SecurityFocus Bugtraq
By Subject

399 messages sorted by: [ author ] [ date ] [ thread ] [ attachment ]

Starting: 10/01/05
Ending: 10/31/05

[ GLSA 200509-20 ] AbiWord: RTF import stack-based buffer overflow
- Thierry Carrez (09/30/05)
[ GLSA 200510-01 ] gtkdiskfree: Insecure temporary file creation
- Thierry Carrez (10/03/05)
[ GLSA 200510-02 ] Berkeley MPEG Tools: Multiple insecure temporary files
- Thierry Carrez (10/03/05)
[ GLSA 200510-03 ] Uim: Privilege escalation vulnerability
- Sune Kloppenborg Jeppesen (10/04/05)
[ GLSA 200510-04 ] Texinfo: Insecure temporary file creation
- Thierry Carrez (10/05/05)
[ GLSA 200510-05 ] Ruby: Security bypass vulnerability
- Sune Kloppenborg Jeppesen (10/06/05)
[ GLSA 200510-06 ] Dia: Arbitrary code execution through SVG import
- Sune Kloppenborg Jeppesen (10/06/05)
[ GLSA 200510-07 ] RealPlayer, Helix Player: Format string vulnerability
- Thierry Carrez (10/07/05)
[ GLSA 200510-08 ] xine-lib: Format string vulnerability
- Sune Kloppenborg Jeppesen (10/08/05)
[ GLSA 200510-09 ] Weex: Format string vulnerability
- Sune Kloppenborg Jeppesen (10/08/05)
[ GLSA 200510-10 ] uw-imap: Remote buffer overflow
- Thierry Carrez (10/11/05)
[ GLSA 200510-11 ] OpenSSL: SSL 2.0 protocol rollback
- Thierry Carrez (10/12/05)
[ GLSA 200510-12 ] KOffice, KWord: RTF import buffer overflow
- Sune Kloppenborg Jeppesen (10/14/05)
[ GLSA 200510-13 ] SPE: Insecure file permissions
- Thierry Carrez (10/15/05)
[ GLSA 200510-14 ] Perl, Qt-UnixODBC, CMake: RUNPATH issues
- Thierry Carrez (10/17/05)
[ GLSA 200510-15 ] Lynx: Buffer overflow in NNTP processing
- Sune Kloppenborg Jeppesen (10/17/05)
[ GLSA 200510-16 ] phpMyAdmin: Local file inclusion vulnerability
- Sune Kloppenborg Jeppesen (10/17/05)
[ GLSA 200510-17 ] AbiWord: New RTF import buffer overflows
- Thierry Carrez (10/20/05)
[ GLSA 200510-18 ] Netpbm: Buffer overflow in pnmtopng
- Thierry Carrez (10/20/05)
[ GLSA 200510-19 ] cURL: NTLM username stack overflow
- Thierry Carrez (10/22/05)
[ GLSA 200510-20 ] Zope: File inclusion through RestructuredText
- Thierry Carrez (10/25/05)
[ GLSA 200510-21 ] phpMyAdmin: Local file inclusion and XSS vulnerabilities
- Thierry Carrez (10/25/05)
[ GLSA 200510-22 ] SELinux PAM: Local password guessing attack
- Thierry Carrez (10/28/05)
[ GLSA 200510-23 ] TikiWiki: XSS vulnerability
- dave canuck (10/28/05)
- Thierry Carrez (10/28/05)
- Thierry Carrez (10/28/05)
[ GLSA 200510-24 ] Mantis: Multiple vulnerabilities
- Thierry Carrez (10/28/05)
[ GLSA 200510-25 ] Ethereal: Multiple vulnerabilities in protocol dissectors
- Sune Kloppenborg Jeppesen (10/30/05)
[ GLSA 200510-26 ] XLI, Xloadimage: Buffer overflow
- Sune Kloppenborg Jeppesen (10/30/05)
[Argeniss] Story of a dumb patch (Paper advisoryabout CSRSS and Windows Explorer vulnerabilities)
- Cesar (10/21/05)
[CIRT.DK] - Novell ZENworks Patch Management Server 6.0.0.52 - SQL injection
- CIRT.DK Advisory (10/27/05)
[Dailydave] Security contact for ...
