SecurityFocus Bugtraq
By Subject

358 messages sorted by: [ author ] [ date ] [ thread ] [ attachment ]

---

Starting: 09/01/05
Ending: 09/30/05

• "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein
  • Sergey V. Gordeychik (09/30/05)
  • Amit Klein (AKsecurity) (09/28/05)
  • Yutaka OIWA (09/27/05)
  • anonymous_at_anonymous.com (09/27/05)
  • Amit Klein (AKsecurity) (09/24/05)
• (Annex A) ADSL Road Runner Exploit Description & Theory
  • gp32boy_at_hotmail.com (09/02/05)
• (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine
  • Piotr Bania (09/09/05)
• (TOOL) TAPiON ver 0.1c
  • Piotr Bania (09/16/05)
• 404 error XSS
  • Josh Zlatin-Amishav (09/14/05)
• @System Security Conference
  • Giorgio Zoppi (09/18/05)
• [ GLSA 200509-01 ] MPlayer: Heap overflow in ad_pcm.c
  • Thierry Carrez (09/01/05)
• [ GLSA 200509-02 ] Gnumeric: Heap overflow in the included PCRE library
  • Thierry Carrez (09/03/05)
• [ GLSA 200509-03 ] OpenTTD: Format string vulnerabilities
  • Stefan Cornelius (09/05/05)
• [ GLSA 200509-04 ] phpLDAPadmin: Authentication bypass
  • Thierry Carrez (09/06/05)
• [ GLSA 200509-05 ] Net-SNMP: Insecure RPATH
  • Thierry Carrez (09/06/05)
• [ GLSA 200509-06 ] Squid: Denial of Service vulnerabilities
  • Sune Kloppenborg Jeppesen (09/07/05)
• [ GLSA 200509-07 ] X.Org: Heap overflow in pixmap allocation
  • Thierry Carrez (09/12/05)
• [ GLSA 200509-08 ] Python: Heap overflow in the included PCRE library
  • Thierry Carrez (09/12/05)
• [ GLSA 200509-09 ] Py2Play: Remote execution of arbitrary Python code
  • Thierry Carrez (09/17/05)
• [ GLSA 200509-10 ] Mailutils: Format string vulnerability in imap4d
  • Thierry Carrez (09/17/05)
• [ GLSA 200509-11 ] Mozilla Suite, Mozilla Firefox: Buffer overflow
  • Thierry Carrez (09/18/05)
• [ GLSA 200509-12 ] Apache, mod_ssl: Multiple vulnerabilities
  • Thierry Carrez (09/19/05)
• [ GLSA 200509-13 ] Clam AntiVirus: Multiple vulnerabilities
  • Thierry Carrez (09/19/05)
• [ GLSA 200509-14 ] Zebedee: Denial of Service vulnerability
  • Thierry Carrez (09/20/05)
• [ GLSA 200509-15 ] util-linux: umount command validation error
  • Thierry Carrez (09/20/05)
• [ GLSA 200509-16 ] Mantis: XSS and SQL injection vulnerabilities
  • Thierry Carrez (09/24/05)
• [ GLSA 200509-17 ] Webmin, Usermin: Remote code execution through PAM authentication
  • Thierry Carrez (09/24/05)
• [ GLSA 200509-18 ] Qt: Buffer overflow in the included zlib library
  • Sune Kloppenborg Jeppesen (09/26/05)
• [ GLSA 200509-19 ] PHP: Vulnerabilities in included PCRE and XML-RPC libraries
  • Thierry Carrez (09/27/05)
• [ GLSA 200509-21 ] Hylafax: Insecure temporary file creation in xferfaxstats script
  • Thierry Carrez (09/30/05)
• [ Suresec Advisories ] - Kcheckpass file creation vulnerability
  • Suresec Advisories (09/07/05)
• [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.7
  • bugtraq_at_morph3us.org (09/20/05)
• [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.8/9
  • bugtraq_at_morph3us.org (09/18/05)
• [FLSA-2005:152919] Updated grip package fixes security issue
  • Marc Deslauriers (09/16/05)
• [FLSA-2005:160202] Updated mozilla packages fix security issues
  • Marc Deslauriers (09/15/05)
• [FLSA-2005:162680] Updated Zlib packagea fix security issues
  • Marc Deslauriers (09/15/05)
• [FLSA-2005:163047] Updated squirrelmail package fixes security issues
  • Marc Deslauriers (09/15/05)
• [FLSA-2005:163274] Updated CUPS packages fix security issue
  • Marc Deslauriers (09/15/05)
• [Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine
  • Alejandro Barrera (09/09/05)
  • Piotr Bania (09/09/05)
  • Alejandro Barrera (09/09/05)
• [Full-disclosure] [scip_Advisory 1746] Microsoft Internet Explorer 6.0 embedded content cross site scripting
  • Brion Vibber (09/22/05)
• [Full-disclosure] Cisco IOS hacked?
