Bugtraq

Date Index

MyBB 1.0 SQL injection in uploading file, addmimistrator
MyBB XSS cross-site scripting, addmimistrator
[KAPDA::#18] - WebWiz Products SQL Injection, advisory
WMF browser-ish exploit vectors, Evans, Arian
Yahoo mail Cross Site Scripting vulnerability, simo
WTF??, veil_of_darkness
Advisory 26/2005: TinyMCE Compressor Vulnerabilities, Stefan Esser
Secunia Research: TUGZip ARJ Archive Handling Buffer Overflow Vulnerability, Secunia Research
phpbb2.0.19 fixes security issues, Paul Laudanski
rssh: root privilege escalation flaw, Derek Martin
[ GLSA 200512-17 ] scponly: Multiple privilege escalation issues, Thierry Carrez
Black Hat Federal and Europe Call for Papers, Jeff Moss
Airscanner Mobile Security Advisory #05083102 Spb Kiosk Engine Program Bypass, contact . removethis
[SECURITY] [DSA 927-2] New tkdiff packages fix insecure temporary file creation, Martin Schulze
PhpDocumentor <= 1.3.0 rc4 Arbitrary remote/local inclusion, retrogod
CFP - IT Underground 2006, Prague, Czech Republic, Piotr Sobolewski
dtSearch DUNZIP32.dll Buffer Overflow Vulnerability, Juha-Matti Laurio
WMF Exploit, davidribyrne
- <Possible follow-ups>
- WMF Exploit, davidribyrne
- RE: WMF Exploit, Hayes, Bill
  - RE: WMF Exploit, Bill Busby
    - Re: WMF Exploit, Paul Laudanski
- WMF exploit, ninjapicook
- RE: WMF Exploit, Derick Anderson
[ GLSA 200512-15 ] rssh: Privilege escalation, Stefan Cornelius
Found new bug, hackeriri
Obsidis n1 released!, angelo
Secunia Research: IceWarp Web Mail Multiple File Inclusion Vulnerabilities, Secunia Research
[SECURITY] [DSA 928-1] New dhis-tools-dns packages fix insecure temporary file creation, Martin Schulze
[ GLSA 200512-16 ] OpenMotif, AMD64 x86 emulation X libraries: Buffer overflows in libUil library, Thierry Carrez
[ GLSA 200512-13 ] Dropbear: Privilege escalation, Stefan Cornelius
RE: [Full-disclosure] Someone wasted a nice bug on spyware..., Paul
- RE: [Full-disclosure] Someone wasted a nice bug on spyware..., Jim Serino
[BUGZILLA] Security advisory for Bugzilla < 2.16.11, David Miller
Exploitation of Windows WMF on the web, Daniel Bonekeeper
- <Possible follow-ups>
- Re: Exploitation of Windows WMF on the web, psgw
MDKSA-2005:238 - Updated php/php-mbstring packages fix mail injection vulnerability, Mandriva Security Team
Malware sample site, mvalsmith
Is this a new exploit?, noemailpls
- Re: Is this a new exploit?, H D Moore
- <Possible follow-ups>
- Re: Is this a new exploit?, redxii1234
- Re: Is this a new exploit?, Andreas Marx
- RE: Is this a new exploit?, Portz, Jon
[SECURITY] [DSA 927-1] New tkdiff packages fix insecure temporary file creation, Martin Schulze
Cerberus Helpdesk multiple vulnerabilities., A. Ramos
[BuHa-Security] DoS Vulnerability in M$ IE 6 SP2 #3, bugtraq
[BuHa-Security] DoS Vulnerability in M$ IE 6 SP2 #2, bugtraq
[BuHa-Security] DoS Vulnerability in M$ IE 6 SP2 #1, bugtraq
Airscanner Mobile Security Advisory #0508310 Spb Kiosk Engine Administrator Password & Information Disclosure, contact . removethis
Dev web management system <= 1.5 SQL injection / cross site scripting, retrogod
MDKSA-2005:237 - Updated cpio packages fix buffer overflow on x86_64, Mandriva Security Team
MDKSA-2005:236 - Updated fetchmail packages fix vulnerability, Mandriva Security Team
Electric Sheep window-id stack overflow, MichaelAiello
Multiple Network-related Vulnerabilities in Electric Sheep, MichaelAiello
