Bugtraq: by date

PreviousPrevious period
Next periodNext

470 messages starting Dec 01 04 and ending Dec 31 04
Date index | Thread index | Author index

Wednesday, 01 December

Disclosure of file system information in Mozilla Firefox and Opera Browser: Giovanni Delvecchio
Invision Power Board 'Allow auto login' setting override Hillel Himovich
Re: Winamp - Buffer Overflow In IN_CDDA.dll Black Dot
SUSE Security Announcement: various kernel problems (SUSE-SA:2004:042) Marcus Meissner
Re: Pi3Web/2.0.0 File-Disclosure/Path Disclosure vuln Holger Zimmermann
[CLA-2004:904] Conectiva Security Announcement - cyrus-imapd Conectiva Updates
Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003. Reed Arvin
[SECURITY] [DSA 603-1] New openssl packages fix insecure temporary file creation Martin Schulze
[USN-35-1] imagemagick vulnerabilities Martin Pitt
[USN-36-1] NFS statd vulnerability Martin Pitt
[USN-33-1] libgd vulnerabilities Martin Pitt
[ GLSA 200411-37 ] Open DC Hub: Remote code execution Luke Macken
[CLA-2004:902] Conectiva Security Announcement - abiword Conectiva Updates
[USN-34-1] OpenSSH information leakage Martin Pitt

Thursday, 02 December

[KA Advisory 0411291] IPCop Cross Site Scripting Vulnerability in "proxylog.dat" Kurczaba Associates advisories
Cisco Security Advisory: Cisco CNS Network Registrar Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
rssh and scponly arbitrary command execution Jason Wies
Blog Torrent preview 0.8 - arbitary file download Steve Kemp
[USN-37-1] cyrus21-imapd vulnerability Martin Pitt
Official IFRAME patch - make sure it installs correctly Berend-Jan Wever
Multiple vulnerabilities in Kreed 1.05 Luigi Auriemma
Remote Mercury32 Imap exploit JohnH
[CLA-2004:905] Conectiva Security Announcement - squirrelmail Conectiva Updates
Re: Disclosure of file system information in Mozilla Firefox and Opera Browser: Liu Die Yu
FreeBSD Security Advisory FreeBSD-SA-04:17.procfs FreeBSD Security Advisories
Advanced Guestbook Emile van Elen

Friday, 03 December

[SECURITY] [DSA 604-1] New hpsockd packages fix denial of service Martin Schulze
[ GLSA 200412-01 ] rssh, scponly: Unrestricted command execution Thierry Carrez

Saturday, 04 December

Opera 7.54 vulnerabilities again (still unfixed) Marc Schoenefeld

Monday, 06 December

[ GLSA 200412-02 ] PDFlib: Multiple overflows in the included TIFF library Luke Macken
Hosting Controller mouse small
[SECURITY] [DSA 605-1] New viewcvs packages fix information leak Martin Schulze
Winamp - Buffer Overflow In IN_CDDA.dll [ Patch Released ] Brett Moore
Multiple vulnerabilities in w3who ISAPI DLL Nicolas Gregoire
Re: Advanced Guestbook Spy Hat
DoS leading to crash of client in Remote Execute 2.30 headpimp
Web Application Security Consortium 'Guest Articles' Call for Papers robert

Tuesday, 07 December

Tool Announcement: AIRT -- the Advanced Incident Response Tool (linux) madsys
RE: Disclosure of file system information in Mozilla Firefox and Opera Browser: Thor Larholm
Local root exploit on Mac OS X with Adobe Version Cue fintler
MaxDB WebTools <= 7.5.00.18 buffer overflow and Denial of Service Evgeny Demidov
[ GLSA 200412-05 ] mirrorselect: Insecure temporary file creation Luke Macken
Broadcast client crash in Battlefield 1942 1.6.19 and Vietnam 1.2 Luigi Auriemma
MDKSA-2004:142 - Updated gzip packages fix temporary file vulnerability Mandrake Linux Security Team
Multiple Vulnerabilities in paFileDB 3.1 Ahmad Muammar
Online Script Decoder GreyMagic Security
Remote Web Server Text File Viewing Vulnerability in WebLibs 1.0 John Bissell
MD5 To Be Considered Harmful Someday Dan Kaminsky
Re: Local root exploit on Mac OS X with Adobe Version Cue Chet Ramey
MDKSA-2004:143 - Updated ImageMagick packages fix vulnerability Mandrake Linux Security Team
Bypass personal firewall application protection . Again. offtopic
Cleartext SMB passwords in Novell Desktop Linux using KDE Mike DeMaria
7a69Adv#16 - Konqueror FTP command injection Albert Puigsech Galicia
zone transfers, a spammer's dream? Lode Vermeiren
Re: Online Script Decoder Stefan Paletta
Re: [Advisory] Mozilla Products Remote Crash Vulnerability Berend-Jan Wever
Re: MD5 To Be Considered Harmful Someday Gandalf The White
IE6 Vulnerability - Local File Detection ViPeR
MDKSA-2004:147 - Updated openssl packages fix temporary file vulnerability Mandrake Linux Security Team
MDKSA-2004:145 - Updated rp-pppoe packages fix vulnerability Mandrake Linux Security Team
[ GLSA 200412-04 ] Perl: Insecure temporary file creation Luke Macken
MDKSA-2004:146 - Updated nfs-utils packages fix remote DoS vulnerability Mandrake Linux Security Team
[Advisory] Mozilla Products Remote Crash Vulnerability Niek van der Maas
MDKSA-2004:144 - Updated lvm1 packages fix temporary file vulnerability Mandrake Linux Security Team
[ GLSA 200412-03 ] imlib: Buffer overflows in image decoding Thierry Carrez