  • Andrei Mikhailovsky (09/19/05)
• [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox
  • milw0rm Inc. (09/16/05)
  • Juha-Matti Laurio (09/16/05)
• [Full-disclosure] FireFox Host: Buffer Overflow is not justexploitable on FireFox
  • Juha-Matti Laurio (09/16/05)
  • Peter Kruse (09/14/05)
• [Full-disclosure] killbits? should have named them kibbles and bits
  • Ill will (09/19/05)
• [Full-disclosure] Microsoft Windows keybd_event validation vulnerability
  • Jerome Athias (09/06/05)
• [Full-disclosure] Mozilla / Mozilla Firefox authentication weakness
  • Daniel Veditz (09/14/05)
  • Juha-Matti Laurio (09/15/05)
• [ISR] - Novell GroupWise Client Integer Overflow
  • Crist J. Clark (09/27/05)
  • Francisco Amato (09/27/05)
• [KDE Security Advisory] kcheckpass local root vulnerability
  • Dirk Mueller (09/05/05)
• [NewAngels Advisory #5] Stylemotion WEB//NEWS 1.4 Vulnerabilities
  • r.verton_at_gmail.com (09/07/05)
• [NewAngels Advisory] aMember Pro 2.3.X - Remote File Include Vulnerability
  • 4Degrees_at_46and2.com (09/05/05)
• [NOBYTES.COM: #11] MidiCart ASP Shopping Cart, Evaluation Version 7 & Standard & Pro - Multiple Vulnerabilities
  • exoduks_at_securityfocus.com, (09/07/05)
  • John Cobb (09/03/05)
• [OpenPKG-SA-2005.017] OpenPKG Security Advisory (modssl)
  • OpenPKG (09/02/05)
• [OpenPKG-SA-2005.018] OpenPKG Security Advisory (pcre)
  • OpenPKG (09/05/05)
• [OpenPKG-SA-2005.019] OpenPKG Security Advisory (openssh)
  • OpenPKG (09/06/05)
• [OpenPKG-SA-2005.020] OpenPKG Security Advisory (proftpd)
  • OpenPKG (09/06/05)
• [OpenPKG-SA-2005.021] OpenPKG Security Advisory (squid)
  • OpenPKG (09/10/05)
• [scip_Advisory 1746] Microsoft Internet Explorer 6.0 embedded content cross site scripting
  • Marc Ruef (09/22/05)
• [security bulletin] SSRT051005 rev.1 - HP ProLiant DL585 Servers Unauthorized Remote Access
  • Boren, Rich (HP SSRT) (09/01/05)
• [security bulletin] SSRT051023 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access
  • security-alert_at_hp.com (09/05/05)
• [security bulletin] SSRT5971 rev.0 - HP Tru64 Unix FTP Daemon (ftpd) Remote Denial of Service (DoS)
  • security-alert_at_hp.com (09/20/05)
• [security bulletin] SSRT5988 rev.1 - HP Tru64 Unix libXpm Remote Denial of Service (DoS) or Execute Privileged Code
  • security-alert_at_hp.com (09/21/05)
• [security bulletin] SSRT5998 Rev.2 HP System Management Homepage (v2.0.x) Denial of Service (DoS) and XSS
  • security-alert_at_hp.com (09/22/05)
• [security bulletin] SSRT5999 rev.0 HP OpenVMS Secure Web Browser Mozilla Application Node Spoofing
  • security-alert_at_hp.com (09/20/05)
• [SECURITY] [DSA 779-2] New Mozilla Firefox packages fix several vulnerabilities
  • Martin Schulze (09/01/05)
• [SECURITY] [DSA 793-1] New sqwebmail packages fix cross-site scripting
  • Martin Schulze (09/01/05)
• [SECURITY] [DSA 794-1] New polygen packages fix denial of service
  • Martin Schulze (09/01/05)
• [SECURITY] [DSA 795-2] Updated i386 proftpd packages fix format string vulnerability
  • Michael Stone (09/03/05)
• [SECURITY] [DSA 797-2] Updated zsync i386 packages fix build error
  • Michael Stone (09/29/05)
• [SECURITY] [DSA 798-1] New phproupware packages fix several vulnerabilities
  • Martin Schulze (09/02/05)
• [SECURITY] [DSA 799-1] New webcalendar packages fix remote code execution
  • Michael Stone (09/02/05)
• [SECURITY] [DSA 800-1] New pcre3 packages fix arbitrary code execution
  • Martin Schulze (09/02/05)
• [SECURITY] [DSA 801-1] New ntp packages fix group id confusion
  • Martin Schulze (09/05/05)
• [SECURITY] [DSA 802-1] New cvs packages fix insecure temporary files
  • Martin Schulze (09/07/05)
• [SECURITY] [DSA 803-1] New Apache packages fix HTTP request smuggling
  • Martin Schulze (09/08/05)
• [SECURITY] [DSA 804-1] New kdelibs packages fix backup file information leak
  • Martin Schulze (09/08/05)
• [SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities
  • Martin Schulze (09/08/05)