[SECURITY] [DSA 926-2] New ketm packages fix privilege escalation, Martin Schulze
[TKADV2005-12-001] Multiple SQL Injection vulnerabilities in MyBB, tk
[ GLSA 200512-12 ] Mantis: Multiple vulnerabilities, Stefan Cornelius
XSS&Sql injection attack in PHP-Fusion 6.00.3 Released, krasza
Webwasher CSM Appliance Script Security Restriction Bypass, d0t v0rt3x
- <Possible follow-ups>
- RE: Webwasher CSM Appliance Script Security Restriction Bypass, Frank Berzau
[USN-231-1] Linux kernel vulnerabilities, Martin Pitt
iDefense Security Advisory 12.22.05: Linux Kernel Socket Buffer Memory Exhaustion DoS Vulnerability, labs-no-reply@xxxxxxxxxxxx
Privilege escalation in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5), Reed Arvin
CYBSEC - Security Advisory: httprint Multiple Vulnerabilities, Mariano Nuñez Di Croce
[SECURITY] [DSA 925-1] New phpbb2 packages fix several vulnerabilities, Martin Schulze
fetchmail security announcement fetchmail-SA-2005-03 (CVE-2005-4348), ma+bt
MDKSA-2005:235 - Updated kernel packages fix numerous vulnerabilities, Mandriva Security Team
Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability, ovt
- Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability, 3APA3A
XSS vulnerabilities in Google.com, Watchfire Research
iDefense Security Advisory 12.21.05: Macromedia JRun 4 Web Server URL Parsing Buffer Overflow Vulnerability, labs-no-reply@xxxxxxxxxxxx
VMware vulnerability in NAT networking, vmware-security-alert
WinRAR - Processing Filename Incorrectly Vulnerability, agoanywhere
Cisco Security Response: DoS in Cisco Clean Access, Clayton Kossmeyer
[SECURITY] [DSA 924-1] New nbd packages fix potential arbitrary code execution, Martin Schulze
Re: XSS bypass in PHPNuke - FIX ?, Paul Laudanski
Vulnerability in Metadot portal server allows users to gain administrative privileges, Gerry Chng
mIRC buffer overflow, Crowdat Kurobudetsu
[Security-Advisories@acs-inc.com: [Full-disclosure] [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 <= build-18007 G SX Server Variants And Others], Andrew Griffiths
security patch for Linux Kernel 2.6, breno
[KAPDA::#17] - beehiveforum Script Injection, alireza hassani
Tolva PHP website system Remote File Include, beford
Workshop "Dependability Aspects in DWH and Mining applications"Deadline:15-01-06, Manh Tho
[ECHO_ADV_24$2005] Full path disclosure on WordPress < 1.5.2, the_day
- <Possible follow-ups>
- [ECHO_ADV_24$2005] Full path disclosure on WordPress < 1.5.2, the_day@xxxxxxxxxx
Call for Paper - VI National Computer and Information Security Conference - COLOMBIA, Jeimy José Cano Martínez
[Hat-Squad] Remote Heap Corruption Vulnerability in Interaction SIP Proxy, service
MDKSA-2005:234 - Updated sudo packages fix vulnerability, Mandriva Security Team
IRM 012: Portfolio Netpublish Server 7 is vulnerable to a Directory Traversal Attack, Advisories
IRM 013: Ultraapps Issue Manager is vulnerable to Privilege Escalation, Advisories
IRM 014: Sygate Protection Agent 5.0 vulnerability - A low privileged user can disable the security agent, Advisories
Secunia Research: Pegasus Mail Buffer Overflow and Off-by-One Vulnerabilities, Secunia Research
[Overflow.pl] Blender BlenLoader Integer Overflow, Damian Put
PHPGedView <= 3.3.7 remote code execution, retrogod
Acidcat ASP CMS Multiple Vulnerabilities, h e
Re: Unauthenticated EIGRP DoS, Paul Oxman (poxman)
