SecurityFocus Bugtraq
By Date

544 messages sorted by: [ author ] [ thread ] [ subject ] [ attachment ]

---

Starting: 02/01/05
Ending: 02/28/05

• Re: iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error Miles Beck (02/28/05)
• [SECURITYREASON.COM] PostNuke Critical SQL Injection 0.760-RC2=>x cXIb8O3.1 Maksymilian Arciemowicz (02/28/05)
• [SECURITYREASON.COM] PostNuke Critical XSS 0.760-RC2=>x cXIb8O3.2 Maksymilian Arciemowicz (02/28/05)
• [SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=>x cXIb8O3.3 Maksymilian Arciemowicz (02/28/05)
• [Hat-Squad] GFI L.N.S.S 5.0 Insecure Credential Storage Hat-Squad Security Team (02/28/05)
• iDEFENSE Security Advisory 02.28.05: KPPP Privileged File Descriptor Leak Vulnerability iDEFENSE Labs (02/28/05)
• iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error iDEFENSE Labs (02/28/05)
• WASC-Articles: 'The Insecure Indexing Vulnerability - Attacks Against Local Search Engines' By Amit Klein robert_at_webappsec.org (02/28/05)
• Re: iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability Rainer Schöpf (02/27/05)
• 7a69Adv#22 - UNIX unzip keep setuid and setgid files Albert Puigsech Galicia (02/28/05)
• Re: Office 10 applications & flashdrives can be used to browse restricted drives Jay D. Dyson (02/26/05)
• Re: Office 10 applications & flashdrives can be used to browse restricted drives Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (02/26/05)
• Re: Office 10 applications & flashdrives can be used to browse restricted drives Jay D. Dyson (02/26/05)
• Re: Mozilla Firefox 1.0.1 Javascript Images are Draggable Jay D. Dyson (02/26/05)
• Re: Firescrolling [Firefox 1.0] Stan Bubrouski (02/25/05)
• Mozilla Firefox 1.0.1 Javascript Images are Draggable Paul (02/26/05)
• Re: Office 10 applications & flashdrives can be used to browse restricted drives Paul (02/25/05)
• Knet <= 1.04c Buffer Overflow Bug CorryL (02/25/05)
• [ GLSA 200502-30 ] cmd5checkpw: Local password leak vulnerability Thierry Carrez (02/25/05)
• Re: [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion Calum Power (02/26/05)
• -==phpBB 2.0.12 Full path disclosure==- HaCkZaTaN (02/26/05)
• Re: Firescrolling [Firefox 1.0] btrq_at_bob-n.com (02/26/05)
• Re: iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability Stan Bubrouski (02/25/05)
• CIS WebServer Directory Traversal Bug CorryL (02/25/05)
• RE: Firescrolling [Firefox 1.0] Eric McCarty (02/25/05)
• iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability iDEFENSE Labs (02/25/05)
• RE: Firescrolling [Firefox 1.0] Beauford, Jason (02/25/05)
• [USN-85-1] Gaim vulnerabilities Martin Pitt (02/25/05)
• [FLSA-2005:2336] Updated kernel packages fix security issues Marc Deslauriers (02/25/05)
• Re: Office 10 applications & flashdrives can be used to browse restricted drives Denis Jedig (02/25/05)
• AW: phpWebSite-0.10.0_exploit webmaster_at_clueless-design.de (02/25/05)
• CFP: WORM 2005 David Moore (02/25/05)
• Announce: RSBAC v1.2.4 released Amon Ott (02/25/05)
• [SECURITY] [DSA 690-1] New bsmtpd packages fix arbitrary command execution Martin Schulze (02/25/05)
• Firescrolling [Firefox 1.0] mikx (02/25/05)
• phpWebSite 0.10.0 Full Path disclosure HaCkZaTaN (02/25/05)
• phpWebSite 0.10.0 Full Path disclosure HaCkZaTaN. (02/25/05)
• [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4 Maksymilian Arciemowicz (02/24/05)
• [FLSA-2005:2005] Updated gdk-pixbuf packages fix security flaws Marc Deslauriers (02/24/05)
• phpWebSite-0.10.0_exploit tjomka (02/24/05)
• MDKSA-2005:047 - Updated squid packages fix vulnerability Mandrakelinux Security Team (02/24/05)
• [FLSA-2005:2043] Updated zlib package fixes security issues Marc Deslauriers (02/24/05)
• [FLSA-2005:2343] Updated vim packages fix security issues Marc Deslauriers (02/24/05)
• MDKSA-2005:046 - Updated uim packages fix vulnerability Mandrakelinux Security Team (02/24/05)
• Multiple vulns in punBB John Gumbel (02/24/05)
• In-game cl_guid crash in Soldier of Fortune II 1.03 Luigi Auriemma (02/24/05)
• [Security Bulletin] SSRT4694 HP-UX ftpd remote unauthorized access Boren, Rich (SSRT) (02/24/05)
• RE: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability PASTOR ADRIAN (02/24/05)
• Cisco Security Advisory: ACNS Denial of Service and Default Admin Password Vulnerabilities Cisco Systems Product Security Incident Response Team (02/24/05)
• Re: phpBB 2.0.12 released bcl_at_brianlane.com (02/23/05)
• iDEFENSE Security Advisory 02.23.05: Sun Solaris kcms_configure Arbitrary File Corruption Vulnerability iDEFENSE Labs (02/23/05)
• Multiple vulnerabilities found in CSGuestbook by CoolSerlets.com Josh884_at_hotmail.com (02/24/05)
• RE: Incorrect Classification of iDownload's Product as Spyware... Roger A. Grimes (02/24/05)
• RE: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability Walton, John Michael (John) (02/24/05)
• Office 10 applications & flashdrives can be used to browse restricted drives Discini, Sonny (02/23/05)
• [Fwd: [arkeia-announce] Release of Arkeia Network Backup 5.3.5 fixes security issue] Maciej Bogucki (02/23/05)
• Release of Arkeia Network Backup 5.3.5 fixes security issue [bugtraq id 12594] Arnaud***ht (02/24/05)
• Robustness patch for TWiki, vulnerability in ImageGalleryPlugin Florian Weimer (02/23/05)
• [ GLSA 200502-29 ] Cyrus IMAP Server: Multiple overflow vulnerabilities Matthias Geerdsen (02/23/05)
• Incorrect Classification of iDownload's Product as Spyware... Paul Laudanski (02/23/05)
• [SECURITY] [DSA 689-1] New mod_python packages fix information leak Martin Schulze (02/23/05)
• [SECURITY] [DSA 688-1] New squid packages fix denial of service Martin Schulze (02/23/05)