• [SECURITY] [DSA 806-1] New cvs packages fix insecure temporary files
  • Martin Schulze (09/09/05)
• [SECURITY] [DSA 807-1] New mod_ssl packages fix acl restriction bypass
  • Martin Schulze (09/12/05)
• [SECURITY] [DSA 808-1] New tdiary packages fix Cross Site Request Forgery
  • Martin Schulze (09/12/05)
• [SECURITY] [DSA 809-1] New squid packages fix several vulnerabilities
  • Martin Schulze (09/13/05)
• [SECURITY] [DSA 810-1] New Mozilla packages fix several vulnerabilities
  • Martin Schulze (09/13/05)
• [SECURITY] [DSA 811-1] New common-lisp-controller packages fix arbitrary code injection
  • Martin Schulze (09/14/05)
• [SECURITY] [DSA 812-1] New turqstat packages fix buffer overflow
  • Martin Schulze (09/15/05)
• [SECURITY] [DSA 813-1] New centericq packages fix several vulnerabilities
  • Martin Schulze (09/15/05)
• [SECURITY] [DSA 814-1] New lm-sensors packages fix insecure temporary file
  • Martin Schulze (09/15/05)
• [SECURITY] [DSA 815-1] New kdebase packages fix local root vulnerability
  • Martin Schulze (09/16/05)
• [SECURITY] [DSA 817-1] New python2.2 packages fix arbitrary code execution
  • joey_at_infodrom.org (09/22/05)
  • Martin Schulze (09/22/05)
• [SECURITY] [DSA 818-1] New kdeedu packages fix insecure temporary files
  • Martin Schulze (09/22/05)
• [SECURITY] [DSA 819-1] New python2.1 packages fix arbitrary code execution
  • Martin Schulze (09/23/05)
• [SECURITY] [DSA 820-1] New courier packages fix cross-site scripting
  • Martin Schulze (09/24/05)
• [SECURITY] [DSA 821-1] New python2.3 packages fix arbitrary code execution
  • Martin Schulze (09/28/05)
• [SECURITY] [DSA 822-1] New gtkdiskfree packages fix insecure temporary file
  • Martin Schulze (09/29/05)
• [SECURITY] [DSA 823-1] New util-linux packages fix privilege escalation
  • Martin Schulze (09/29/05)
• [SECURITY] [DSA 824-1] New ClamAV packages fix denial of service
  • Martin Schulze (09/29/05)
• [SECURITY] [DSA 825-1] New loop-aes-utils packages fix privilege escalation
  • Martin Schulze (09/29/05)
• [SECURITY] [DSA 826-1] New helix-player packages fix multiple vulnerabilities
  • Michael Stone (09/30/05)
• [SECURITY] [DSA 830-1] New ntlmaps packages fix information leak
  • Martin Schulze (09/30/05)
• [SECURITY] [DSA 831-1] New mysql-dfsg packages fix arbitrary code execution
  • Martin Schulze (09/30/05)
• [SECURITY] [DSA 832-1] New gopher packages fix several buffer overflows
  • Martin Schulze (09/30/05)
• [SecuriWeb.2005.1] - Barracuda SPAM firewall advisory
  • Francois Harvey (09/01/05)
• [Snort-users] Snort DoS Fallacies
  • Ferguson, Justin (IARC) (09/14/05)
  • Steven Sturges (09/14/05)
  • Martin Roesch (09/13/05)
• [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability
  • snsadv (09/21/05)
• [USN-145-2] wget bug fix
  • Martin Pitt (09/06/05)
• [USN-173-4] PCRE vulnerabilities
  • Martin Pitt (08/31/05)
• [USN-176-1] kcheckpass vulnerability
  • Martin Pitt (09/07/05)
• [USN-177-1] Apache 2 vulnerabilities
  • Martin Pitt (09/07/05)
• [USN-178-1] Linux kernel vulnerabilities
  • Martin Pitt (09/09/05)
• [USN-179-1] openssl weak default configuration
  • Martin Pitt (09/09/05)
• [USN-181-1] Mozilla products vulnerability
  • Martin Pitt (09/12/05)
• [USN-184-1] umount vulnerability
  • Martin Pitt (09/19/05)
• [USN-185-1] CUPS vulnerability
  • Martin Pitt (09/20/05)
• [USN-186-1] Mozilla and Firefox vulnerabilities
  • Martin Pitt (09/23/05)
• [USN-186-2] Ubuntu 4.10 packages for USN-186-1 Firefox security update
  • Martin Pitt (09/25/05)
• [USN-187-1] Linux kernel vulnerabilities
  • Martin Pitt (09/25/05)
• [USN-188-1] AbiWord vulnerability
  • Martin Pitt (09/29/05)
• [USN-189-1] cpio vulnerabilities
  • Martin Pitt (09/29/05)
• [USN-190-1] SNMP vulnerability
  • Martin Pitt (09/29/05)
• [USN-191-1] unzip vulnerability
  • Martin Pitt (09/29/05)
• [USN-192-1] Squid vulnerability
  • Martin Pitt (09/30/05)
• [USN-83-2] LessTif 1 vulnerabilities
  • Martin Pitt (09/12/05)
• Adobe Version Cue exploits.