Digital Armaments Security Advisory 12.20.2005: WEBsweeper/MIMEsweeper Executable File Content Check bypass Vulnerability, info
[ GLSA 200512-11 ] CenterICQ: Multiple vulnerabilities, Thierry Carrez
[security bulletin] SSRT5983 rev.1 - HP-UX Running Software Distributor (SD) Remote Unauthorized Access, security-alert
iDefense Security Advisory 12.20.05: McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite, labs-no-reply@xxxxxxxxxxxx
Enterprise Connector v.1.02 Multiple SQL Vulnerabilities and Login Bypass, darkz . gsa
iDefense Security Advisory 12.20.05: Qualcomm WorldMail IMAP Server String Literal Processing Overflow Vulnerability, labs-no-reply@xxxxxxxxxxxx
Symantec Antivirus Library Remote Heap Overflows, list
- <Possible follow-ups>
- Re: Symantec Antivirus Library Remote Heap Overflows, ltr
MDKSA-2005:233 - Updated apache2 packages fix vulnerability in worker MPM, Mandriva Security Team
[security bulletin] SSRT051026 rev. 1 - HP-UX running WBEM Services Denial of Service (DoS), security-alert
about phpMyAdmin's server_privileges.php announced vulnerability, Marc Delisle
Making unidirectional VLAN and PVLAN jumping bidirectional, Andrew A. Vladimirov
- <Possible follow-ups>
- Re: Making unidirectional VLAN and PVLAN jumping bidirectional, Clayton Kossmeyer
Authenticated EIGRP DoS / Information leak, Andrew A. Vladimirov
[ GLSA 200512-10 ] Opera: Command-line URL shell command injection, Thierry Carrez
[FLSA-2005:168326] Updated util-linux and mount packages fix security issue, Marc Deslauriers
[FLSA-2005:166939] Updated openssl packages fix security issues, Marc Deslauriers
[FLSA-2005:155510] Updated gtk2 packages fixes security issues, Marc Deslauriers
[FLSA-2005:152892] Updated enscript package fixes security issues, Marc Deslauriers
[FLSA-2005:152870] Updated a2ps package fixes security issue, Marc Deslauriers
[FLSA-2005:152832] Updated lynx package fixes security issues, Marc Deslauriers
[FLSA-2005:152787] Updated redhat-config-nfs package fixes security issue, Marc Deslauriers
[SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution, Martin Schulze
phpMyAdmin server_privileges.php SQL Injection Vulnerabilities., Alice Bryson
- <Possible follow-ups>
- Re: phpMyAdmin server_privileges.php SQL Injection Vulnerabilities., michal
Fullpath disclosure in roundcube webmail, king_purba
- <Possible follow-ups>
- Re: Fullpath disclosure in roundcube webmail, Steven M. Christey
Microsoft IIS Remote Denial of Service (DoS) .DLL Url exploit, inge . henriksen
Bug in HC, hackeriri
Update on the PGP NTFS File Wipe Issue, 16 Dec 2005, Jon Callas
exploit (html) for Advanced Guestbook 2.2, irc0d3r
Advisory: XSS in WebCal (v1.11-v3.04), Stan Bubrouski
iDefense Security Advisory 12.16.05: Citrix Program Neighborhood Name Heap Corruption Vulnerability, labs-no-reply@xxxxxxxxxxxx
DoS in Cisco Clean Access, alex
DMA[2005-1214a] - 'Widcomm BTW - Bluetooth for Windows Remote Audio Eavesdropping', Kevin Finisterre
ZRCSA-200505: libremail - "pop.c" Format String Vulnerability, deepfear
[USN-230-2] ffmpeg/xine-lib vulnerability, Martin Pitt
phpCOIN-1.2.2-Full-2005 SQL Injection, stranger-killer
[ GLSA 200512-07 ] OpenLDAP, Gauche: RUNPATH issues, Thierry Carrez
[ GLSA 200512-08 ] Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
[ GLSA 200512-09 ] cURL: Off-by-one errors in URL handling, Sune Kloppenborg Jeppesen