• Re: phpBB 2.0.12 released bcl_at_brianlane.com (02/23/05)
• Re: Cross Site Scripting exploitation via malformed files http-equiv_at_excite.com  (02/23/05)
• Re: Knox Arkeia remote root/system exploit Arnaud***ht (02/22/05)
• Software PBLang 4.65 pm.php XSS vulnerability Raven (02/22/05)
• Software PBLang 4.65 pmpshow.php XSS vulnerability Raven (02/23/05)
• Software PBLang 4.65 search.php XSS vulnerability Raven (02/22/05)
• iDEFENSE Security Advisory 02.22.05: phpBB Group phpBB2 Arbitrary File Unlink Vulnerability iDEFENSE Labs (02/22/05)
• Cross Site Scripting exploitation via malformed files Jerome ATHIAS (02/21/05)
• paNews v2.0b4 - PHP Injection tjomka (02/21/05)
• [SCAN Associates Security Advisory] vbulletin 3.0.6 and below php code injection pokley (02/21/05)
• Re: Arkeia Network Backup Client Remote Access Arnaud***ht (02/22/05)
• The WebConnect 6.4.4 and 6.5 contains several vulnerabilities CIRT Advisory (02/20/05)
• Re: Combining Hashes Joel Maslak (02/20/05)
• RE: Windows Firewall Has A Backdoor Thor Larholm (02/21/05)
• Re: Windows Firewall Has A Backdoor Thor (Hammer of God) (02/21/05)
• [NOBYTES.COM: #5] iGeneric eShop 1.2 - Information Disclosure & Possible SQL Injection John Cobb (02/21/05)
• SD Server 4.0.70 Directory Traversal Bug CorryL (02/22/05)
• Re: Arkeia Network Backup Client Remote Access H D Moore (02/22/05)
• Re: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability grutz_at_jingojango.net (02/22/05)
• iDEFENSE Security Advisory 02.22.05: phpBB Group phpBB Arbitrary File Disclosure Vulnerability iDEFENSE Labs (02/22/05)
• Re: Arkeia Network Backup Client Remote Access Vincent Archer (02/22/05)
• Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability m123303_at_richmond.ac.uk (02/23/05)
• phpBB 2.0.12 released Snapdragon (02/22/05)
• Re: SHA-1 broken Peter Jeremy (02/20/05)
• iDEFENSE Security Advisory 02.21.05: Multiple Unix/Linux Vendor cURL/libcURL Kerberos Authentication Buffer Overflow Vulnerability iDEFENSE Labs (02/21/05)
• iDEFENSE Security Advisory 02.21.05: Multiple Unix/Linux Vendor cURL/libcURL NTLM Authentication Buffer Overflow Vulnerability iDEFENSE Labs (02/21/05)
• iDEFENSE Security Advisory 02.21.05: Multiple PuTTY SFTP Client Packet Parsing Integer Overflow Vulnerabilities iDEFENSE Labs (02/21/05)
• RE: Windows Firewall Has A Backdoor Chris Goodwin (02/21/05)
• [ GLSA 200502-28 ] PuTTY: Remote code execution Luke Macken (02/21/05)
• Re: SHA-1 broken Peter J. Holzer (02/20/05)
• Re: Joint encryption? John Richard Moser (02/20/05)
• Re: SHA-1 broken Damian Menscher (02/20/05)
• Re: Joint encryption? Ruud H.G. van Tol (02/20/05)
• Re: SHA-1 broken Denis Jedig (02/20/05)
• Re: Windows Firewall Has A Backdoor Chris Wysopal (02/21/05)
• Re: Joint encryption? Valdis.Kletnieks_at_vt.edu (02/20/05)
• Re: Joint encryption? peter zulu (02/21/05)
• Re: SHA-1 broken peeon+securityfocus_at_peeon.net (02/20/05)
• Re: Joint encryption? John Richard Moser (02/19/05)
• RE: Joint encryption? David Schwartz (02/19/05)
• Re: Joint encryption? Gandalf The White (02/19/05)
• RE: SHA-1 broken Frank Knobbe (02/20/05)
• Re: Combining Hashes Frank Knobbe (02/20/05)
• [FLSA-2005:1944] GNOME VFS updates address extfs vulnerability Marc Deslauriers (02/20/05)
• [FLSA-2005:1945] Updated sox packages fix buffer overflows Marc Deslauriers (02/20/05)
• [FLSA-2005:2058] Updated cdrtools packages fix a security issue Marc Deslauriers (02/20/05)
• [USN-84-1] Squid vulnerabilities Martin Pitt (02/21/05)
• Windows Firewall Has A Backdoor Jay Calvert (02/19/05)
• ADP Elite System Max 9000 Series Login Vulnerability rootfiend_at_safe-mail.net (02/19/05)
• Re: SHA-1 broken Paul Johnston (02/21/05)
• Re: Joint encryption? Robert C. Helling (02/21/05)
• Re: SHA-1 broken exon (02/21/05)
• Gigafast/CompUSA router (model EE400-R) vulnerabilities Gary H. Jones II (02/20/05)
• Re: SHA-1 broken Michael Silk (02/20/05)
• Re: Combining Hashes Ivan Krstic (02/20/05)
• Re: Knox Arkeia remote root/system exploit H D Moore (02/20/05)
• Arkeia Network Backup Client Remote Access H D Moore (02/20/05)
• [SECURITY] [DSA 674-3] New mailman packages really fix several vulnerabilities Martin Schulze (02/21/05)
• Re: Combining Hashes exon (02/19/05)
• Re: SHA-1 broken Michael Cordover (02/19/05)
• Re: Dangers of discarding duplicated messages David F. Skoll (02/19/05)
• Re: Possible phpBB <=2.0.11 bug or sql injection? Giacomo Rizzo (02/18/05)
• Re: [Full-Disclosure] Thomson TCW690 Denial Of Service Vulnerability Andres Tarasco (02/19/05)
• Re: SHA-1 broken Brian May (02/19/05)
• Re: Combining Hashes Felix Cuello (02/19/05)
• Re: SHA-1 broken securityfocus_at_microtechnical.co.uk (02/19/05)
• Re: SHA-1 broken Anatole Shaw (02/19/05)
• Re: SHA-1 broken Michael Silk (02/19/05)
• Re: Joint encryption? John Richard Moser (02/19/05)
• Re: SHA-1 broken exon (02/19/05)
• Re: Joint encryption? John Richard Moser (02/19/05)
• Knox Arkeia remote root/system exploit John Doe (02/18/05)
• Re: [lists] Combining Hashes Elliott Bäck (02/19/05)
• Re: Combining Hashes unmanarc (02/19/05)
• Re: Possible phpBB <=2.0.11 bug or sql injection? kaosone+[ONE]+ (02/19/05)
• Re: Joint encryption? devnull_at_Rodents.Montreal.QC.CA (02/19/05)
• Re: Joint encryption? Casper.Dik_at_Sun.COM (02/19/05)
• cfengine rsa heap remote exploit: part of PTjob project yan feng (02/19/05)
• webfsd fun. opensource is god .lol windows yan feng (02/19/05)
• [Hat-Squad] Findjmp2 Tool Hat-Squad Security Team (02/19/05)
• Re: Dangers of discarding duplicated messages Jon Keating (02/19/05)
• exwormshoucast part of PTjob project: SHOUTcast v1.9.4 remote exploit yan feng (02/19/05)