  • v9 (09/01/05)
• Airscanner Mobile Security Advisory #05081101: vxWeb v.1.1.4 Denial of Service Vulnerability
  • contact_at_airscanner.com (09/15/05)
• Airscanner Mobile Security Advisory #05081102: vxFtpSrv 0.9.7 Remote Code Execution Buffer Overflow Vulnerability
  • contact_at_airscanner.com (09/15/05)
• Airscanner Mobile Security Advisory #05081203: vxTftpSrv 1.7.0 Remote Code Execution Buffer Overflow Vulnerability
  • contact_at_airscanner.com (09/15/05)
• Airscanner Mobile Security Advisory #05082201: File Transfer Anywhere v3.01 Local Server Password Disclosure
  • 3APA3A (09/16/05)
  • contact_at_airscanner.com (09/14/05)
• AlstraSoft E-Friends Remote Command Exucetion
  • khc_at_bsdmail.org (09/24/05)
• Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability
  • h4cky0u_at_gmail.com (09/18/05)
  • h4cky0u_at_gmail.com (09/19/05)
• Announce: Bluetooth mailing list - Bluetraq
  • Adam Laurie (09/30/05)
• Announce: RSBAC v1.2.5 released
  • Amon Ott (09/27/05)
• Anti Arp Poisoning Daemon (OpenAAPD) PS: Link corrected
  • Andrea Di Pasquale (09/14/05)
• anti Windows XP SP2 firewall trick
  • Ansgar -59cobalt- Wiechers (09/08/05)
  • crusoe_at_alexandria.cc (09/07/05)
• Antigen 8.0 for Exchange/SMTP Rule Vulnerability
  • Alan Monaghan (09/19/05)
• apachetop insecure temporary file creation
  • ZATAZ Audits (09/30/05)
• arc insecure temporary file creation
  • ZATAZ Audits (09/16/05)
• Ariba password exposure vulnerability
  • Craig Kennedy (09/01/05)
  • gerald626_at_gmail.com (08/31/05)
• Ariba Spend Management System
  • gerald626_at_gmail.com (09/01/05)
• ATutor 1.5.1 SQL Injection / Admin credentials disclosure / remote code execution
  • retrogod_at_aliceposta.it (09/14/05)
• AV == parasites? (was: PocketPC exploitation)
  • Michael Shigorin (09/29/05)
• Avocent CCM: Port Access Control Bypass Vulnerability
  • spam_at_drwetter.org (09/15/05)
• AWstats Path Disclosure Vulnerability
  • Martin Pitt (09/15/05)
  • cwh01_at_www78.dixiesys.com (09/15/05)
  • Fournaux (09/15/05)
• AzDGDatingLite V 2.1.3 remote code execution
  • retrogod_at_aliceposta.it (09/13/05)
• bacula insecure temporary file creation
  • Eric Romang / ZATAZ.com (09/20/05)
• Buffer-overflow and directory traversal bugs in Virtools Web Player 3.0.0.100
  • Luigi Auriemma (09/30/05)
• Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC
  • Paul Laudanski (09/29/05)
  • warl0ck_at_linuxmail.org (09/29/05)
  • Debasis Mohanty (09/28/05)
• CastleCops ramps up fight against CoolWebSearch/HomeSearch
  • Times Enemy (09/15/05)
  • Paul Laudanski (09/16/05)
  • Paul Laudanski (09/14/05)
• CDMA1X Security
  • pen-test_at_securityfocus.com (09/16/05)
• Character Manipulation in Online Systems.
  • hackology_at_gmail.com (09/15/05)
• Cisco IOS hacked?
  • ciscoioshehehe (09/19/05)
• Cisco Security Advisory: Cisco IOS Firewall Authentication Proxy for FTP and Telnet Sessions Buffer Overflow
  • Cisco Systems Product Security Incident Response Team (09/07/05)
• Citrix Metaframe Presentation Server bypassing policies
  • gustavog_at_grupoitpro.com.ar (09/30/05)
• Cj Desing Three Aplications One Bug
  • psymera_at_hotmail.com (09/08/05)
• class-1 Forum Software v 0.24.4 Remote code execution
  • retrogod_at_aliceposta.it (09/08/05)
• CMS Made Simple 0.10 is susceptible to a cross site scripting attack.