Bios Information Leakage, Jonathan Brossard
- Re: Bios Information Leakage, Ron van Daal
Re: [Full-disclosure] iDEFENSE Security Advisory 12.06.05: Ipswitch Collaboration Suite SMTP Format String Vulnerability, Owen Dhu
AIX Heap Overflow paper, David Litchfield
[security bulletin] SSRT4728 rev.1 - HP-UX running TCP/IP Remote Denial of Service (DoS), security-alert
MarmaraWeb E-commerce Script Cross Site Scripting, B3g0k
MarmaraWeb E-commerce Remote Command Exucetion, B3g0k
CYBSEC - Security Advisory: Watchfire AppScan QA Remote Code Execution, Mariano Nuñez Di Croce
Metasploit Framework v3.0 Alpha Release 1, H D Moore
Notacon Call for Proposals open, Paul Schneider
Patches available for IBM AIX flaws, NGSSoftware Insight Security Research
- Re: Patches available for IBM AIX flaws, David Litchfield
- <Possible follow-ups>
- Re: Patches available for IBM AIX flaws, Shiva Persaud
MDKSA-2005:232 - Updated gstreamer-ffmpeg packages fix buffer overflow vulnerability, Mandriva Security Team
MDKSA-2005:231 - Updated ffmpeg packages fix buffer overflow vulnerability, Mandriva Security Team
MDKSA-2005:230 - Updated mplayer packages fix buffer overflow vulnerability, Mandriva Security Team
MDKSA-2005:229 - Updated xmovie packages fix buffer overflow vulnerability, Mandriva Security Team
MDKSA-2005:228 - Updated xine-lib packages fix buffer overflow vulnerability, Mandriva Security Team
MDKSA-2005:227 - Updated ethereal packages fix vulnerability, Mandriva Security Team
[SECURITY] [DSA 922-1] New Linux 2.6.8 packages fix several vulnerabilities, Martin Schulze
iDefense Security Advisory 12.14.05: Trend Micro PC-Cillin Internet Security Insecure File Permission Vulnerability, labs-no-reply@xxxxxxxxxxxx
[ GLSA 200512-06 ] Ethereal: Buffer overflow in OSPF protocol dissector, Thierry Carrez
Secunia Research: Microsoft Internet Explorer Keyboard Shortcut Processing Vulnerability, Secunia Research
[USN-230-1] ffmpeg vulnerability, Martin Pitt
CodeCon submission deadline reminder, Len Sassaman
SUSE Security Announcement: kernel various security and bugfixes (SUSE-SA:2005:068), Marcus Meissner
RLA ("Remote LanD Attack"), Synister Syntax
- Message not available
  - Re: RLA ("Remote LanD Attack"), Synister Syntax
    - Message not available
    - Message not available
    - Re: RLA ("Remote LanD Attack"), Synister Syntax
- <Possible follow-ups>
- RE: RLA ("Remote LanD Attack"), Roger A. Grimes
- RE: RLA ("Remote LanD Attack"), Patrick Galligan
Business Objects WebIntelligence 6.5x Account Lockout and System DoS, mkemp4
[SECURITY] [DSA 921-1] New Linux 2.4.27 packages fix several vulnerabilities, Martin Schulze
[ GLSA 200512-05 ] Xmail: Privilege escalation through sendmail, Thierry Carrez
SUSE Security Announcement: php4, php5 (SUSE-SA:2005:069), Ludwig Nussel
DIMVA 2006 - 2nd Call for Papers, Thomas Biege
iDefense Security Advisory 12.14.05: Trend Micro ServerProtect Crystal Reports ReportServer File Disclosure, labs-no-reply@xxxxxxxxxxxx
Bypass XSS filter in PHPNUKE 7.9=>x, max
- Re: Bypass XSS filter in PHPNUKE 7.9=>x, Paul Laudanski
Disclosure timelines from vendors - a promising practice?, Steven M. Christey
Countering Trusting Trust through Diverse Double-Compiling, David A. Wheeler
- Re: Countering Trusting Trust through Diverse Double-Compiling, Mike Lisanke
  - Re: Countering Trusting Trust through Diverse Double-Compiling, David A. Wheeler