• Re: Joint encryption? Damian Menscher (02/19/05)
• 3com 3CDaemon FTP Unauthorized "USER" Remote BOverflow class 101 (02/18/05)
• [FLSA-2005:2137] Updated cyrus-sasl resolves security vulnerabilities Dominic Hargreaves (02/17/05)
• Thomson TCW690 POST Password Validation Vulnerability MurDoK (02/19/05)
• Re: SHA-1 broken Tollef Fog Heen (02/19/05)
• [ GLSA 200502-27 ] gFTP: Directory traversal vulnerability Matthias Geerdsen (02/19/05)
• Re: Phishing hole found in IE and OE cyberpixl (02/19/05)
• Re: Joint encryption? John Richard Moser (02/19/05)
• Re: SHA-1 broken Darren Reed (02/19/05)
• Multiples vulnerability in ZeroBoard, albanian haxorz (02/19/05)
• Re: SHA-1 broken dullien_at_gmx.de (02/19/05)
• MDKSA-2005:040 - Updated PostgreSQL packages fix multiple vulnerabilities Mandrakelinux Security Team (02/18/05)
• MDKSA-2005:041 - Updated cups packages fix vulnerabilities on 64 bit platforms Mandrakelinux Security Team (02/18/05)
• Joint encryption? John Richard Moser (02/18/05)
• Multiple vulnerabilities in Glftpd v1.26 - v2.00 default zip based plug-ins headpimp_at_pimp-industries.com (02/18/05)
• [ GLSA 200502-25 ] Squid: Denial of Service through DNS responses Sune Kloppenborg Jeppesen (02/18/05)
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? newbug Tseng (02/18/05)
• MDKSA-2005:044 - Updated tetex packages fix vulnerabilities on 64 bit platforms Mandrakelinux Security Team (02/18/05)
• Re: SHA-1 broken Dan Harkless (02/18/05)
• MDKSA-2005:045 - Updated kdelibs packages fix vulnerabilities Mandrakelinux Security Team (02/18/05)
• Multiple vulnerabilities in TrackerCam 5.12 Luigi Auriemma (02/18/05)
• Re: SHA-1 broken Michael Silk (02/18/05)
• Re: Phishing hole found in IE and OE David Nichols (02/18/05)
• Combining Hashes Kent Borg (02/18/05)
• Re: Phishing hole found in IE and OE Greg Merideth (02/18/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Riccardo Murri (02/18/05)
• RE: Possible phpBB <=2.0.11 bug or sql injection? Miguel Angel Rodríguez Jódar (02/18/05)
• 3com 3CDaemon FTP "USER" Remote BOverflow POC Hat-Squad Security Team (02/19/05)
• [ GLSA 200502-26 ] GProFTPD: gprostats format string vulnerability Sune Kloppenborg Jeppesen (02/18/05)
• Re: SHA-1 broken D.J. Capelis (02/18/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Rainer Duffner (02/18/05)
• [SECURITY] [DSA 687-1] New bidwatcher packages fix format string vulnerability Martin Schulze (02/18/05)
• Re: Dangers of discarding duplicated messages Gene Rackow (02/18/05)
• BizMail 2.1 Spam Exploit Jason Frisvold (02/18/05)
• Re: Dangers of discarding duplicated messages Maciej Soltysiak (02/18/05)
• Re: Possible phpBB <=2.0.11 bug or sql injection? Exoduks (02/18/05)
• MDKSA-2005:043 - Updated xpdf packages fix vulnerabilities on 64 bit platforms Mandrakelinux Security Team (02/18/05)
• RE: SHA-1 broken Michael Silk (02/18/05)
• Re: SHA-1 broken dullien_at_gmx.de (02/17/05)
• MDKSA-2005:042 - Updated gpdf packages fix vulnerabilities on 64 bit platforms Mandrakelinux Security Team (02/18/05)
• Adobe Reader invalid root page node Count value DOS Hongzhen Zhou (02/18/05)
• Re: SHA-1 broken dullien_at_gmx.de (02/17/05)
• Re: NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+ Vade 79 (02/18/05)
• [USN-66-2] PHP vulnerability Martin Pitt (02/17/05)
• [USN-78-2] Fixed mailman packages for USN-78-1 Martin Pitt (02/17/05)
• RE: SHA-1 broken Scovetta, Michael V (02/17/05)
• Phishing hole found in IE and OE Jay Calvert (02/17/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (02/17/05)
• RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. David Schwartz (02/17/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (02/17/05)
• Re: IE6 SP1 - Click N Crash Robert ONeal (02/17/05)
• RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. David Schwartz (02/17/05)
• iDEFENSE Labs Website Launch iDEFENSE Labs (02/17/05)
• hpm_guestbook.cgi JavaScript-Injection Christoph Burchert (02/17/05)
• [SECURITY] [DSA 686-1] New gftp packages fix directory traversal vulnerability Martin Schulze (02/17/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (02/17/05)
• Re: SHA-1 broken Jonathan G. Lampe (02/17/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (02/17/05)
• Advisory: Multiple Vulnerabilities in BibORB Patrick Hof (02/17/05)
• [SECURITY] [DSA 685-1] New emacs21 packages fix arbitrary code execution Martin Schulze (02/17/05)
• Possible phpBB <=2.0.11 bug or sql injection? jtm297_at_optonline.net (02/17/05)
• [PersianHacker.NET 200505-07] paFAQ Beta4 Sql Injection PersianHacker Team (02/17/05)
• RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Tosoni (02/17/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Vincent Archer (02/17/05)
• Remote Windows Kernel Exploitation - Step Into the Ring 0 Marc Maiffret (02/17/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Thor (Hammer of God) (02/17/05)
• Re: Permission problem in Skype BETA for linux Peter Conrad (02/16/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Ron DuFresne (02/17/05)
• [ SCL-2005.001 ] - WebCalendar: SQL Injection from encoded cookie Scovetta Labs (02/17/05)
• RE: BrightStor ARCserve Backup buffer overflow PoC (fixes available) Williams, James K (02/17/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (02/17/05)
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? Matt Wilder (02/17/05)
• Dangers of discarding duplicated messages Adrian Bunk (02/17/05)
• Invision Power Boards 1.3.1 FINAL XSS Exploit Daniel A. (02/18/05)
• [ GLSA 200502-24 ] Midnight Commander: Multiple vulnerabilities Sune Kloppenborg Jeppesen (02/17/05)