  • X1ngBox_at_securityfocus.com (09/26/05)
• CMS Made Simple <= 0.10 - PHP injection
  • garaged (09/06/05)
• CodePimps e-zine #0x07 was released
  • codepimps_at_boiteam.net (09/02/05)
• CuteNews 1.4.0 remote code execution
  • retrogod_at_aliceposta.it (09/17/05)
  • retrogod_at_aliceposta.it (09/17/05)
• CYBSEC - Multiple Vendor Web Vulnerability Scanner Arbitrary Script Injection Vulnerability
  • Mariano Nuņez Di Croce (09/01/05)
• Debian Security Host Bandwidth Saturation
  • Martin Schulze (09/20/05)
• Digital Scribe v1.4 Login Bypass / SQL injection / remote code execution
  • retrogod_at_aliceposta.it (09/15/05)
• DriverStudio Remote Control Authentication Bypass Vulnerability
  • cocoruder_at_163.com (09/15/05)
• Dumb Question
  • Sean Warnock (09/19/05)
• ElseNot project
  • layne_at_elsenot.com (09/26/05)
• ERRATA: [ GLSA 200507-20 ] Shorewall: Security policy bypass
  • Thierry Carrez (09/17/05)
• FF IDN buffer overflow workaround works in Netscape too
  • Juha-Matti Laurio (09/16/05)
• File aribitary read access in frox
  • un4m31_at_gmail.com (09/01/05)
• FileZilla weakly-encrypted password vulnerability
  • Luigi Auriemma (09/04/05)
• FileZilla weakly-encrypted password vulnerability: advisory + PoC
  • Mark Senior (09/07/05)
  • MacIntyre, Lawrence Paul (09/07/05)
  • medhead_at_flagmandesign.com (09/04/05)
  • Nicholas Knight (09/04/05)
  • Nick Boyce (09/05/05)
  • m123303_at_securityfocus.com, (09/02/05)
• FireFox exploit updated
  • Berend-Jan Wever (09/22/05)
• FL Studio 5 (.flp file processing) Heap Overflow
  • varunuppal_at_linuxmail.org (09/26/05)
• FreeBSD GNU Mailutils 0.6 imap4d exploit
  • angelo_at_rosiello.org (09/26/05)
• FreeBSD Security Advisory FreeBSD-SA-05:20.cvsbug
  • FreeBSD Security Advisories (09/07/05)
• FreeBSD Security Advisory FreeBSD-SA-05:20.cvsbug [REVISED]
  • FreeBSD Security Advisories (09/09/05)
• Greyhats Security back online
  • pvnick_at_gmail.com (09/16/05)
• gtkdiskfree insecure temporary file creation
  • ZATAZ Audits (09/15/05)
• gwcc insecure temporary file creation
  • ZATAZ Audits (09/16/05)
• Hack Dot AE v2
  • SpyHat_at_SpyHat.com (09/22/05)
• Hesk Session ID Validation Vulnerability
  • os2a.bto_at_gmail.com (09/20/05)
• Hijacking Bluetooth Headsets for Fun and Profit?
  • KF (lists) (09/23/05)
• HTTP Request Smuggling - ERRATA (the IIS 48K buffer phenomenon)
  • Amit Klein (AKsecurity) (09/22/05)
• I have discovered small xss error in open webmail 2.41
  • s3cure_at_poczta.fm (09/03/05)
• iDEFENSE Security Advisory 09.01.05: 3Com Network Supervisor Directory Traversal Vulnerability
  • iDEFENSE Labs (09/01/05)
• iDEFENSE Security Advisory 09.01.05: Novell NetMail IMAPD Command Continuation Request Heap Overflow
  • iDEFENSE Labs (09/01/05)
• iDEFENSE Security Advisory 09.09.05: GNU Mailutils 0.6 imap4d 'search' Format String Vulnerability
  • iDEFENSE Labs (09/09/05)
• iDEFENSE Security Advisory 09.13.05: Linksys WRT54G 'restore.cgi' Configuration Modification Design Error Vulnerability
  • iDEFENSE Labs (09/13/05)
• iDEFENSE Security Advisory 09.13.05: Linksys WRT54G 'upgrade.cgi' Firmware Upload Design Error Vulnerability
  • iDEFENSE Labs (09/13/05)
• iDEFENSE Security Advisory 09.13.05: Linksys WRT54G Management Interface DoS Vulnerability
  • iDEFENSE Labs (09/13/05)
• iDEFENSE Security Advisory 09.13.05: Linksys WRT54G Router Remote Administration apply.cgi Buffer Overflow Vulnerability
  • iDEFENSE Labs (09/13/05)
• iDEFENSE Security Advisory 09.13.05: Linksys WRT54G Router Remote Administration Fixed Encryption Key Vulnerability
  • iDEFENSE Labs (09/13/05)
• iDEFENSE Security Advisory 09.30.05: RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability
  • iDEFENSE Labs (09/30/05)
• IIS 5.1 allows for remote viewing of source code on FAT/FAT32 volumes using WebDAV
  • inge.henriksen_at_booleansoft.com (09/04/05)
• IOS exploit]
  • martin_at_kusala.net (09/22/05)
  • Gadi Evron (09/19/05)
• Is netcraft publishing URL of your intranet sites?