[OpenPKG-SA-2005.029] OpenPKG Security Advisory (apache), OpenPKG
iDefense Security Advisory 12.14.05: Trend Micro ServerProtect EarthAgent Remote DoS Vulnerability, labs-no-reply@xxxxxxxxxxxx
iDefense Security Advisory 12.14.05: Trend Micro ServerProtect relay.dll Chunked Overflow Vulnerability, labs-no-reply@xxxxxxxxxxxx
iDefense Security Advisory 12.14.05: Trend Micro ServerProtect isaNVWRequest.dll Chunked Overflow, labs-no-reply@xxxxxxxxxxxx
LIMBO CMS <= v1.0.4.2 _SERVER[] array overwrite / remote code execution, retrogod
RE: [Full-disclosure] [EEYEB-20050523] Windows Kernel APC Data-FreeLocal Privilege Escalation Vulnerability, Marc Maiffret
ADP Forum 2.0,ADP Forum 2.0.1,ADP Forum 2.0.2,ADP Forum 2.0.3 versiyon user md5 hash bug, liz0
[SECURITY] [DSA 920-1] New ethereal packages fix arbitrary code execution, Martin Schulze
Secunia Research: Internet Explorer Suppressed "Download Dialog" Vulnerability, Secunia Research
MDKSA-2005:226 - Updated mozilla-thunderbird package fix vulnerability in enigmail, Mandriva Security Team
phpCOIN 1.2.2 multiple vulnerabilities, retrogod
[EEYEB-20050523] Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability, Advisories
- Re: [Full-disclosure] [EEYEB-20050523] Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability, Joshua Russel
  - Message not available
    - Re: [Full-disclosure] Re: [EEYEB-20050523] Windows Kernel APC Data-FreeLocal Privilege Escalation Vulnerability, Tom Ferris
  - Re: [Full-disclosure] [EEYEB-20050523] Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability, Ron
[USN-229-1] Zope vulnerability, Martin Pitt
[USN-222-2] Perl vulnerability, Martin Pitt
[scip_Advisory] NetGear RP114 Flooding Denial of Service, Marc Ruef
- Re: [Full-disclosure] [scip_Advisory] NetGear RP114 Flooding Denial ofService, Morning Wood
- Re: [scip_Advisory] NetGear RP114 Flooding Denial of Service, Thierry Zoller
[USN-228-1] curl library vulnerability, Martin Pitt
[OpenPKG-SA-2005.028] OpenPKG Security Advisory (curl), OpenPKG
Status on PGP NTFS File Wipe issue, 11 Dec 2005, Jon Callas
[PHP-CHECKER] 99 potential SQL injection vulnerabilities, php-checker
- Re: [PHP-CHECKER] 99 potential SQL injection vulnerabilities, Andy Lindeman
- <Possible follow-ups>
- [PHP-CHECKER] 99 potential SQL injection vulnerabilities, Yichen Xie
Arab Portal v2 Beta2 SQL Injections, stranger-killer
SEC Consult SA-20051211-0 :: Nortel SSL VPN Cross Site Scripting/Command Execution, SEC Consult Research
Re: Re: [Full-disclosure] Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service, JHannah01
[ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation, Thierry Carrez
- Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation, Paul Wouters
  - Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation, VANHULLEBUS Yvan
- <Possible follow-ups>
- Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation, Thierry Carrez
iDEFENSE Security Advisory 12.12.05: SCO Unixware Setuid 'uidadmin' Scheme Buffer Overflow Vulnerability, labs-no-reply@xxxxxxxxxxxx
SEC Consult SA-20051211-0 :: Several XSS issues in Horde Framework, Kronolith Calendar, Mnemo Notes, Nag Tasks and Turba Addressbook, Johannes Greil
[USN-227-1] xpdf vulnerabilities, Martin Pitt
oracle not only offeder - researchers NOT responsible?, Gadi Evron
Guestserver guestbook system vulnerabilities, jaakko