Wednesday, 08 December

Re: [Full-Disclosure] Multiple vulnerabilities in w3who ISAPI DLL Nicolas Gregoire
MD5 To Be Considered Harmful Today Pavel Machek
[SECURITY] [DSA 606-1] New nfs-utils packages fix denial of service Martin Schulze
Re: MDKSA-2004:145 - Updated rp-pppoe packages fix vulnerability David F. Skoll
Re: MD5 To Be Considered Harmful Someday Tim
Re: 7a69Adv#16 - Konqueror FTP command injection Albert Puigsech Galicia
Re: Bypass personal firewall application protection . Again. Chris Paget
Address Bar Spoophing for the Pheeshies: IntotheNet Explorer 6 http-equiv () excite com
Re: MD5 To Be Considered Harmful Someday Joel Maslak
RE: MD5 To Be Considered Harmful Someday Rager, Anton (Anton)
Re: MD5 To Be Considered Harmful Someday Joel Maslak
7a69Adv#15 - Internet Explorer FTP command injection Albert Puigsech Galicia
Re: MD5 To Be Considered Harmful Someday Gandalf The White
RE: MD5 To Be Considered Harmful Someday David Schwartz
Re: MD5 To Be Considered Harmful Someday Keith Oxenrider
Re: MD5 To Be Considered Harmful Someday Jack Lloyd
Re: MD5 To Be Considered Harmful Someday Dragos Ruiu
Re: MD5 To Be Considered Harmful Someday Jack Lloyd
Re: MD5 To Be Considered Harmful Someday Dan Kaminsky
Re: MD5 To Be Considered Harmful Someday Ruth A. Kramer
Re: MD5 To Be Considered Harmful Someday Dan Kaminsky
Re: MD5 To Be Considered Harmful Someday Paul Wouters
Re: MD5 To Be Considered Harmful Someday George Georgalis
Re: MD5 To Be Considered Harmful Someday Paul Wouters
Re: MD5 To Be Considered Harmful Someday Solar Designer
Re: MD5 To Be Considered Harmful Someday Dan Kaminsky
Re: MD5 To Be Considered Harmful Someday Steve Friedl
Re: IE6 Vulnerability - Local File Detection RSnake
Re: MD5 To Be Considered Harmful Someday David F. Skoll
Re: MD5 To Be Considered Harmful Today Dan Kaminsky
Re: MD5 To Be Considered Harmful Today Pavel Machek
Re: MD5 To Be Considered Harmful Today Dan Kaminsky

Thursday, 09 December

TSLSA-2004-0064 - nfs-utils Trustix Security Advisor
KDE Security Advisory: plain text password exposure Dirk Mueller
KDE Security Advisory: kfax libtiff vulnerabilities Dirk Mueller
Re: MD5 To Be Considered Harmful Someday Adam Shostack
Re: MD5 To Be Considered Harmful Someday Pavel Kankovsky
F-Secure Policy Manager - physical path disclosure oliver
Re: Multiple Vulnerabilities in paFileDB 3.1 Rafael San Miguel Carrasco

Friday, 10 December

CodeCon CFP deadline nearing Len Sassaman
wget: Arbitrary file overwriting/appending/creating and other vulnerabilities Jan Minar
In-game buffer-overflow in the Gamespy cd-key validation SDK Luigi Auriemma
[SECURITY] [DSA 607-1] New libxpm packages fix several vulnerabilities Martin Schulze
HOW TO BREAK XP SP2 POPUP BLOCKER: kick it in the nut ! http-equiv () excite com

Saturday, 11 December

Local off-by-one in mtr versions 0.55 to 0.65 venglin

Monday, 13 December

Re: MD5 To Be Considered Harmful Someday Solar Designer
SugarSales Multiple Vulnerabilities Daniel Fabian
Citadel/UX <= v6.27 Remote Format String Vulnerability CoKi
Gadu-Gadu several vulnerabilities Jaroslaw Sajko
Multiple vulnerabilities in phpMyAdmin Nicolas Gregoire
MS IE User's Authentication Details (userid/password) Sharing Issue Debasis Mohanty
KDE Security Advisory: Konqueror Window Injection Vulnerability Waldo Bastian
iDEFENSE Security Advisory 12.13.04 - Multiple Vendor xzgv PRF Parsing Integer Overflow Vulnerability customer service mailbox
[ZH2004-19SA] Possible execution of remote shell commands in Opera with kfmclien Giovanni Delvecchio
Winamp 5.07 (latest version) Remote Crash + other stupid shizle b0f www . b0f . net
Socket unreacheable in the Lithtech engine (new protocol) Luigi Auriemma
RE: zone transfers, a spammer's dream? Marcin Pacyna
[ GLSA 200412-07 ] file: Arbitrary code execution Matthias Geerdsen
NetWare Screensaver Authentication Bypass From The Local Console Adam Gray
[ GLSA 200412-06 ] PHProjekt: setup.php vulnerability Thierry Carrez
Secure Network Operations SNOsoft Research Team [SRT2004-12-14-0322] Symantec LiveUpdate Advisory Secure Network Operations, Inc.
What's "may have exploitable buffer overflows" mean in tcpdump? Dragos Ruiu