  • Saqib Ali (09/15/05)
• Is the Bottom Line Impacted by Security Breaches?
  • Kenneth F. Belva (09/28/05)
• KillProcess 2.20 and priors "FileDescription" Local Buffer Overflow Issue
  • fRoGGz_at_securityfocus.com (09/09/05)
  • fRoGGz_at_securityfocus.com (09/09/05)
• Land Down Under 'events.php' Cross Site Scripting Vulnerability
  • conor.e.buckley_at_gmail.com (09/05/05)
• Lucid CMS 1.0.11 SQL Injection / Login Bypass / remote code execution
  • retrogod_at_aliceposta.it (09/29/05)
• lucidCMS 1.0.11 is susceptible to a cross site scripting attack
  • x1ngbox_at_securityfocus.com (09/27/05)
• MailGust 1.9 SQL Injection
  • retrogod_at_aliceposta.it (09/24/05)
• Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities
  • Joxean Guay del Paraguay (09/26/05)
• MAXdev MD-Pro 1.0.73 (possibly prior versions) remote code execution / cross site scripting / path disclosure
  • retrogod_at_aliceposta.it (09/06/05)
• MDKSA-2005:138-1 - Updated cups packages fix vulnerability
  • Mandriva Security Team (09/20/05)
• MDKSA-2005:156 - Updated ntp packages fix small security-related issue.
  • Mandriva Security Team (09/07/05)
• MDKSA-2005:157 - Updated smb4k packages fix vulnerabilities
  • Mandriva Security Team (09/07/05)
• MDKSA-2005:158 - Updated mplayer packages fix vulnerabilities
  • Mandriva Security Team (09/07/05)
• MDKSA-2005:159 - Updated kdeedu packages fix tempfile vulnerability
  • Mandriva Security Team (09/07/05)
• MDKSA-2005:160 - Updated kdebase packages fix potential local root vulnerability
  • Mandriva Security Team (09/07/05)
• MDKSA-2005:161 - Updated apache2 packages to address multiple vulnerabilities
  • Mandriva Security Team (09/08/05)
• MDKSA-2005:162 - Updated squid packages fix vulnerabilities
  • Mandriva Security Team (09/13/05)
• MDKSA-2005:163 - Updated MySQL packages fix vulnerability
  • Mandriva Security Team (09/13/05)
• MDKSA-2005:164 - Updated XFree86/x.org packages fix vulnerability
  • Mandriva Security Team (09/14/05)
• MDKSA-2005:165 - Updated cups packages fix vulnerability
  • Mandriva Security Team (09/20/05)
• MDKSA-2005:166 - Updated clamv packages fix vulnerabilities
  • Mandriva Security Team (09/21/05)
• MDKSA-2005:167 - Updated util-linux packages fix umount vulnerability
  • Mandriva Security Team (09/21/05)
• MDKSA-2005:168 - Updated masqmail packages fix vulnerabilities
  • Mandriva Security Team (09/21/05)
• MDKSA-2005:169 - Updated mozilla-firefox packages fix multiple vulnerabilities
  • Mandriva Security Team (09/27/05)
• MDKSA-2005:170 - Updated mozilla packages fix multiple vulnerabilities
  • Mandriva Security Team (09/27/05)
• mercury imap4 remote BOF exploit ( IHSTeam )
  • c0d3r_at_ihsteam.com (09/20/05)
• Microsoft Windows keybd_event validation vulnerability
  • galacticjello_at_eforu.com (09/07/05)
  • Ansgar -59cobalt- Wiechers (09/07/05)
  • Frederic Charpentier (09/06/05)
• Mozilla / Mozilla Firefox authentication weakness
  • 3APA3A (09/14/05)
• Multiple vulnerabilities in FreeBSD 'urban'
  • Shaun Colley (09/04/05)
• Multiple vulnerabilities in Merak Mail Server 8.2.4r with Icewarp Web Mail 5.5.1
  • ss_contacts_at_hotmail.com (09/30/05)
• My Little Forum 1.5 / 1.6beta SQL Injection
  • retrogod_at_aliceposta.it (09/22/05)
  • retrogod_at_aliceposta.it (09/22/05)
• ncompress insecure temporary file creation
  • ZATAZ Audits (09/16/05)
• Nokia 7610, 3210 denial of service in OBEX.