[ GLSA 200512-03 ] phpMyAdmin: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
IMOEL CMS Sql password discovery, silversmith
- <Possible follow-ups>
- Re: IMOEL CMS Sql password discovery, Steven M. Christey
BTGrup Admin WebController Script SQL injection, khc
[SECURITY] [DSA 919-1] New curl packages fix potential security problem, Martin Schulze
Torrential 1.2 Directory Traversal, Shell
DEFCON London group - DC4420 - inaugural meeting and Christmas Drinks!, Major Malfunction
- Re: [DCG] DEFCON London group - DC4420 - inaugural meeting and Christmas Drinks!, racerx
MDKSA-2005:206-1 - Updated openvpn packages fix multiple vulnerabilities, Mandriva Security Team
Flatnuke 2.5.6 privilege escalation / remote commands execution exploit, retrogod
Apani Network Response to ISAKMP cert-fi:7710 Alert, mkuch
PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer, H D Moore
Motorola SB5100E Cable Modem DoS, Алексей Синцов
MDKSA-2005:225 - Updated perl package fixes format string vulnerability, Mandriva Security Team
iDefense Security Advisory 12.09.05: Ethereal OSPF Protocol Dissector Buffer Overflow Vulnerability, labs-no-reply@xxxxxxxxxxxx
[SECURITY] [DSA 918-1] New osh packages fix privilege escalation, Martin Schulze
TSLSA-2005-0070 - multi, Trustix Security Advisor
MDKSA-2005:224 - Updated curl package fixes format string vulnerability, Mandriva Security Team
[USN-226-1] Courier vulnerability, Martin Pitt
Milliscript 1.4 Multiple Vulnerabilities, NaPa
[KAPDA::#16] - SMF SQL Injection, alireza hassani
- <Possible follow-ups>
- Re: [KAPDA::#16] - SMF SQL Injection, grudge
  - Re: [KAPDA::#16] - SMF SQL Injection, ascii
- Re: Re: [KAPDA::#16] - SMF SQL Injection, retrogod
- Re: Re: [KAPDA::#16] - SMF SQL Injection, polnby
- Re: Re: [KAPDA::#16] - SMF SQL Injection, Steven M. Christey
- Re: Re: Re: [KAPDA::#16] - SMF SQL Injection, grudge
[TKPN2005-12-001] Multiple critical vulnerabilities in MyBB, tk
[security bulletin] SSRT051069 - HP Tru64 Unix Secure Web Server (SWS 6.4.1 and earlier) PHP/XMLRPC Remote Unauthorized Execution of Arbitrary Code, security-alert
= 1.2.6d blind SQL injection / remote commands execution:, retrogod
Website Baker <=2.6.0 SQL Injection -> Login bypass -> remote code execution, retrogod
- <Possible follow-ups>
- Re: Website Baker <=2.6.0 SQL Injection -> Login bypass -> remote code execution, ryan
3com product security hole, jaime . blasco
- Re: 3com product security hole, Nicob
- <Possible follow-ups>
- Re: 3com product security hole, Juha-Matti Laurio
[SECURITY] [DSA 917-1] New courier packages fix unauthorised access, Martin Schulze
-Exploiting Freelist[0] On Windows XP Service Pack 2-, Brett Moore
Airscanner Mobile Security Advisory: Remote Hard Reset Data Wipe and DoS of Pocket Controller v5.0 (#AS05080401), contact . removethis
iDefense Security Advisory 12.07.05: Dell TrueMobile 2300 Wireless Broadband Router Authentication Bypass Vulnerability, labs-no-reply@xxxxxxxxxxxx
[security bulletin] SSRT051037 HP-UX Running IPSec Remote Unauthorized Access, security-alert
[security bulletin] SSRT5954 Revised - HP-UX TCP/IP Remote Denial of Service (DoS), security-alert
[ GLSA 200512-01 ] Perl: Format string errors can lead to code execution, Sune Kloppenborg Jeppesen
[ GLSA 200512-02 ] Webmin, Usermin: Format string vulnerability, Sune Kloppenborg Jeppesen
[KDE Security Advisory] multiple buffer overflows in kpdf/koffice, Dirk Mueller