• RECON 2005 CFP [Montreal, Canada] dataworm (02/17/05)
• Re: xprobe2 v0.2.2 released Stan Bubrouski (02/17/05)
• MDKSA-2005:039 - Updated rwho packages fix vulnerability Mandrakelinux Security Team (02/17/05)
• RE: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? Michael Scheidell (02/17/05)
• Re: SHA-1 broken Steve Friedl (02/17/05)
• Re: SHA-1 broken Robert Sussland (02/17/05)
• RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. David Schwartz (02/17/05)
• RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Nick FitzGerald (02/17/05)
• Re: SHA-1 broken Michael Cordover (02/17/05)
• RE: BrightStor ARCserve Backup buffer overflow PoC (fix available) Williams, James K (02/17/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Stefan Paletta (02/17/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Stefan Paletta (02/17/05)
• RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Benjamin Franz (02/17/05)
• Re: SHA-1 broken Kent Borg (02/17/05)
• [PersianHacker.NET 200505-06] paNews v2.0b4 XSS Vulnerability PersianHacker Team (02/16/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Seth Breidbart (02/16/05)
• NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+ TAC (02/16/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. lyal.collins (02/16/05)
• [Security Bulletin] SSRT5893 rev.0 - HP Web-enabled Management Software Remote Buffer Overflow Boren, Rich (SSRT) (02/16/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (02/16/05)
• XSS vulnerabilty in ASP.Net [with details] Andir Andir (02/17/05)
• Re: [Full-Disclosure] RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB886185 Thor (Hammer of God) (02/16/05)
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? Micah Brandon (02/16/05)
• Update Your Bookmarks Amit Klein (AKsecurity) (02/16/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Bill Brown (02/14/05)
• [USN-83-1] LessTif 2 vulnerabilities Martin Pitt (02/16/05)
• Re: vbulletin 3.0.x PHP code execution pokley (02/16/05)
• SHA-1 broken Gadi Evron (02/16/05)
• [ GLSA 200502-21 ] lighttpd: Script source disclosure Thierry Carrez (02/15/05)
• RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. David Schwartz (02/16/05)
• RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185 Correction Joe Granto (02/16/05)
• [SECURITY] [DSA 684-1] New typespeed packages fix arbitrary group games code execution Martin Schulze (02/16/05)
• [ GLSA 200502-20 ] Emacs, XEmacs: Format string vulnerabilities in movemail Thierry Carrez (02/15/05)
• [USN-82-1] Linux kernel vulnerabilities Martin Pitt (02/15/05)
• RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. David Schwartz (02/16/05)
• Blind Sql-Injection in MySQL Databases Zeelock (02/15/05)
• Advisory: Cross Site Scripting Vulnerability in Openconf Conference Management Software Maximillian Dornseif (02/14/05)
• [ GLSA 200502-18 ] VMware Workstation: Untrusted library search path Thierry Carrez (02/14/05)
• UPDATE: [ GLSA 200501-36 ] AWStats: Remote code execution Thierry Carrez (02/14/05)
• [ GLSA 200502-23 ] KStars: Buffer overflow in fliccd Sune Kloppenborg Jeppesen (02/16/05)
• xprobe2 v0.2.2 released Ofir Arkin (02/16/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Gwendolynn ferch Elydyr (02/16/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (02/16/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Gwendolynn ferch Elydyr (02/16/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (02/16/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Janusz A. Urbanowicz (02/16/05)
• [ GLSA 200502-22 ] wpa_supplicant: Buffer overflow vulnerability Matthias Geerdsen (02/16/05)
• [KDE Security Advisory] Buffer overflow in fliccd of kdeedu/kstars/indi Dirk Mueller (02/16/05)
• [hackgen-2005-#003] - SQL injection bugs in DCP-Portal Exoduks (02/16/05)
• [KDE Security Advisory] Buffer overflow in fliccd of kdeedu/kstars/indi Dirk Mueller (02/16/05)
• MDKSA-2005:038 - Updated emacs/xemacs packages fix vulnerability Mandrakelinux Security Team (02/16/05)
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? K-OTiK Security (02/16/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. George Capehart (02/15/05)
• Re: BrightStor ARCserve Backup buffer overflow PoC Williams, James K (02/16/05)
• Re: vbulletin 3.0.x PHP code execution AL3NDALEEB. (02/15/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Thor (Hammer of God) (02/15/05)
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? Thom Craver (02/16/05)
• [CLA-2005:925] Conectiva Security Announcement - evolution Conectiva Updates (02/16/05)
• [Full Disclosure] Using DHTML XSS to launch HHCTRL exploit Valentin Avram (02/16/05)
• XSS in MySpace.com RuWeb.net and Primus.com Chris (02/15/05)
• RE: [Full-Disclosure] RE: Microsoft Baseline Security Analyzer no t seeing KB887742 and KB886185 Randal, Phil (02/15/05)
• RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185 Correction Threlkeld, Richard (02/16/05)
• RE: eBay Account Phishing with eBay Redirect Israel Torres (02/15/05)
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? twebster_at_daksoft.com (02/15/05)
• RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB886185 Threlkeld, Richard (02/15/05)
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? Jeffrey Wilkinson (02/15/05)
• RE: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? William Pratt (02/15/05)
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? Ondra Holecek (02/15/05)
• [NOBYTES.COM: #3] osCommerce 2.2-MS2 - XSS Vulnerability John Cobb (02/15/05)
• Scottsave.com Trade History Exploit Ben Efros (02/15/05)
• Scottrader Application Exploit Ben Efros (02/15/05)
• RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185 Correction James Lay (02/15/05)
• Re: IE6 SP1 - Click N Crash is old news Berend-Jan Wever (02/15/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Sebastian (02/15/05)
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? Herman Sheremetyev (02/15/05)
• Re: eBay Account Phishing with eBay Redirect Jay Calvert (02/15/05)
• RE: eBay Account Phishing with eBay Redirect Thomas T. Evans, III (02/15/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (02/15/05)
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? Jamie Pratt (02/15/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (02/15/05)
• IE6 SP1 - Click N Crash ViPeR (02/15/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Thor (Hammer of God) (02/15/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Gwendolynn ferch Elydyr (02/15/05)
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? Ondra Holecek (02/15/05)
• Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? Jamie Pratt (02/15/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. bkfsec (02/15/05)
• Re: eBay Account Phishing with eBay Redirect Jonathan Rockway (02/15/05)
• MDKSA-2005:037 - Updated mailman packages fix directory traversal vulnerability Mandrakelinux Security Team (02/15/05)
• Re: vbulletin 3.0.x PHP code execution pokley (02/15/05)
• Re: eBay Account Phishing with eBay Redirect Nick FitzGerald (02/15/05)
• [SECURITY] [DSA 682-1] New awstats packages fix arbitrary command execution Martin Schulze (02/15/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Vincent Archer (02/15/05)
• Re: AWStats <= 6.4 Multiple vulnerabilities Ondra Holecek (02/15/05)
• ASPjar Guestbook login.asp not official patch CorryL (02/15/05)
• [SECURITY] [DSA 683-1] New postgresql packages fix arbitrary code execution Martin Schulze (02/15/05)
• [ GLSA 200502-19 ] PostgreSQL: Buffer overflows in PL/PgSQL parser Sune Kloppenborg Jeppesen (02/14/05)
• [ GLSA 200502-17 ] Opera: Multiple vulnerabilities Sune Kloppenborg Jeppesen (02/14/05)
• Re: eBay Account Phishing with eBay Redirect Josh Tolley (02/14/05)
• [NOBYTES.COM: #2] CubeCart 2.0.4 - Multiple Vulnerabilities John Cobb (02/14/05)
• Microsoft Baseline Security Analyzer not seeing KB887742 and KB88 6185 James Lay (02/14/05)
• vbulletin 3.0.x PHP code execution AL3NDALEEB (02/13/05)
• eBay Account Phishing with eBay Redirect Steven (02/13/05)
• Credit Card Phishing with executable download Gandalf The White (02/13/05)
• RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. David Schwartz (02/13/05)
• AWStats <= 6.4 Multiple vulnerabilities GHC_at_www.securityfocus.com, [ru]@securityfocus.com@www.securityfocus.com (02/14/05)
• [ GLSA 200502-15 ] PowerDNS: Denial of Service vulnerability Matthias Geerdsen (02/13/05)
• [SECURITY] [DSA 681-1] New synaesthesia packages fix unauthorised file access Martin Schulze (02/14/05)
• [ GLSA 200502-16 ] ht://Dig: Cross-site scripting vulnerability Luke Macken (02/13/05)
• RE: International Domain Name [IDN] support in modern browsers al lows attackers to spoof domain name URLs + SSL certs. Michael Wojcik (02/14/05)
• [ GLSA 200502-14 ] mod_python: Publisher Handler vulnerability Sune Kloppenborg Jeppesen (02/13/05)
• [SECURITY] [DSA 680-1] New htdig packages fix cross-site scripting vulnerability Martin Schulze (02/14/05)
• [SECURITY] [DSA 679-1] New toolchain-source package fixes insecure temporary files Martin Schulze (02/14/05)
• Re: BrightStor ARCserve Backup buffer overflow PoC H D Moore (02/13/05)
• [CLA-2005:924] Conectiva Security Announcement - XFree86 Conectiva Updates (02/14/05)
• Re: BrightStor ARCserve Backup buffer overflow PoC H D Moore (02/12/05)
• exim auth_spa_server() PoC exploit Yuri Gushin (02/12/05)
• Infostring crash and shutdown in the Quake 3 engine Luigi Auriemma (02/12/05)
• Re: Advanced Guestbook 2.2 -- SQL Injection Exploit mary_at_gmbwebworks.com (02/12/05)
• Re: [Full-Disclosure] Fireflashing [Firefox 1.0] Jelmer Kuperus (02/12/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Janusz A. Urbanowicz (02/12/05)
• Symantec UPX issue solution Roger A. Grimes (02/11/05)
• MDKSA-2005:032-1 - Updated cpio packages fix vulnerability Mandrakelinux Security Team (02/11/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Scott Gifford (02/12/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Neil W Rickert (02/11/05)
• iDEFENSE Security Advisory 02.11.05: ZoneAlarm 5.1 Invalid Pointer Dereference Vulnerability iDefense Customer Service (02/11/05)
• [ GLSA 200502-12 ] Webmin: Information leak in Gentoo binary package Thierry Carrez (02/11/05)
• [ GLSA 200502-13 ] Perl: Vulnerabilities in perl-suid wrapper Thierry Carrez (02/11/05)
• Zone Labs Security Alert ZL05-01: Zone Labs IPC Instability Zone Labs Product Security (02/11/05)
• SYM05-003 Symantec UPX Parsing Engine Heap Overflow secure_at_symantec.com (02/11/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Scott Gifford (02/11/05)
• Re: HACKING WITH JAVASCRIPT Jim Halfpenny (02/11/05)
• Re: HACKING WITH JAVASCRIPT Cleiton Martins (02/11/05)
• BrightStor ARCserve Backup buffer overflow PoC cybertronic_at_gmx.net (02/11/05)
• [FLSA-2005:2353] Updated gpdf package fixes security issues Marc Deslauriers (02/11/05)
• [FLSA-2005:2252] Updated iptables packages resolve security issues Marc Deslauriers (02/11/05)
• [FLSA-2005:2352] Updated Xpdf package fixes security issues Marc Deslauriers (02/11/05)
• [USN-80-1] mod_python vulnerability Martin Pitt (02/11/05)
• [USN-81-1] iptables vulnerability Martin Pitt (02/11/05)