- security curmudgeon (10/07/05)
[EEYEB20050510] - Microsoft DirectShow Remote Code Vulnerability
- Advisories_at_eeye.com (10/11/05)
[EEYEB20050708] Microsoft Distributed Transaction Coordinator Memory Modification Vulnerability
- Advisories_at_eeye.com (10/11/05)
[EEYEB20050803] - Windows UMPNPMGR wsprintfW Stack Buffer Overflow Vulnerability
- Advisories_at_eeye.com (10/11/05)
[EEYEB20050915] - MDT2DD.DLL COM Object Uninitialized Heap Memory Vulnerability
- Advisories_at_eeye.com (10/11/05)
[Full-disclosure] [USN-208-1] SSH server vulnerability
- Martin Pitt (10/18/05)
[Full-disclosure] Ciscos VPN-Client-Passwords can be decrypted
- Clayton Kossmeyer (10/18/05)
[Full-disclosure] Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service
- Paul Laudanski (10/18/05)
[Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte
- Bipin Gautam (10/28/05)
- Eygene A. Ryabinkin (10/27/05)
- Andrey Bayora (10/27/05)
- Debasis Mohanty (10/25/05)
- Andrey Bayora (10/26/05)
[Full-disclosure] SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability
- SEC Consult Research (10/27/05)
- Florian Weimer (10/27/05)
[Information Disclosure] NetForce v4.02 Sends NIS Password Maps with passwords hashes over sendmail
- bambenek_at_gmail.com (10/01/05)
[KAPDA::#6] Punbb SQL Injection Vulnerability
- alireza hassani (10/19/05)
- arpen_at_home.se (10/18/05)
- advisory_at_kapda.ir (10/14/05)
[KAPDA::#8] Domain Manager Pro Vulnerability
- advisory_at_securityfocus.com (10/22/05)
[KAPDA::#9] Techno Dreams Scripts Vulnerabilities
- advisory_at_kapda.ir (10/26/05)
[KDE Security Advisory] KOffice/KWord RTF import buffer overflow
- Dirk Mueller (10/11/05)
[OpenPKG-SA-2005.022] OpenPKG Security Advisory (openssl)
- OpenPKG (10/17/05)
[SEC-1 Advisory] Collaboration Data Objects Buffer Overflow Vulnerability
- Gary Oleary-Steele (10/12/05)
[SEC-1 Advisory] GFI MailSecurity 8.1 Web Module Buffer Overflow
- Gary Oleary-Steele (10/12/05)
[security bulletin] SSRT051003 rev.1 - HP-UX Java Web Start remote unauthorized privileged access
- security-alert_at_hp.com (10/07/05)
[security bulletin] SSRT051004 rev.1 - HP-UX Java Runtime Environment (JRE) Untrusted Applet Elevates Privilege
- security-alert_at_hp.com (10/06/05)
[security bulletin] SSRT051023 rev.5 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access
- security-alert_at_hp.com (10/04/05)
[security bulletin] SSRT051030 rev.1 - HP OpenView Event Correlation Services (OV ECS) Remote Unauthorized Privileged Access
- security-alert_at_hp.com (10/04/05)
[security bulletin] SSRT051040 rev.0 - HP-UX Mozilla Remote Unauthorized Execution of Privileged Code
- security-alert_at_hp.com (10/04/05)
[security bulletin] SSRT051041 rev.0 - HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS)
- security-alert_at_hp.com (10/04/05)
[security bulletin] SSRT051041 rev.1 - HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS)
- security-alert_at_hp.com (10/13/05)
[security bulletin] SSRT051043 rev.0 - Apache Remote Unauthorized access
- security-alert_at_hp.com (10/07/05)
[security bulletin] SSRT051052 rev.0 - HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE) Remote Privileged Access
- security-alert_at_hp.com (10/19/05)
[security bulletin] SSRT051052 rev.1 - HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE) Remote Privileged Access
- security-alert_at_hp.com (10/21/05)
[security bulletin] SSRT051055 rev.0 - HP Oracle for OpenView (OfO) Critical Patch Update October 2005
- security-alert_at_hp.com (10/24/05)
[security bulletin] SSRT4743, SSRT4884 rev.1 - HP Tru64 UNIX TCP/IP remote Denial of Service (DoS)
- security-alert_at_hp.com (10/06/05)
[security bulletin] SSRT5940 rev.2 - HP-UX Mozilla remote, unauthorized user may execute privileged code
- security-alert_at_hp.com (10/04/05)
[security bulletin] SSRT5975 HP-UX Running on Itanium Platforms Local Denial of Service (DoS)
- Security Alert (10/13/05)
[SECURITY] [DSA 548-2] New imlib packages fix arbitrary code execution
- Martin Schulze (10/26/05)
[SECURITY] [DSA 809-2] New squid packages fix denial of service
- Martin Schulze (09/30/05)
[SECURITY] [DSA 827-1] New backupninja packages fix insecure temporary file
- Michael Stone (09/30/05)
[SECURITY] [DSA 828-1] New squid packages fix denial of service
- Martin Schulze (09/30/05)
[SECURITY] [DSA 829-1] New mysql packages fix arbitrary code execution
- Martin Schulze (09/30/05)
[SECURITY] [DSA 833-1] New mysql-dfsg-4.1 packages fix arbitrary code execution
- Martin Schulze (10/01/05)
[SECURITY] [DSA 833-2] New mysql-dfsg-4.1 package fixes arbitrary code execution
- Martin Schulze (10/04/05)
[SECURITY] [DSA 834-1] New prozilla packages fix arbitrary code execution
- Martin Schulze (10/01/05)
[SECURITY] [DSA 835-1] New cfengine packages fix arbitrary file overwriting
- Martin Schulze (10/01/05)
[SECURITY] [DSA 836-1] New cfengine2 packages fix arbitrary file overwriting