[security bulletin] SSRT4884 HP-UX TCP/IP Remote Denial of Service (DoS), security-alert
Journal of Computer Virology-Call for Papers, Saeed Abu Nimeh
DRZES HMS XSS and SQL Injection Vulnerabilities, vipsta
Mobile Antivirus Researchers Assoc. Call for White Papers, contact . removethis
Advisory 24/2005: libcurl URL parsing vulnerability, Stefan Esser
Advisory 25/2005: phpMyAdmin Variables Overwrite Vulnerability, Stefan Esser
[SECURITY] [DSA 916-1] New Inkscape packages fix arbitrary code execution, Martin Schulze
SugarSuite Open Source <= 4.0beta Remote code execution, retrogod
SimpleBBS <= v1.1 remote commands execution in c by: unitedasia security crew, unitedasia
[KAPDA::#15] - ThWboard multiple vulnerabilities, alireza hassani
Critical Myspace.com Vulnerabilites, silentproducts
[USN-225-1] Apache 2 vulnerability, Martin Pitt
[USN-224-1] Kerberos vulnerabilities, Martin Pitt
iDefense Security Advisory 12.05.05: Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability, iDEFENSE Labs
iDefense Security Advisory 12.05.05: Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability, iDEFENSE Labs
iDefense Security Advisory 12.05.05: Multiple Vendor xpdf DCTStream Progressive Heap Overflow, iDEFENSE Labs
iDefense Security Advisory 12.05.05: Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability, iDEFENSE Labs
Horde IMP Webmail Client XSS all versions, Igor
SUSE Security Announcement: kernel various security and bugfixes (SUSE-SA:2005:067), Marcus Meissner
Buffer Overflow in MultiTech VoIP Implementations, SecurityLab Research
Outpost24 Public Security Note: Linux/Elxbot, David Jacoby
Blog System v1.2 Multiple SQL Injection Vulnerabilities, vipsta
[security bulletin] HPSBUX01059 SSRT4704 Revised - HP-UX Running wu-ftpd Local Unauthorized Access, security-alert
[USN-180-2] MySQL 4.1 vulnerability, Martin Pitt
have you ever been BluePIMped?, KF (lists)
[scip_Advisory] e107 v0.6 rate.php manipulation, Marc Ruef
[USN-223-1] Inkscape vulnerability, Martin Pitt
more MD5 colliding examples, Gerardo Richarte
Zen-Cart <= 1.2.6d blind SQL injection / remote commands execution:, retrogod
PHP-Fusion v6.00.109 SQL Injection and Info. Disclosure, xer0x . west
[OpenPKG-SA-2005.027] OpenPKG Security Advisory (php), OpenPKG
DMA[2005-1202a] - 'sobexsrv - Scripting/Secure OBEX Server format string vulnerability', KF (lists)
QNX 4.25 suided dhcp.client binary, lms
[Updated] [FLSA-2005:166943] Updated php packages fix security issues, Marc Deslauriers
MDKSA-2005:222 - Updated mailman packages fix various vulnerabilities, Mandriva Security Team
Re: WebCalendar, Louis Wang
Alisveristr E-Commerce Admin Login SQL İnjection, B3g0k
[OpenPKG-SA-2005.025] OpenPKG Security Advisory (perl), OpenPKG
eXtreme Styles mod <= 2.2.1 Multiple Vulnerabilities, tommie1
- <Possible follow-ups>
- eXtreme Styles mod <= 2.2.1 Multiple Vulnerabilities, tommie1
MDKSA-2005:221 - Updated spamassassin packages fixes vulnerability, Mandriva Security Team
[OpenPKG-SA-2005.026] OpenPKG Security Advisory (lynx), OpenPKG
MDKSA-2005:223 - Updated webmin package fixes format string vulnerability, Mandriva Security Team
WinEggDropShell Multiple Remote Stack Overflow, Sowhat
[USN-221-1] racoon vulnerability, Martin Pitt
[USN-222-1] Perl vulnerability, Martin Pitt
Format String Vulnerabilities in Perl Programs, Steven M. Christey
