 08:39
[Full-disclosure] Re: [VulnWatch] Microsoft Windows NTFS Information Disclosure, Melvin Klassen, 08:39
RE: [Full-disclosure] Publishing exploit code - what is it good for, Michael Evanchik, 08:39
Re: [Full-disclosure] Publishing exploit code - what is it good for, Raghu Chinthoju, 08:39
NetBSD Security Advisory 2005-001: Crypto leaks across HyperThreaded CPUs (i386, P4, HTT+SMP only), NetBSD Security-Officer, 08:39
[Full-disclosure] Re: [VulnWatch] Microsoft Windows NTFS Information Disclosure, Matthew Murphy, 08:39
[Full-disclosure] Re: Publishing exploit code - what is it good for, Damian Menscher, 08:39
[Full-disclosure] RE: Publishing exploit code - what is it good for, Marvin Simkin, 08:38
[Full-disclosure] RE: Published exploit codes foo foo foo, J. Oquendo, 08:38
Re: [Full-disclosure] Publishing exploit code - what is it good for, devnull, 08:38
[Full-disclosure] Re: Publishing exploit code - what is it good for, Skip Carter, 08:38
[Full-disclosure] Re: Publishing exploit code - what is it good for, John Madden, 08:38
[Full-disclosure] RE: Publishing exploit code - what is it good for, James C Slora Jr, 08:38
[Full-disclosure] Re: Publishing exploit code - what is it good for, Thomas Reinke, 08:38
Anyone else having serious repercussions from applying W2k sp4 se curity rollup patch?, gerald, 08:38
RE: [Full-disclosure] Publishing exploit code - what is it good for, Todd Towles, 08:38
[Full-disclosure] Re: Publishing exploit code - what is it good for, Matt . Carpenter, 08:38
[Full-disclosure] Re: Publishing exploit code - what is it good for, John Horn, 08:38
Re: [Full-disclosure] Publishing exploit code - what is it good for, Erick Mechler, 08:38
Re: [Full-disclosure] Publishing exploit code - what is it good for, Erik Fichtner, 08:38
Re: [Full-disclosure] SEC-CONSULT SA-20050629-0, Moritz Naumann, 08:38
[Full-disclosure] Re: Publishing exploit code - what is it good for, Steve Milner, 08:38
[Full-disclosure] RE: Publishing exploit code - what is it good for, Matt Huston, 08:38
Re: [Full-disclosure] Publishing exploit code - what is it good for, Joxean Koret, 08:38
[Full-disclosure] Re: Publishing exploit code - what is it good for, Gary E. Miller, 08:38
[Full-disclosure] Microsoft Windows NTFS Information Disclosure, Matthew Murphy, 08:38
Re: [Full-disclosure] Publishing exploit code - what is it good for, Ill will, 08:38
Re: Advisory 02/2005: Remote code execution in Serendipity, GulfTech Security Research, 08:38
Re: [Full-disclosure] Publishing exploit code - what is it good for, bugtraq, 08:38
RE: [Full-disclosure] Publishing exploit code - what is it good for, Glenn.Everhart, 08:38
Re: [Full-disclosure] Publishing exploit code - what is it good for, Anders B Jansson, 08:38
Re: [Full-disclosure] Publishing exploit code - what is it good for, Joachim Schipper, 08:38
Re: [Full-disclosure] Publishing exploit code - what is it good for, bruen, 08:38
[Full-disclosure] Publishing exploit code - what is it good for, Aviram Jenik, 08:38
Re: [Full-disclosure] Solaris 9/10 ld.so fun, Casper . Dik, 08:37
Re: Oracle Question Slightly OT, Joshua Wright, 08:37
Advisory 02/2005: Remote code execution in Serendipity, Christopher Kunz, 08:37
FreeBSD Security Advisory FreeBSD-SA-05:15.tcp, FreeBSD Security Advisories, 08:37
FreeBSD Security Advisory FreeBSD-SA-05:14.bzip2, FreeBSD Security Advisories, 08:37
FreeBSD Security Advisory FreeBSD-SA-05:13.ipfw, FreeBSD Security Advisories, 08:37
Mozilla Multiple Product JavaScript Issue, Kurczaba Associates Advisories, 08:37
Re: Oracle Question Slightly OT, David Cravshaw, 08:37
[Full-disclosure] [DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue, Uwe Hermann, 08:37
Re: Oracle Question Slightly OT, Susan Bradley, 08:37
[Full-disclosure] [DRUPAL-SA-2005-002] Drupal 4.6.2 / 4.5.4 fixes input validation issue, Uwe Hermann, 08:37
RE: Cisco VPN Concentrator Groupname Enumeration Vulnerability, Dario Ciccarone (dciccaro), 08:37
Re: Weboot Window Washer Version 6.02.410 Will erase files from your PC, info, 08:37
Oracle Question Slightly OT, Ginski, Richard J., 08:37
WordPress 1.5.1.2 && Earlier Multiple Vulnerabilities, GulfTech Security Research, 08:37
[Full-disclosure] In-game /ignore crash in Soldier of Fortune II 1.03, Luigi Auriemma, 08:37
Re: Multiple vulnerabilities in Argosoft Mail Server 1.8.7.6, senghooi, 08:37
Windows 2000 SP4 Rollup, geoff . seymour, 08:36
[badroot security] Community link pro web editor: Remote command Execution, mozako, 08:36
Original imTRBBS(ver1.02) and prior remote command execution, blahplok, 08:36
Auditing Privilged Oracle Passwords - hashattack, Joshua Wright, 08:36
XOOPS 2.0.11 && Earlier Multiple Vulnerabilities, GulfTech Security Research, 08:36
[Full-disclosure] Advisory 02/2005: Remote code execution in Serendipity, Christopher Kunz, 08:36
[Full-disclosure] iDEFENSE Security Advisory 06.29.05: Clam AntiVirus ClamAV Cabinet File Handling DoS Vulnerability, iDEFENSE Labs, 08:36
[Full-disclosure] iDEFENSE Security Advisory 06.29.05: Clam AntiVirus ClamAV MS-Expand File Handling DoS Vulnerability, iDEFENSE Labs, 08:36