- Martin Schulze (10/01/05)
[SECURITY] [DSA 837-1] New Mozilla Firefox packages fix denial of service
- Martin Schulze (10/02/05)
[SECURITY] [DSA 838-1] New mozilla-firefox packages fox multiple vulnerabilities
- Michael Stone (10/03/05)
[SECURITY] [DSA 839-1] New apachetop packages fix insecure temporary file
- Martin Schulze (10/04/05)
[SECURITY] [DSA 840-1] New drupal packages fix remote command execution
- Martin Schulze (10/04/05)
[SECURITY] [DSA 842-1] New egroupware packages fix arbitrary code execution
- Martin Schulze (10/04/05)
[SECURITY] [DSA 843-1] New arc packages fix insecure temporary files
- Martin Schulze (10/05/05)
[SECURITY] [DSA 844-1] New mod-auth-shadow packages fix authentication bypass
- Martin Schulze (10/05/05)
[SECURITY] [DSA 845-1] New mason packages fix missing init script
- Martin Schulze (10/06/05)
[SECURITY] [DSA 846-1] New cpio packages fix several vulnerabilities
- Martin Schulze (10/07/05)
[SECURITY] [DSA 847-1] New dia packages fix arbitrary code execution
- Martin Schulze (10/08/05)
[SECURITY] [DSA 848-1] New masqmail packages fix several vulnerabilities
- Martin Schulze (10/08/05)
[SECURITY] [DSA 849-1] New shorewall packages fix firewall bypass
- Martin Schulze (10/08/05)
[SECURITY] [DSA 850-1] New tcpdump packages fix denial of service
- Martin Schulze (10/09/05)
[SECURITY] [DSA 851-1] New openvpn packages fix denial of service
- Martin Schulze (10/09/05)
[SECURITY] [DSA 852-1] New up-imapproxy packages fix arbitrary code execution
- Martin Schulze (10/09/05)
[SECURITY] [DSA 853-1] New ethereal packages fix several vulnerabilities
- Martin Schulze (10/09/05)
[SECURITY] [DSA 854-1] New tcpdump packages fix denial of service
- Martin Schulze (10/09/05)
[SECURITY] [DSA 855-1] New weex packages fix arbitrary code execution
- Martin Schulze (10/10/05)
[SECURITY] [DSA 856-1] New py2play packages fix arbitrary code execution
- Martin Schulze (10/10/05)
[SECURITY] [DSA 857-1] New graphviz packages fix insecure temporary file
- Martin Schulze (10/10/05)
[SECURITY] [DSA 858-1] New xloadimage packages fix arbitrary code execution
- Martin Schulze (10/10/05)
[SECURITY] [DSA 859-1] New xli packages fix arbitrary code execution
- Martin Schulze (10/10/05)
[SECURITY] [DSA 860-1] New Ruby packages fix safety bypass
- Martin Schulze (10/11/05)
[SECURITY] [DSA 861-1] New uw-imap packages fix arbitrary code execution
- Martin Schulze (10/11/05)
[SECURITY] [DSA 862-1] New Ruby 1.6 packages fix safety bypass
- Martin Schulze (10/11/05)
[SECURITY] [DSA 863-1] New xine-lib packages fix arbitrary code execution
- Martin Schulze (10/12/05)
[SECURITY] [DSA 864-1] New Ruby 1.8 packages fix safety bypass
- Martin Schulze (10/13/05)
[SECURITY] [DSA 865-1] New hylafax packages fix insecure temporary files
- Martin Schulze (10/13/05)
[SECURITY] [DSA 866-1] New Mozilla packages fix several vulnerabilities
- Martin Schulze (10/20/05)
[SECURITY] [DSA 867-1] New module-assistant package fixes insecure temporary file
- Martin Schulze (10/20/05)
[SECURITY] [DSA 868-1] New Mozilla Thunderbird packages fix several vulnerabilities
- Martin Schulze (10/20/05)
[SECURITY] [DSA 869-1] New eric packages fix arbitrary code execution
- Martin Schulze (10/21/05)
[SECURITY] [DSA 870-1] New sudo packages fix arbitrary command execution
- Martin Schulze (10/25/05)
[SECURITY] [DSA 871-1] New libgda2 packages fix arbitrary code execution
- Martin Schulze (10/25/05)
[SECURITY] [DSA 871-2] New libgda2 packages fix arbitrary code execution
- Martin Schulze (10/25/05)
[SECURITY] [DSA 872-1] New koffice packages fix arbitrary code execution
- Martin Schulze (10/26/05)
[SECURITY] [DSA 873-1] New net-snmp packages fix denial of service
- Martin Schulze (10/26/05)
[SECURITY] [DSA 874-1] New lynx packages fix arbitrary code execution
- Martin Schulze (10/27/05)
[SECURITY] [DSA 875-1] New OpenSSL packages fix cryptographic weakness
- Martin Schulze (10/27/05)
[SECURITY] [DSA 876-1] New lynx-ssl packages fix arbitrary code execution
- Martin Schulze (10/27/05)
[SECURITY] [DSA 877-1] New gnump3d packages fix several vulnerabilities
- Martin Schulze (10/28/05)
[SECURITY] [DSA 878-1] New netpbm-free packages fix arbitrary code execution
- Martin Schulze (10/28/05)
[SECURITYREASON.COM] phpMyAdmin Local file inclusion 2.6.4-pl1
- Andreas Zeidler (10/12/05)
- max_at_jestsuper.pl (10/10/05)
[SNS Advisory No.84] Oracle Application Server HTTP Response Splitting Vulnerability
- snsadv (10/21/05)
[SNS Advisory No.85] XOOPS Multiple Cross-site Scripting Vulnerabilities
- snsadv (10/25/05)
[USN-151-3] zlib vulnerabilities
- Martin Pitt (10/29/05)
[USN-155-3] Fixed mozilla locale packages
- Martin Pitt (10/04/05)
[USN-193-1] dia vulnerability
- Martin Pitt (10/04/05)
[USN-194-1] texinfo vulnerability
- Martin Pitt (10/06/05)
[USN-195-1] Ruby vulnerability
- Martin Pitt (10/10/05)
[USN-196-1] Xine library vulnerability