  • A. Ramos (09/26/05)
• Online Dating Software by AEwebworks - aeDating Script <= 4.0 Version Vulnerability
  • alexsrb_at_netsite.com (09/15/05)
• OpenServer 5.0.7 OpenServer 6.0.0 : UnZip File Permissions Change Vulnerability
  • please_reply_to_security_at_sco.com (09/28/05)
• OpenServer 6.0.0 : TCP Remote ICMP Denial Of Service Vulnerabilities
  • please_reply_to_security_at_sco.com (09/22/05)
• Oracle Reports: Generic SQL Injection Vulnerability via Lexical References
  • ak_at_red-database-security.com (09/14/05)
• PacSec 05
  • Dragos Ruiu (09/26/05)
• Paper - How It's Difficult to Ruin a Good Name: An Analysis of Reputational Risk
  • hodejo1_at_aol.com (09/21/05)
  • Kenneth F. Belva (09/21/05)
• PBLang 4.65 (possibly prior versions) remote code execution
  • retrogod_at_aliceposta.it (09/07/05)
• PHP Nuke <= 7.8 Multiple SQL Injections
  • hans (09/17/05)
  • Paul Laudanski (09/17/05)
  • Daniel Bonekeeper (09/17/05)
  • Paul Laudanski (09/16/05)
  • Paul Laudanski (09/16/05)
  • Matthias Jim Knopf (09/16/05)
  • Paul Laudanski (09/14/05)
  • evaders99_at_gmail.com (09/14/05)
  • r.verton_at_gmail.com (09/12/05)
• PHP SESSION MODIFICATION
  • David N Murray (09/16/05)
  • unknow_at_uw-team.org (09/16/05)
• PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure
  • security curmudgeon (09/30/05)
  • Petko Petkov (09/29/05)
  • retrogod_at_aliceposta.it (09/28/05)
• PHP-Nuke
  • bhfh_at_walla.com (09/05/05)
• phpBB 2.0.17 remote avatar size bug
  • Peter Kieser (09/21/05)
  • Sean Sullivan (09/20/05)
  • SmOk3 (09/20/05)
• phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting
  • retrogod_at_aliceposta.it (09/05/05)
• PhpMyFAQ 1.5.1 multiple vulnerabilities
  • retrogod_at_aliceposta.it (09/23/05)
• Platinum Secure smartcard security bypass
  • acidemon_at_gmail.com (09/22/05)
• PocketPC exploitation
  • Joel Maslak (09/30/05)
  • Denis Jedig (09/30/05)
  • Jose Morales (09/28/05)
  • Jose Morales (09/21/05)
• Possible memory corruption problems in Apple Safari
  • Jonathan Rockway (09/17/05)
• Protty v.01A (beta) - shellcode execution protection library for Windows NT based systems
  • Piotr Bania (09/22/05)
• PTL Advisory 050825 - HP LaserJet Network Username and Information Enumeration
  • Pinion Lab (09/15/05)
• RealPlayer && HelixPlayer Remote Format String Exploit
  • c0ntexb_at_gmail.com (09/26/05)
• Remote File Inclusion in MyGuestbook
  • security curmudgeon (09/23/05)
  • rod hedor (09/15/05)
• Revised paper on "ICMP attacks against TCP"
  • Fernando Gont (09/05/05)
• Rita Scams Call to Arms - Update
  • Gadi Evron (09/23/05)
• Rule bypassing in CheckPoint NGX R60
  • fitz (09/07/05)
• Sawmill XSS vuln
  • Mark Terry (09/12/05)
• Secunia Research: 7-Zip ARJ Archive Handling Buffer Overflow
  • Secunia Research (09/23/05)
• Secunia Research: Ahnlab V3 Antivirus Multiple Vulnerabilities
  • Secunia Research (09/15/05)
• Secunia Research: ALZip ACE Archive Handling Buffer Overflow
  • Secunia Research (09/08/05)
• Secunia Research: AVIRA Antivirus ACE Archive Handling Buffer Overflow
  • Secunia Research (09/14/05)
• Secunia Research: NOD32 Anti-Virus ARJ Archive Handling Buffer Overflow
  • Secunia Research (09/08/05)
• Secunia Research: Opera Mail Client Attachment Spoofing and Script Insertion
  • Secunia Research (09/20/05)
• Secunia Research: PowerArchiver ACE/ARJ Archive Handling Buffer Overflow
  • Secunia Research (09/23/05)
• Secunia Research: SqWebMail Conditional Comments Script Insertion Vulnerability
  • Secunia Research (09/06/05)
• secure client-side platform
  • devnull_at_Rodents.Montreal.QC.CA (09/01/05)
  • Mark Senior (09/01/05)
  • Keith Oxenrider (09/01/05)
  • liudieyu_at_umbrella.name (09/01/05)
• Security Flaw in pam_per_user Module
  • Mark D. Roth (09/12/05)