• [FLSA-2005:2188] Updated gaim package resolves security issues Marc Deslauriers (02/11/05)
• [SECURITY] [DSA 677-1] New sympa packages fix potential arbitrary code execution Martin Schulze (02/11/05)
• [SECURITY] [DSA 676-1] New xpcd packages fix arbitrary code execution as root Martin Schulze (02/11/05)
• Re: Symantec UPX Parsing Engine Heap Overflow James Riden (02/11/05)
• insecure temporary file creation in kdelibs 3.3.2 Davide Madrisan (02/11/05)
• [SECURITY] [DSA 674-2] New mailman packages really fix several vulnerabilities Martin Schulze (02/11/05)
• Remotely Controlling XSS Attacks - Announcing XSS-Proxy Rager, Anton (Anton) (02/11/05)
• MDKSA-2005:036 - Updated MySQL packages fix temporary file vulnerability Mandrakelinux Security Team (02/11/05)
• MDKSA-2005:035 - Updated python packages fix vulnerability Mandrakelinux Security Team (02/11/05)
• MDKSA-2005:034 - Updated squid packages fix multiple vulnerabilities Mandrakelinux Security Team (02/11/05)
• MDKSA-2005:033 - Updated enscript packages fix multiple vulnerabilities Mandrakelinux Security Team (02/11/05)
• MDKSA-2005:032 - Updated cpio packages fix vulnerability Mandrakelinux Security Team (02/11/05)
• [SECURITY] [DSA 678-1] New netkit-rwho packages fix denial of service Martin Schulze (02/11/05)
• TSLSA-2005-0003 - multi Trustix Security Advisor (02/11/05)
• UPDATE: [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability Luke Macken (02/10/05)
• Re:iDEFENSE Security Advisory 02.10.05: IBM AIX ipl_varyon Local Buffer Overflow Vulnerability Shiva Persaud (02/10/05)
• Crashes and socket unreacheable in Armagetron Advanced 0.2.7.0 Luigi Auriemma (02/10/05)
• iDEFENSE Security Advisory 02.09.05: CA BrightStor ARCserve Backup v11 Discovery Service Remote Buffer Overflow iDefense Customer Service (02/10/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Peter J. Holzer (02/10/05)
• RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit Andrew Hunter (02/10/05)
• ASPjar guestbook (Injection in login page) farhad koosha (02/10/05)
• Symantec UPX Parsing Engine Heap Overflow Neil Watson (02/10/05)
• HACKING WITH JAVASCRIPT hictor ertd (02/09/05)
• Re: iDEFENSE Security Advisory 02.10.05: IBM AIX lspath Local File Access Vulnerability Shiva Persaud (02/10/05)
• Re: iDEFENSE Security Advisory 02.10.05: IBM AIX netpmon Local Buffer Overflow Vulnerability Shiva Persaud (02/10/05)
• RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit Color Inc. (02/10/05)
• secure-roster script to address mailman email harvester Neal McBurnett (02/10/05)
• Re: Finjan Security Advisory: Microsoft Office XP Remote Buffer Overflow Vulnerability Derek Martin (02/10/05)
• RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit Thor Larholm (02/10/05)
• [USN-79-1] PostgreSQL vulnerabilities Martin Pitt (02/10/05)
• [FLSA-2005:1906] Updated abiword packages fix security issue Dominic Hargreaves (02/10/05)
• [FLSA-2005:1943] Updated libpng resolves security vulnerabilities Dominic Hargreaves (02/10/05)
• [USN-78-1] Mailman vulnerability Martin Pitt (02/09/05)
• [SECURITY] [DSA 675-1] New hztty packages fix local utmp exploit Martin Schulze (02/10/05)
• Re: iDEFENSE Security Advisory 02.08.05: IBM AIX auditselect Local Format String Vulnerability Shiva Persaud (02/09/05)
• Re: iDEFENSE Security Advisory 02.07.05: IBM AIX chdev Local Format String Vulnerability Shiva Persaud (02/09/05)
• [ GLSA 200502-11 ] Mailman: Directory traversal vulnerability Sune Kloppenborg Jeppesen (02/10/05)
• Barracuda Spam Firewall <= 3.1.10 acts as open relay for whitelisted senders. Sean Sosik-Hamor (02/10/05)
• [SECURITY] [DSA 673-1] New evolution packages fix arbitrary code execution as root Martin Schulze (02/10/05)
• Re: International Domain Name [IDN] support in modern browsers al lows attackers to spoof domain name URLs + SSL certs. Marcin Sochacki (02/10/05)
• iDEFENSE Security Advisory 02.10.05: IBM AIX ipl_varyon Local Buffer Overflow Vulnerability iDefense Customer Service (02/10/05)
• iDEFENSE Security Advisory 02.10.05: IBM AIX netpmon Local Buffer Overflow Vulnerability iDefense Customer Service (02/10/05)
• [SECURITY] [DSA 674-1] New mailman packages fix several vulnerabilities Martin Schulze (02/10/05)
• iDEFENSE Security Advisory 02.10.05: IBM AIX lspath Local File Access Vulnerability iDefense Customer Service (02/10/05)
• Re: yet another DSL modem backdoor - Mentor (Conexant) Philip Barnham (02/10/05)
• SUSE Security Announcement: squid (SUSE-SA:2005:006) Thomas Biege (02/10/05)
• [Security Bulletin] SSRT4861 rev.0 - HP-UX BIND9.2.0 remote Denial of Service (DoS) Boren, Rich (SSRT) (02/10/05)
• yet another DSL modem backdoor - Mentor (Conexant) Adam Laurie (02/09/05)
• CMS Core SQL injection foster GHC (02/09/05)
• SQL injection in Chipmunk forums foster GHC (02/09/05)
• Paper: Solution to Red Hat PIE Protection Zarul Shahrin (02/09/05)
• [SECURITY] [DSA 672-1] New xview packages fix potential arbitrary code execution Martin Schulze (02/09/05)
• Re: GMail / Google Groups ESMTP software b0f Heather Adkins (02/09/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Simon Østengaard (02/09/05)
• Patch available for high risk IBM DB2 Universal Database flaw NGSSoftware Insight Security Research (02/09/05)
• RE: International Domain Name [IDN] support in modern browsers al lows attackers to spoof domain name URLs + SSL certs. Randal, Phil (02/09/05)
• CFP for SyScAN'05 organiser_at_syscan.org (02/09/05)
• RE: International Domain Name [IDN] - browser-level fix (not network.enableIDN) R Dicaire (02/09/05)
• Some details about MS05-007 security bulletin Jean-Baptiste Marchand (02/09/05)
• RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit Andrew Hunter (02/09/05)
• [ GLSA 200502-09 ] Python: Arbitrary code execution through SimpleXMLRPCServer Thierry Carrez (02/08/05)
• Mercuryboard <= 1.1.1 Working Sql Injection Zeelock (02/09/05)
• [Security Bulletin] - SSRT4883 HP-UX ftpd remote privileged access Boren, Rich (SSRT) (02/09/05)
• [SIG^2 G-TEC] ArGoSoft Mail Server Webmail Multiple Directory Traversal Vulnerabilities chewkeong_at_security.org.sg (02/09/05)
• Several SQL injection bugs in myPHP Forum v.1.0 foster GHC (02/09/05)
• Internet Explorer zone spoofing with encoded URLs Jouko Pynnonen (02/09/05)
• MDKSA-2005:031 - Updated perl packages fix multiple vulnerabilities Mandrakelinux Security Team (02/09/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Will Kamishlian (02/09/05)
• [ GLSA 200502-10 ] pdftohtml: Vulnerabilities in included Xpdf Matthias Geerdsen (02/09/05)
• MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit ATmaCA ATmaCA (02/09/05)
• Finjan Security Advisory: Microsoft Office XP Remote Buffer Overflow Vulnerability Rafel Ivgi (02/09/05)
• GREENAPPLE Release Dave Aitel (02/09/05)
• [SIG^2 G-TEC] 602LAN SUITE Web Mail Vulnerability Allows File Upload to Arbitrary Directories chewkeong_at_security.org.sg (02/08/05)
• [SCL-2005.002] - IDN Feature Workaround via proxy.pac Scovetta, Michael V (02/08/05)
• Integer overflow and arbitrary files deletion in RealArcade 1.2.0.994 Luigi Auriemma (02/08/05)
• EEYE: Windows SMB Client Transaction Response Handling Vulnerability Marc Maiffret (02/09/05)
• SafeNet SoftRemote VPN Client Issue: Clear-text password stored in memory Roy Hills (02/08/05)
• mailman email harvester Bernhard Kuemel (02/07/05)
• [PersianHacker.NET 200502-05] WWWoard passwd Andrew guess (02/08/05)
• [SECURITY] [DSA 671-1] New xemacs21 packages fix arbitrary code execution Martin Schulze (02/08/05)
• iDEFENSE Security Advisory 02.08.05: IBM AIX auditselect Local Format String Vulnerability iDefense Customer Service (02/08/05)
• [SECURITY] [DSA 670-1] New emacs20 packages fix arbitrary code execution Martin Schulze (02/08/05)
• OpenServer 5.0.6 OpenServer 5.0.7 : enable command line buffer overflows please_reply_to_security_at_sco.com (02/08/05)
• Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Jerome ATHIAS (02/08/05)
• CORE-2004-0819: MSN Messenger PNG Image Parsing Vulnerability CORE Security Technologies Advisories (02/08/05)
• UnixWare 7.1.4 : vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands please_reply_to_security_at_sco.com (02/08/05)
• RE: International Domain Name [IDN] - browser-level fix (not network.enableIDN) Scovetta, Michael V (02/08/05)
• php-fusion 4.x vuln thegreatone2176_at_yahoo.com (02/08/05)
• iDEFENSE Security Advisory 02.07.05: IBM AIX chdev Local Format String Vulnerability iDefense Customer Service (02/08/05)
• AppleFileServer Denial of Service. nemo_at_felinemenace.org (02/08/05)
• CodeCon Reminder Len Sassaman (02/07/05)
• International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Brandon Kovacs (02/08/05)
• UnixWare 7.1.4 : racoon multilple security issues please_reply_to_security_at_sco.com (02/07/05)
• GMail / Google Groups ESMTP software b0f Michal Zalewski (02/07/05)
• [SePro Bugtraq] SQL-Injection in PerlDesk 1.x deluxe_at_security-project.org (02/07/05)
• Firetabbing [Firefox 1.0] mikx (02/07/05)
• Fireflashing [Firefox 1.0] mikx (02/07/05)
• Firedragging [Firefox 1.0] mikx (02/07/05)
• OpenServer 5.0.6 OpenServer 5.0.7 : Vulnerabilities in long-lived TCP connections / Rose attack please_reply_to_security_at_sco.com (02/07/05)
• UnixWare 7.1.3 UnixWare 7.1.1 : Vulnerabilities in long-lived TCP connections / Rose attack please_reply_to_security_at_sco.com (02/07/05)
• [ GLSA 200502-08 ] PostgreSQL: Local privilege escalation Luke Macken (02/07/05)
• [Security Bulletin] HP Tru64 Unix Mozilla Application Suite 1.7.3 Remote Denial of Service (DoS) Boren, Rich (SSRT) (02/07/05)
• iDEFENSE Security Advisory 02.07.05: SquirrelMail S/MIME Plugin Command Injection Vulnerability iDefense Customer Service (02/07/05)
• [ GLSA 200502-06 ] LessTif: Multiple vulnerabilities in libXpm Thierry Carrez (02/06/05)
• Re: [Contact] Motorola broadband appliance team? Grzegorz Cegielski (02/07/05)
• [USN-77-1] Squid vulnerabilities Martin Pitt (02/07/05)
• [ GLSA 200502-07 ] OpenMotif: Multiple vulnerabilities in libXpm Thierry Carrez (02/07/05)
• [USN-76-1] Emacs vulnerability Martin Pitt (02/07/05)
• DMA[2005-0131b] - 'Setuid Perl PERLIO_DEBUG buffer overflow' KF (lists) (02/07/05)
• Vulnerability in 3Com 3CServer v1.1 mandragore (02/07/05)
• DMA[2005-0131a] - 'Setuid Perl PERLIO_DEBUG root owned file creation' KF (lists) (02/07/05)
• [OSX Finder] DS_Store arbitrary file overwrite vulnerability. Vade 79 (02/07/05)
• New version of ike-scan (IPsec IKE scanner) available - v1.7 Roy Hills (02/07/05)
• VOIPSEC VoIP Security Aliance (02/07/05)
• XSS Vulnerability at thefacebook.com Jonathan Rockway (02/07/05)
• [SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities Martin Schulze (02/07/05)
• Re: [USN-74-1] Postfix vulnerability Wietse Venema (02/05/05)
• [USN-75-1] cpio vulnerability Martin Pitt (02/04/05)
• [USN-74-1] Postfix vulnerability Martin Pitt (02/04/05)
• [PersianHacker.NET 200502-05] WWWoard passwd Pedram Hayati (02/05/05)
• directory traversal in RaidenHTTPD 1.1.27 Donato Ferrante (02/05/05)
• Foxmail Server Remote Buffer Overflow Vulnerability Xin Ouyang (02/05/05)
• [USN-74-2] Fixed Postfix packages for USN-74-1 Martin Pitt (02/04/05)
• Re: Wireless networks/Default Admin username security problem in Croatia Denis Jedig (02/05/05)