- Martin Pitt (10/10/05)
[USN-197-1] Shorewall vulnerability
- Martin Pitt (10/10/05)
[USN-198-1] cfengine vulnerabilities
- Martin Pitt (10/10/05)
[USN-199-1] Linux kernel vulnerabilities
- Martin Pitt (10/10/05)
[USN-200-1] Thunderbird vulnerabilities
- Martin Pitt (10/11/05)
[USN-201-1] SqWebmail vulnerabilities
- Martin Pitt (10/11/05)
[USN-202-1] KOffice vulnerability
- Martin Pitt (10/12/05)
[USN-203-1] Abiword vulnerabilities
- Martin Pitt (10/13/05)
[USN-204-1] SSL library vulnerability
- Martin Pitt (10/14/05)
[USN-205-1] Curl and wget vulnerabilities
- Martin Pitt (10/14/05)
[USN-206-1] Lynx vulnerability
- Martin Pitt (10/17/05)
[USN-206-2] Fixed lynx packages for USN-206-1
- Martin Pitt (10/29/05)
[USN-207-1] PHP vulnerability
- Martin Pitt (10/17/05)
[USN-208-1] graphviz vulnerability
- Martin Pitt (10/17/05)
[USN-208-1] SSH server vulnerability
- Martin Pitt (10/17/05)
[USN-210-1] netpbm vulnerability
- Martin Pitt (10/18/05)
[USN-211-1] Enigmail vulnerability
- Martin Pitt (10/20/05)
[USN-212-1] libgda2 vulnerability
- Martin Pitt (10/28/05)
[USN-213-1] sudo vulnerability
- Martin Pitt (10/28/05)
A common researcher diagnosis error: misreading error messages
- Steven M. Christey (10/04/05)
Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability
- Stefan Esser (10/22/05)
Advisory 17/2005: phpBB Multiple Vulnerabilities
- Stefan Esser (10/31/05)
Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo()
- Stefan Esser (10/31/05)
Advisory 19/2005: PHP register_globals Activation Vulnerability in parse_str()
- Stefan Esser (10/31/05)
Advisory 20/2005: PHP File-Upload $GLOBALS Overwrite Vulnerability
- Stefan Esser (10/31/05)
Advisory: WZCS vulnerabilities
- Brian J. Bartlett (10/05/05)
- donctl (10/04/05)
Aenovo Multiple Vulnerabilities
- advisory_at_kapda.ir (10/07/05)
Aenovo Multiple Vulnerabilities (Patch)
- ali202_at_fastermail.com (10/16/05)
Airscanner Mobile Security Advisory #05101001: iTunes Shared Music Denial of Service/Spoofing/Flooding/Abuse
- Seth Fogie (10/14/05)
Announcement : Core Banking Application Security List
- Lila Buchalski (10/05/05)
Announcement: The Web Application Firewall Evaluation Criteria v1
- contact_at_webappsec.org (10/10/05)
Antivirus detection bypass by special crafted archive.
- Williams, James K (10/14/05)
- unsecure_at_writeme.com (10/07/05)
aRCHILLES Newsworld < 1.5.0-rc1 Multiple Vulnerabilities
- chburchert_at_web.de (10/21/05)
aspReady FAQ - open for SQL-injections
- preben_at_watchcom.no (10/06/05)
BID #14752 update
- Josh Zlatin-Amishav (09/30/05)
cacam_logsecurity_win32 exploit published on 20051018 by Metasploit
- Williams, James K (10/19/05)
CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability
- Williams, James K (10/20/05)
- Williams, James K (10/14/05)
Call for Papers - DIMVA 2006
- Thomas Biege (10/04/05)
Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides
- Stefano Zanero (10/03/05)
- Neil Dickey (10/04/05)
- dave kleiman (10/03/05)
- L. Adrian Griffis (10/03/05)
- Jason Coombs (10/01/05)
- Lachniet, Mark (10/02/05)
Cisco Security Advisory:Cisco 11500 Content Services Switch SSL Malformed Client Certificate Vulnerability
- Cisco Systems Product Security Incident Response Team (10/19/05)
Ciscos VPN-Client-Passwords can be decrypted
- Thierry Zoller (10/16/05)
CodeCon 2006 Call For Papers
- Len Sassaman (10/11/05)
Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB
- ak_at_red-database-security.com (10/07/05)
Cross-Site-Scripting Vulnerability in Oracle iSQL*Plus
- ak_at_red-database-security.com (10/07/05)
Cross-Site-Scripting Vulnerability in Oracle XMLDB
- ak_at_red-database-security.com (10/07/05)
Cyphor 0.19 SQL Injection / Board takeover / cross site scripting
- retrogod_at_aliceposta.it (10/08/05)
DboardGear - uncorrect import themes (SQL-inject)
- poizon_at_securityinfo.ru (10/25/05)
DBoardGear SQL Injection
- almaster_at_hotmail.com (10/24/05)
DCP - portal XSS & SQL attacks
- alex_at_aleksanet.com (10/24/05)
e107 remote commands execution
- retrogod_at_aliceposta.it (10/18/05)
Exploiting Windows Device Drivers Whitepaper
- Piotr Bania (10/16/05)
F.E.A.R. 1.01 likes lithsock
- Luigi Auriemma (10/21/05)
fetchmail security announcement 2005-02 (CVE-2005-3088)
- ma+nomail_at_dt.e-technik.uni-dortmund.de (10/27/05)
File Including In FLAT NUKE
- abducter_minds_at_yahoo.com (10/22/05)
File Including In PBLang
- abducter_minds_at_yahoo.com (10/27/05)
Flat Nuke Cross Site Scripting
- alex_at_aleksanet.com (10/24/05)
flexbackup default config insecure temporary file creation
- ZATAZ Audits (10/17/05)
FreeBSD Security Advisory FreeBSD-SA-05:21.openssl
- FreeBSD Security Advisories (10/11/05)
Gallery 2.x Remote File Access Vulnerability
- Bharat Mediratta (10/14/05)
gnome-pty-helper writes arbitrary utmp records
- Paul Szabo (10/07/05)
Google Talk cleartext proxy credentials vulnerability
- 3APA3A (10/15/05)