• SEO borad: SQL injection
  • ghc_at_ghc.ru (09/27/05)
• Serendipity: Account Hijacking / CSRF Vulnerability
  • kreon (09/29/05)
  • enji_at_infosys.tuwien.ac.at (09/29/05)
• Serious Security issue with broken - Microsoft's .Net XML Serialization API
  • darkangel.stt_at_gmail.com (09/14/05)
  • Rohit (09/13/05)
  • Rohit (09/13/05)
• Server crash and motd deletion in MultiTheftAuto 0.5 patch 1
  • Luigi Auriemma (09/25/05)
• silc server and toolkit insecure temporary file creation
  • Eric Romang / ZATAZ.com (09/01/05)
• SQL injection & XSS in phpoutsourcing Noah's classifieds
  • alireza hassani (09/14/05)
• Sql injection in jPortal version 2.3.1 (module download)
  • krasza_at_gmail.com (09/23/05)
• SQL Injection[2] In MyBB PR2
  • stranger-killer_at_hotmail.com (09/07/05)
• SquirrelMail Address Add Plugin XSS
  • Moritz Naumann (09/29/05)
• Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability
  • please_use_support_form_at_ourwebsite.com (09/21/05)
  • h4cky0u_at_gmail.com (09/13/05)
• SUSE Security Announcement: apache2 (SUSE-SA:2005:051)
  • Thomas Biege (09/12/05)
• SUSE Security Announcement: evolution (SUSE-SA:2005:054)
  • Ludwig Nussel (09/16/05)
• SUSE Security Announcement: kernel multiple security problems (SUSE-SA:2005:050)
  • Marcus Meissner (09/01/05)
• SUSE Security Announcement: php4, php5 remote code execution (SUSE-SA:2005:051)
  • Marcus Meissner (09/05/05)
• SUSE Security Announcement: squid (SUSE-SA:2005:053)
  • Thomas Biege (09/16/05)
• SUSE Security Announcement: XFree86-server,xorg-x11-server (SUSE-SA:2005:056)
  • Thomas Biege (09/26/05)
• TSLSA-2005-0047 - multi
  • Trustix Security Advisor (09/09/05)
• TSLSA-2005-0049 - multi
  • Trustix Security Advisor (09/16/05)
• TSLSA-2005-0051 - clamav
  • Trustix Security Advisor (09/23/05)
• TSLSA-2005-0053 - unzip
  • Trustix Security Advisor (09/30/05)
• TWiki Remote Command Execution Vulnerability
  • Sap . (09/14/05)
• UMN gopher[v3.0.9+] multiple(2) client buffer overflows.
  • v9 (09/01/05)
• UNB 1.5.3 cross site scripting
  • retrogod_at_aliceposta.it (09/05/05)
• UnixWare 7.1.4 : LibTIFF < 3.72 malformed data code exec
  • please_reply_to_security_at_sco.com (09/21/05)
• Upcoming Black Hat events announcement
  • Jeff Moss (09/21/05)
• Update: Realchat user impersonation - BSA 200506110001
  • Andreas Beck (09/04/05)
• USB Lock Auto-Protect v1.5 - Local Password Encryption Weakness
  • unsecure_at_writeme.com (09/05/05)
• USN-160-2: Apache vulnerability
  • Martin Pitt (09/07/05)
• util-linux: unintentional grant of privileges by umount
  • David Watson (09/12/05)
• Vulnerability in myBloggie 2.1.3-beta and prior
  • os2a.bto_at_gmail.com (09/05/05)
• Vulnerability In SecureOL VE2 v1.05.1008
  • maxim_at_secureol.com (09/07/05)
• Vulnerability in Symantec Anti Virus Corporate Edition v9.x
  • Colin (09/01/05)
  • James C Slora Jr (09/01/05)
• Vulnerability in Symantec Anti Virus Corporate Edition v9.x]
  • Steven M. Christey (09/02/05)
  • secure_at_symantec.com (08/31/05)
• Web Application Security Analyzer for PHP-Nuke/phpBB CMS
  • Paul Laudanski (09/17/05)
• WebArchiveX - Unsafe Methods Vulnerability
  • Brett Moore (09/07/05)
• Whitepaper - Writing small shellcode
  • Dafydd Stuttard (09/19/05)
• worring about YaST in SuSE 9.3 and maybe lower
  • Marcus Meissner (09/16/05)
  • innate_at_gmx.de (09/16/05)
• XSS Vulnerability in MIVA Merchant 5 - Includes Fix
  • admin_at_hyperconx.com (09/14/05)
• Zebedee DoS Vulnerability
  • Shiraishi.M (09/09/05)
• Zone Labs response to "Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC"
  • Zone Labs Security Team (09/30/05)

Last message date: 09/30/05
Archived on: 09/30/05 CEST

---

358 messages sorted by: [ author ] [ date ] [ thread ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2005-09