• Re: Input Validation Vulnerability in Apple Safari version 1.2.4 v125.12 Nicolas Gregoire (02/05/05)
• Webroot Software Resigns from COAST Paul Laudanski (02/05/05)
• [SECURITY] [DSA 667-1] New squid packages fix several vulnerabilities Martin Schulze (02/04/05)
• Re: Squirrelmail vacation v0.15 local root exploit p dont think (02/04/05)
• Re: [ RSTACK Public Security Advisory ] Remote DOS against Linksys PSUS4 Denis Jedig (02/04/05)
• [SECURITY] [DSA 667-1] New PostgreSQL packages fix arbitrary library loading Martin Schulze (02/04/05)
• Input Validation Vulnerability in Apple Safari version 1.2.4 v125.12 Jonathan Rockway (02/04/05)
• Wireless networks/Default Admin username security problem in Croatia Radoslav Dejanoviæ (02/04/05)
• Exploit For Savant Web Server 3.1 (tested on win2003) CorryL (02/04/05)
• [SECURITY] [DSA 666-1] New Python2.2 packages fix unauthorised XML-RPC internals access Martin Schulze (02/04/05)
• Re: [Linux kernel ipv6_setsockopt integer overflow] Dan Yefimov (02/03/05)
• [ RSTACK Public Security Advisory ] Remote DOS against Linksys PSUS4 laurent oudot (02/03/05)
• [USN-73-1] Python vulnerability Martin Pitt (02/03/05)
• [Linux kernel ipv6_setsockopt integer overflow] qobaiashi (02/03/05)
• DoS in LANChat Pro Revival 1.666c Donato Ferrante (02/03/05)
• Python Security Advisory PSF-2005-001 - SimpleXMLRPCServer.py Guido van Rossum (02/03/05)
• ngIRCd <= v0.8.2 Format String Vulnerability CoKi (02/03/05)
• RE: SECURITEY.NNOV.RU NewsPost buffer overflow [EXPLOIT] cybertronic_at_gmx.net (02/03/05)
• RE: Google getting smarter ?!?! Scott Jacobson (02/03/05)
• New presentation: Advanced SQL Injection in Oracle databases Esteban Martínez Fayó (02/03/05)
• MDKSA-2005:029 - Updated vim packages fix vulnerabilities Mandrakelinux Security Team (02/03/05)
• [ GLSA 200502-05 ] Newspost: Buffer overflow vulnerability Luke Macken (02/03/05)
• SV: Zyxel / Netgear and probably other routers leaking information. Jens Kalvik (02/01/05)
• [ GLSA 200502-04 ] Squid: Multiple vulnerabilities Sune Kloppenborg Jeppesen (02/02/05)
• Google getting smarter ?!?! John Madden (02/02/05)
• Re[2]: WinAmp POC: How to get 900+ shellcodespace!? Viktor E Larionov (02/02/05)
• Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues exon (02/02/05)
• Portcullis Advisory 05-009 Update, Webseries Payment Application Paul J Docherty (02/02/05)
• Windows Security Checklists - 10 Parts Paul Laudanski (02/01/05)
• Re: [Full-Disclosure] [ GLSA 200501-40 ] ngIRCd: Buffer overflow qobaiashi (02/02/05)
• Gallery is still vulnerable to Cross-site Scripting attacks Jon Keating (02/02/05)
• Portcullis Advisory 05-007 Update, Webseries Payment Application Paul J Docherty (02/02/05)
• Portcullis Advisory 05-006 Update, Webseries Payment Application Paul J Docherty (02/02/05)
• Portcullis Advisory 05-001 Update, Webseries Payment Application Paul J Docherty (02/02/05)
• Portcullis Advisory 05-005 Update, Webseries Payment Application Paul J Docherty (02/02/05)
• [FLSA-2005:2187] Updated freeradius packages fix security flaws Marc Deslauriers (02/02/05)
• 7a69Adv#21 - WinRAR unpack one-folder path disclosure Albert Puigsech Galicia (02/02/05)
• 7a69Adv#20 - ZipGenius unpack one-folder path disclosure Albert Puigsech Galicia (02/02/05)
• [ GLSA 200502-02 ] UW IMAP: CRAM-MD5 authentication bypass Sune Kloppenborg Jeppesen (02/02/05)
• [FLSA-2005:2272] Updated unarj package fixes security issue Marc Deslauriers (02/02/05)
• [FLSA-2005:2255] Updated zip package fixes security issue Marc Deslauriers (02/02/05)
• [ GLSA 200502-03 ] enscript: Multiple vulnerabilities Thierry Carrez (02/02/05)
• [USN-72-1] Perl vulnerabilities Martin Pitt (02/02/05)
• Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues Trog (02/02/05)
• Limited buffer-overflow in Painkiller 1.35 Luigi Auriemma (02/02/05)
• MDKSA-2005:027 - Updated chbg packages fix vulnerability Mandrakelinux Security Team (02/02/05)
• Portcullis Advisory 05-008 Update, Webseries Payment Application Paul J Docherty (02/02/05)
• SQL injection in EveryDNS.net Service Calum Power (02/02/05)
• MDKSA-2005:026 - Updated imap packages fix authentication vulnerability Mandrakelinux Security Team (02/02/05)
• [SIG^2 G-TEC] DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities chewkeong_at_security.org.sg (02/02/05)
• MDKSA-2005:028 - Updated ncpfs packages fix vulnerabilities Mandrakelinux Security Team (02/02/05)
• Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues Darren Bounds (02/02/05)
• [SECURITY] [DSA 664-1] New cpio packages fix insecure file permissions Martin Schulze (02/02/05)
• Re:WinAmp POC: How to get 900+ shellcodespace!? lists_at_bluemail.ch (02/02/05)
• Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues Dack (02/01/05)
• Re: [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues Trog (02/01/05)
• [ GLSA 200502-01 ] FireHOL: Insecure temporary file creation Matthias Geerdsen (02/01/05)
• [SECURITY] [DSA 662-1] New squirrelmail package fixes several vulnerabilities Martin Schulze (02/01/05)
• [SECURITY] [DSA 663-1] New prozilla packages fix arbitrary code execution Martin Schulze (02/01/05)
• [USN-71-1] PostgreSQL vulnerability Martin Pitt (02/01/05)
• [ Security Bulletin] SSRT5900 rev.0 HP-UX TGA daemon remote Denial of Service (DoS) Boren, Rich (SSRT) (02/01/05)
• SAME LADY, DIFFERENT HAT: REELY http-equiv_at_excite.com  (02/01/05)
• [ GLSA 200501-46 ] ClamAV: Multiple issues Sune Kloppenborg Jeppesen (01/31/05)

Last message date: 02/28/05
Archived on: 02/28/05 CET

---

544 messages sorted by: [ author ] [ thread ] [ subject ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2005-02