- m123303_at_richmond.ac.uk (10/14/05)
High Risk Vulnerability in Sun Directory Server
- NGSSoftware Insight Security Research (10/06/05)
iDEFENSE Security Advisory 10.04.05: Symantec AntiVirus Scan Engine Web Service Buffer Overflow Vulnerability
- iDEFENSE Labs (10/05/05)
- iDEFENSE Labs (10/05/05)
iDEFENSE Security Advisory 10.04.05: UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability
- iDEFENSE Labs (10/04/05)
iDEFENSE Security Advisory 10.10.05: Kaspersky Anti-Virus Engine CHM File Parser Buffer Overflow Vulnerability
- iDEFENSE Labs (10/10/05)
iDEFENSE Security Advisory 10.10.05: SGI IRIX runpriv Design Error Vulnerability
- iDEFENSE Labs (10/10/05)
iDEFENSE Security Advisory 10.11.05: Microsoft Distributed Transaction Controller Packet Relay DoS Vulnerability
- iDEFENSE Labs (10/11/05)
iDEFENSE Security Advisory 10.11.05: Microsoft Distributed Transaction Controller TIP DoS Vulnerability
- iDEFENSE Labs (10/11/05)
iDEFENSE Security Advisory 10.13.05: Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability
- iDEFENSE Labs (10/13/05)
iDEFENSE Security Advisory 10.13.05: Multiple Vendor XMail 'sendmail' Recipient Buffer Overflow Vulnerability
- iDEFENSE Labs (10/13/05)
iDEFENSE Security Advisory 10.20.05: Multiple Vendor Ethereal srvloc Buffer Overflow Vulnerability
- iDEFENSE Labs (10/20/05)
iDEFENSE Security Advisory 10.20.05: Symantec Norton AntiVirus DiskMountNotify Local Privilege Escalation
- iDEFENSE Labs (10/20/05)
iDEFENSE Security Advisory 10.20.05: Symantec Norton AntiVirus LiveUpdate Local Privilege Escalation
- iDEFENSE Labs (10/20/05)
iDEFENSE Security Advisory 10.24.05: SCO Openserver authsh 'Home' Buffer Overflow Vulnerability
- iDEFENSE Labs (10/25/05)
iDEFENSE Security Advisory 10.24.05: SCO Openserver backupsh 'Home' Buffer Overflow Vulnerability
- iDEFENSE Labs (10/25/05)
iDEFENSE Security Advisory 10.24.05: SCO Unixware Setuid ppp prompt Buffer Overflow Vulnerability
- iDEFENSE Labs (10/25/05)
iDefense Security Advisory 10.28.05: Multiple Vendor chmlib CHM File Handling Buffer Overflow Vulnerability
- iDEFENSE Labs (10/28/05)
ie7 will have more mechanisms
- liudieyu_at_umbrella.name (10/17/05)
IIS 5.1 allows for remote viewing of source code on FAT/FAT32 volumes using WebDAV
- inge.henriksen_at_booleansoft.com (09/30/05)
Insecure Temporary Files in BMC/Control-M Agent
- Scott Cromar (10/22/05)
Kaspersky Antivirus Remote Heap Overflow
- list_at_rem0te.com (10/03/05)
Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service
- Piotr Bania (10/13/05)
Linksys WRT54G/S Directory Traversal
- Shell (10/19/05)
Linux Orinoco drivers information leakage
- Meder Kydyraliev (10/12/05)
Looking for a security contact at Macrovision/InstallShield
- Richard M. Smith (10/26/05)
Looking for security contacts at Sony and Lenovo (FKA IBM)
- Richard M. Smith (10/25/05)
MailEnable W3C Logging Remote Buffer Overflow Proof of Concept
- advisory_at_wirecom.org (10/07/05)
MDKSA-2005:171 - Updated kernel packages fix multiple vulnerabilities
- Mandriva Security Team (10/03/05)
MDKSA-2005:172 - Updated openssh packages fix GSSAPI credentials vulnerability
- Mandriva Security Team (10/07/05)
MDKSA-2005:173 - Updated mozilla-firefox packages fix vulnerabilities
- Mandriva Security Team (10/07/05)
MDKSA-2005:174 - Updated mozilla-thunderbird packages fix multiple vulnerabilities
- Mandriva Security Team (10/07/05)
MDKSA-2005:175 - Updated texinfo packages fix temporary file vulnerability
- Mandriva Security Team (10/07/05)
MDKSA-2005:176 - Updated webmin package fixes authentication bypass vulnerability
- Mandriva Security Team (10/07/05)
MDKSA-2005:177 - Updated hylafax packages fix temporary file vulnerability
- Mandriva Security Team (10/08/05)
MDKSA-2005:178 - Updated squirrelmail packages fixes XSS vulberability
- Mandriva Security Team (10/12/05)
MDKSA-2005:179 - Updated openssl packages fix vulnerabilities
- Mandriva Security Team (10/12/05)
MDKSA-2005:180 - Updated xine-lib packages fixes cddb vulnerability
- Mandriva Security Team (10/12/05)
MDKSA-2005:181 - Updated squid packages fix vulnerabilities
- Mandriva Security Team (10/12/05)
MDKSA-2005:182 - Updated curl packages fix NTLM authentication vulnerability
- Mandriva Security Team (10/14/05)
MDKSA-2005:183 - Updated wget packages fix NTLM authentication vulnerability
- Mandriva Security Team (10/14/05)
MDKSA-2005:184 - Updated cfengine packages fix temporary file vulnerabilities
- Mandriva Security Team (10/14/05)
MDKSA-2005:185 - Updated koffice packages fix KWord RTF import overflow vulnerability
- Mandriva Security Team (10/14/05)
MDKSA-2005:186 - Updated lynx packages fix remote buffer overflow
- Mandriva Security Team (10/18/05)
MDKSA-2005:186-1 - Updated lynx packages fix remote buffer overflow
- Mandriva Security Team (10/26/05)
MDKSA-2005:187 - Updated dia packages fix python SVG import vulnerability.