[xfocus-SD-051202]openMotif libUil Multiple vulnerability, alert7@xxxxxxxxxx
SEC Consult SA-XXXXXXXXXXX, Bernhard Mueller
- 22nd CCC conference in Berlin, Harry Behrens
SEC Consult SA-20050212-1 :: A Word on Webmail Security and Browser related XSS Bugs, Sec Consult Research
SEC Consult SA-20051202-1 :: GMX Webmail XSS, Sec Consult Research
phpMyChat Multiple XSS vulnerabilities., secresearch
[SECURITY] [DSA 915-1] New helix-player packages fix arbitrary code execution, Martin Schulze
Cisco Security Advisory: IOS HTTP Server Command Injection Vulnerability, Cisco Systems Product Security Incident Response Team
[DRUPAL-SA-2005-009] Drupal 4.6.4 / 4.5.6 fixes minor access control issue, Uwe Hermann
Perl format string integer wrap vulnerability, robert
[SECURITY] [DSA 913-1] New gdk-pixbuf packages fix several vulnerabilities, Martin Schulze
[USN-220-1] w3c-libwww vulnerability, Martin Pitt
Edgewall Trac SQL Injection Vulnerability, David Maciejak
[DRUPAL-SA-2005-007] Drupal 4.6.4 / 4.5.6 fixes XSS issue, Uwe Hermann
[DRUPAL-SA-2005-008] Drupal 4.6.4 / 4.5.6 fixes XSS and HTTP header injection issue, Uwe Hermann
[SECURITY] [DSA 914-1] New horde2 packages fix cross-site scripting, Martin Schulze
Microsoft Windows CreateRemoteThread Exploit, q7x
- Re: Microsoft Windows CreateRemoteThread Exploit, Anton
- <Possible follow-ups>
- RE: Microsoft Windows CreateRemoteThread Exploit, Michael Wojcik
- Re: Re: Microsoft Windows CreateRemoteThread Exploit, warl0ck
WebCalendar Multiple Vulnerabilities., lwang
[security bulletin] SSRT4787 Revised - HP Systems Insight Manager (SIM) for HP-UX Remote Denial of Service (DoS), security-alert
Sunbelt set to acquire Kerio Personal Firewall, Paul Laudanski
- Re: Sunbelt set to acquire Kerio Personal Firewall, Nick Boyce
PhpX <= 3.5.9 SQL Injection -> login bypass -> remote command/code execution, retrogod
Re: What is wrong with these people?, Steve Shockley
Re: - Cisco IOS HTTP Server code injection/execution vulnerability-, Florian Weimer
- <Possible follow-ups>
- Re: - Cisco IOS HTTP Server code injection/execution vulnerability-, Mike Caudill
MDKSA-2005:220 - Updated kernel packages fix numerous vulnerabilities, Mandriva Security Team
MDKSA-2005:217 - Updated netpbm packages fix pnmtopng vulnerabilities, Mandriva Security Team
MDKSA-2005:218 - Updated kernel packages fix numerous vulnerabilities, Mandriva Security Team
MDKSA-2005:219 - Updated kernel packages fix numerous vulnerabilities, Mandriva Security Team
Re: WebCalendar Multiple Vulnerabilities, Paul Laudanski
- Re: WebCalendar Multiple Vulnerabilities, ascii
- <Possible follow-ups>
- Re: WebCalendar Multiple Vulnerabilities, craig
Opera 8.50 DoS with simple java applet, Marc Schoenefeld
- Re: Opera 8.50 DoS with simple java applet, Edward D Wiget
- Re: Opera 8.50 DoS with simple java applet, Yngve N. Pettersen (Developer Opera Software ASA)
Gallery 2.x Security Advisory, Bharat Mediratta
[SECURITY] [DSA 912-1] New centericq packages fix denial of service, Martin Schulze
Re: DNS query spam, Florian Weimer
- <Possible follow-ups>
- Re: DNS query spam, Jim Pingle
- Re: DNS query spam, Stephen Stuart
- Re: DNS query spam, Joe
- Re: DNS query spam, fugi
  - Re: DNS query spam, Piotr Kamisiski
Re: Xaraya <= 1.0.0 RC4 D.O.S / file corruption, Paul Laudanski
- <Possible follow-ups>
- Re: Re: Xaraya <= 1.0.0 RC4 D.O.S / file corruption, retrogod