- Mandriva Security Team (10/21/05)
MDKSA-2005:188 - Updated graphviz packages fix temporary file vulnerability.
- Mandriva Security Team (10/21/05)
MDKSA-2005:189 - Updated imap packages fix buffer overflow vulnerabilities.
- Mandriva Security Team (10/21/05)
MDKSA-2005:190 - Updated nss_ldap/pam_ldap packages fix privilege vulnerabilities.
- Mandriva Security Team (10/21/05)
MDKSA-2005:191 - Updated ruby packages fix safe level and taint flag protections vulnerability
- Mandriva Security Team (10/21/05)
MDKSA-2005:192 - Updated xli packages fix buffer overflow vulnerabilities.
- Mandriva Security Team (10/21/05)
MDKSA-2005:193 - Updated ethereal packages fix multiple vulnerabilities
- Mandriva Security Team (10/26/05)
MDKSA-2005:193-1 - Updated ethereal packages fix multiple vulnerabilities
- Mandriva Security Team (10/26/05)
MDKSA-2005:194 - Updated php-imap packages fix buffer overflow vulnerabilities.
- Mandriva Security Team (10/26/05)
MDKSA-2005:195 - Updated squid packages fix vulnerabilities
- Mandriva Security Team (10/26/05)
MDKSA-2005:196 - Updated perl-Compress-Zlib packages fix vulnerabilities
- Mandriva Security Team (10/26/05)
MDKSA-2005:197 - Updated unzip packages fix suid, permissions vulnerabilities.
- Mandriva Security Team (10/26/05)
MDKSA-2005:198 - Updated uim packages fix suid linking vulnerabilities.
- Mandriva Security Team (10/26/05)
MDKSA-2005:199 - Updated netpbm packages fix pnmtopng vulnerabilities
- Mandriva Security Team (10/26/05)
MDKSA-2005:200 - Updated apache-mod_auth_shadow packages fix security restriction bypass issues.
- Mandriva Security Team (10/27/05)
MDKSA-2005:201 - Updated sudo packages fix vulnerability
- Mandriva Security Team (10/27/05)
Metasploit Framework v2.5
- H D Moore (10/19/05)
Mirabilis ICQ 2003a Buffer Overflow Download Shellcoded Exploit
- atmaca_at_icqmail.com (10/29/05)
Mozilla Thunderbird SMTP down-negotiation weakness
- Jason Haar (10/26/05)
- Bob Beck (10/26/05)
- Tony Finch (10/26/05)
- Jason Haar (10/26/05)
- Thomas Henlich (10/25/05)
Multiple Critical and High Vulnerabilities in Oracle Database Server
- NGSSoftware Insight Security Research (10/19/05)
Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through
- Andrey Bayora (10/28/05)
- mgotts_at_2roads.com (10/28/05)
- Dave English (10/27/05)
- Andreas Marx (10/26/05)
- Andrey Bayora (10/26/05)
- Andrey Bayora (10/25/05)
Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through forged magic byte
- Williams, James K (10/27/05)
Multiple vulnerabilities within RockLiffe MailSite Express WebMail
- Paul Craig (10/28/05)
mwcollect v3.0.0 Release
- Georg Wicherski (10/30/05)
MyBloggie 2.1.3beta null char + SQL Injection -> Login Bypass
- retrogod_at_aliceposta.it (10/01/05)
NetFlow Analyzer 4 XSS Vulnerability
- why_at_nsfocus.com (10/18/05)
Network Appliance iSCSI Authentication Bypass
- steve.shockley_at_shockley.net (10/28/05)
- Steve Shockley (10/28/05)
- advisories_at_matasano.com (10/25/05)
New List
- David Ahmad (10/31/05)
Nuked klan 1.7: Bypassed level admin on forum(corrected)
- papipsycho_at_hotmail.com (10/24/05)
Nuked klan 1.7: Remote Exploit
- papipsycho_at_hotmail.com (10/24/05)
Nuked klan 1.7: SQL vulnerability
- papipsycho_at_hotmail.com (10/22/05)
Nuked klan 1.7: XSS vulnerability
- papipsycho_at_hotmail.com (10/21/05)
Online Dating Software by AEwebworks - aeDating Script <= 4.0 Version Vulnerability
- security_at_aewebworks.com (10/02/05)
OpenServer 5.0.7 : authsh and backupsh buffer overflow
- please_reply_to_security_at_sco.com (10/21/05)
OpenVPN[v2.0.x]: foreign_option() formart string vulnerability.
- v9 (10/31/05)
Opinion: Complete failure of Oracle security response and utter neglect of t
- Silent / Saracoth (10/10/05)
Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers
- Kurt Seifried (10/08/05)
- Tony Jambu (10/08/05)
- Radoslav Dejanovi� (10/07/05)
- Ivan . (10/07/05)
- ak_at_red-database-security.com (10/07/05)
- David Litchfield (10/07/05)
- Gadi Evron (10/07/05)
- David Litchfield (10/07/05)
- Gadi Evron (10/07/05)
- Rainer Duffner (10/06/05)
- Cesar (10/06/05)
- David Litchfield (10/06/05)
- Rainer Duffner (10/06/05)
- David Litchfield (01/06/05)
Oracle 10g - emagent.exe Stack-Based Overflow
- SPI Labs (10/20/05)
Oracle Workflow CSS Vulnerability wf_monitor
- ak_at_red-database-security.com (10/20/05)
Oracle Workflow CSS Vulnerability wf_route
- ak_at_red-database-security.com (10/20/05)
PAKCON II: Call for Paper (CfP), Final Call!
- Ayaz Ahmed Khan (10/05/05)
Patches available for critical flaws in HP Openview
- NGSSoftware Insight Security Research (10/05/05)
php < 4.4.1 htaccess apache dos
- Eric Romang / ZATAZ.com (10/24/05)
PHP iCalendar CSS
- ascii (10/25/05)
PHP local safedir restriction bypass
- slythers_at_gmail.com (10/17/05)
PHP-Nuke Cross-Site Scripting Vulnerability
- bhfh01_at_gmail.com (10/25/05)
phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.
- Nicob (10/27/05)
- Tatercrispies (10/27/05)
- Paul Laudanski (10/25/05)
- Paul Laudanski (10/25/05)
- alphakgen_at_gmail.com (10/22/05)
PhpNuke 7.8 with all security fixes/patches "Your_Account", "Downloads", "Web Links" SQL Injection / Remote commans execution
- retrogod_at_aliceposta.it (10/24/05)
Plaintext Password Vulnerabilitiy during Installation of Oracle HTMLDB
- ak_at_red-database-security.com (10/07/05)
Planet Technology Corp FGSW2402RS switch default password / "backdoor"
- lms_at_fe.up.pt (10/06/05)
Possible Bug in PHP-Fusion 6.0.204
- Paul (10/25/05)
- peanut_at_black-rat.no-ip.com (10/24/05)
PullThePlug Contest: Call For Papers
- announcements_at_pulltheplug.org (10/10/05)
Remote File Inclusion in forum PunBB
- arpen_at_securityfocus.com (10/29/05)
- rod hedor (10/24/05)
Remote File Inclusion in vCard :)
- X_at_securityfocus.com, (10/26/05)
Remote MySQL User on Cpanel Default installation with blank password
- sup3r_linux_at_hotmail.com (10/25/05)
Require many large corporate emails for contact regarding vulnerability.
- dcrab_at_hackerscenter.com (10/17/05)
Research for network security news article
- lgreenem_at_cmp.com (10/12/05)
Revised draft on ICMP attacks
- Fernando Gont (10/24/05)
Revision: Multiple Critical and High Vulnerabilities in Oracle Database Server
- David Litchfield (10/19/05)
RTasarim WebAdmin modul SQL injection
- khc_at_bsdmail.org (10/14/05)
SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability
- Bernhard Mueller (10/25/05)
SEC-Consult SA 20051025-1 :: RSA ACE Web Agent XSS
- Bernhard Mueller (10/25/05)
SEC-CONSULT-SA-20051021-0: Yahoo/MSIE XSS
- Bernhard Mueller (10/21/05)
Secunia Research: AhnLab V3 Antivirus ALZ/UUE/XXE Archive Handling Buffer Overflow
- Secunia Research (10/13/05)
Secunia Research: ALZip Multiple Archive Handling Buffer Overflow
- Secunia Research (10/05/05)
Secunia Research: ATutor Multiple Vulnerabilities
- Secunia Research (10/27/05)
Secunia Research: Mantis "t_core_path" File Inclusion Vulnerability
- Secunia Research (10/26/05)
Secunia Research: MySource Cross-Site Scripting and File Inclusion Vulnerabilities
- Secunia Research (10/18/05)
Secunia Research: Novell NetMail NMAP Agent "USER" Buffer Overflow Vulnerability
- Secunia Research (10/12/05)
Secunia Research: PHP-Fusion Two SQL Injection Vulnerabilities
- Secunia Research (10/06/05)
Secunia Research: Webroot Desktop Firewall Two Vulnerabilities
- Secunia Research (10/06/05)
Secunia Research: WinRAR Format String and Buffer Overflow Vulnerabilities
- Secunia Research (10/11/05)
Secunia Research: ZipGenius Multiple Archive Handling Buffer Overflow
- Secunia Research (10/21/05)
SECURECon 2006 Call for papers!
- Will Belcher (10/18/05)
Security Advisory for Bugzilla 2.18.3, 2.20rc2, and 2.21
- mkanat_at_bugzilla.org (10/01/05)
Security Contacr for Mycall
- Fixer (10/14/05)
Security contact for ...
- Williams, James K (10/06/05)
SecurityAlert SA025 : PHPNuke Remote Directory Traversal
- sp3x_at_securityreason.com (10/19/05)
Shutdown TNS Listener via Oracle Forms Servlet
- ak_at_red-database-security.com (10/07/05)
Shutdown TNS Listener via Oracle iSQL*Plus
- ak_at_red-database-security.com (10/07/05)
Skype security advisory
- Q_EADS_CCR_DCR/STI/C?= (10/25/05)
Some new whitepapers ...
- Jerome Athias (10/06/05)
- Lila Buchalski (10/05/05)
- David Litchfield (10/05/05)
SparkleBlog Journal.php HTML Injection Vulnerability =>v2.1 (all versions vulnerable)
- sikikmail_at_gmail.com (10/25/05)
SQL IN FORUM.PHP
- ABDUCTER_MINDS_at_YAHOO.COM (10/30/05)
SQL In Invision Gallery 2.0.3
- almaster_at_hotmail.com (10/30/05)
SQL saphp Lesson
- almaster_at_hotmail.com (10/24/05)
SQL-Injection in MyBulletinBoard allows attacker to become a board admin.
- Animal (10/26/05)
SUSE Security Announcement: openSSL protocol downgrade attack (SUSE-SA:2005:061)
- Marcus Meissner (10/19/05)
SUSE Security Announcement: OpenWBEM (SUSE-SA:2005:060)
- Sebastian Krahmer (10/17/05)
SUSE Security Announcement: permissions (SUSE-SA:2005:062)
- Ludwig Nussel (10/24/05)
The Malloc Maleficarum
- Phantasmal Phantasmagoria (10/11/05)
Trend Micro's Response to the Magic Byte Bug
- Auri Rahimzadeh (10/29/05)
Trillian remote crashable
- philipp_at_kolmann.at (10/03/05)
Trusted Digital, Trusted Mobility Suite Authorization Bypass Vulnerability
- none_at_securityfocus.com (10/14/05)
TSLSA-2005-0059 - multi
- Trustix Security Advisor (10/24/05)
UnixWare 7.1.4 UnixWare 7.1.3 : ppp buffer overflow
- please_reply_to_security_at_sco.com (10/21/05)
Update for the magic byte bug
- Andrey Bayora (10/26/05)
UPDATE: [ GLSA 200509-11 ] Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities
- Thierry Carrez (09/30/05)
uplod phpshell in PHP Advanced Transfer Manager
- D_BuG (10/30/05)
- sQl_at_hotmail.com (10/29/05)
using php local file include vulnerabilities for command execution
- Andreas Zeidler (10/11/05)
- Andreas Zeidler (10/11/05)
Utopia News Pro 1.1.3 SQL Injection / cross site scripting
- retrogod_at_aliceposta.it (10/07/05)
VERITAS NetBackup: Java User-Interface, format string vulnerability
- secure_at_symantec.com (10/12/05)
versatileBulletinBoard V1.0.0 RC2 (possibly prior versions) multiple SQL injection vulnerabilities / login bypass / board takeover
- rgod_at_aliceposta.it (10/11/05)
VoIP-Phones: Weakness in proccessing SIP-Notify-Messages
- Tobias Glemser (10/12/05)
Vulnerabilities in Oracle E-Business Suite 11i - Critical Patch Update October 2005
- Integrigy Security (10/19/05)
Vulnerability in MG2 php based Image Gallery - bypass security, view password protected images
- preben_at_watchcom.no (10/29/05)
WASC Threat Classification in 4 languages
- contact_at_webappsec.org (10/05/05)
Windows host based firewall tester
- Morten Torstensen (10/19/05)
- Tim (10/18/05)
Windows UMPNPMGR wsprintfW Stack Buffer Overflow Vulnerability PoC
- ppwd25_at_hotmail.com (10/21/05)
winrar 3.50 Exploit
- edward11_at_postmaster.co.uk (10/15/05)
Woltlab Burning Board info_db.php multiple SQL injection
- admin_at_batznet.com (10/26/05)
xloadimage buffer overflow.
- Ariel Berkman (10/05/05)
XSS & Path Disclosure in Chipmunk's products
- alireza hassani (10/20/05)
XSS vulnerability in Zeroblog
- alireza hassani (10/11/05)
Yahoo RSS XSS Vulnerability
- alljer_at_gmail.com (10/17/05)
Yahoo RSS XSS Vulnerability (Correction)
- alljer_at_gmail.com (10/17/05)
Yapig: XSS / Code Injection Vulnerability
- enji_at_infosys.tuwien.ac.at (10/13/05)
ZDI-05-001: VERITAS NetBackup Remote Code Execution
- zdi-disclosures_at_3com.com (10/12/05)
Zomplog Script Injection Vulnerability =>3.4 (all versions vulnerable)
- sikikmail_at_gmail.com (10/22/05)

Last message date: 10/31/05
Archived on: 10/31/05 CET

399 messages sorted by: [ author ] [ date ] [ thread ] [ attachment ]

SecurityFocus BugtraqBy Subject

SecurityFocus Bugtraq
By Subject