Tuesday, 14 December

Linux kernel IGMP vulnerabilities Paul Starzetz
phpBB Attachment Mod Directory Traversal HTTP POST Injection Paul Laudanski
Re: Secure Network Operations SNOsoft Research Team [SRT2004-12-14-0322] Symantec LiveUpdate Advisory secure
Linux kernel scm_send local DoS Paul Starzetz
Re: [Full-Disclosure] [HV-LOW] Symantec LiveUpdate issues may cause DoS Dan Margolis
[ZH2004-18SA] Content-Type spoofing in Mozilla Firefox and Opera could allow users to bypass security restrictions Giovanni Delvecchio
iDEFENSE Security Advisory 12.14.04 - Adobe Acrobat Reader 5.0.9 mailListIsPdf() Buffer Overflow Vulnerability customer service mailbox
MDKSA-2004:148 - Updated iproute2 packages fix temporary file vulnerability Mandrake Linux Security Team
[SECURITY] [DSA 609-1] New atari800 packages fix local root exploit Martin Schulze
ASP Calendar Vulnerability <www.ashiyane.com> ali reza AcTiOnSpIdEr
[CAN-2004-1022] Insecure Credential Storage on Kerio Software Secure Computer Group
Re: Citadel/UX <= v6.27 Remote Format String Vulnerability Michael Hampton
RICOH Aficio 450/455 PCL 5e Printer ICMP DOS vulnerability Hongzhen Zhou
Possible local root vulnerability in Roxio Toast on Mac OS X fintler
STG Security Advisory: [SSA-20041209-13] UseModWiki XSS vulnerability advisory
[SECURITY] [DSA 608-1] New zgv packages fix arbitrary code execution Martin Schulze
[ GLSA 200412-08 ] nfs-utils: Multiple remote vulnerabilities Luke Macken
[CAN-2004-1023] Insecure default file system permissions on Microsoft versions of Kerio Software Secure Computer Group
MDKSA-2004:149 - Updated postgresql packages fix temporary file vulnerability Mandrake Linux Security Team
ASP-rider is vulnerable to sql injection attack shervin khaleghjou
iDEFENSE Security Advisory 12.13.04: Adobe Reader 6.0 .ETD File Format String Vulnerability customer service mailbox
Re: NetWare Screensaver Authentication Bypass From The Local Console Brad Bendily
Re: Linux kernel IGMP vulnerabilities Pekka Savola
iDEFENSE Security Advisory 12.14.04 - Microsoft Word 6.0/95 Document Converter Buffer Overflow Vulnerability customer service mailbox
[Correction For]: Secure Network Operations SNOsoft Research Team [SRT2004-12-14-0322] Symantec LiveUpdate Advisory Secure Network Operations, Inc.
[USN-38-1] Linux kernel vulnerabilities Martin Pitt

Wednesday, 15 December

HyperTerminal - Buffer Overflow In .ht File Brett Moore
Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ] GulfTech Security
Asante FM2008 10/100 Ethernet switch backdoor login Joe Philipps
Hotmail Cross-Site Scripting Vulnerability #1 Rafel Ivgi
Hotmail Cross Site Scripting Vulnerability #2 Rafel Ivgi
Yahoo! Mail Cross-Site Scripting Vulnerability Rafel Ivgi
Re: RICOH Aficio 450/455 PCL 5e Printer ICMP DOS vulnerability Hongzhen Zhou
*nix data wipe tools Thomas C. Greene
3cdaemon tftp server DOS vulnerability Wang Ning
Re: rpcl_icmpdos.c x90c
[ GLSA 200412-09 ] ncpfs: Buffer overflow in ncplogin and ncpmap Thierry Carrez
Re: Linux kernel scm_send local DoS even multiplexed
Re: Linux kernel scm_send local DoS Paul Starzetz
MSIE DHTML Edit Control Cross Site Scripting Vulnerability Paul
[OpenPKG-SA-2004.052] OpenPKG Security Advisory (vim) OpenPKG
STG Security Advisory: [SSA-20041214-14] GNUBoard PHP injection vulnerability advisory
[ GLSA 200412-10 ] Vim, gVim: Vulnerable options in modelines Thierry Carrez
Security Advisory for CVS Slash Jamie McCarthy
Advisory 01/2004: Multiple vulnerabilities in PHP 4/5 Stefan Esser
Cisco Security Advisory: Default Administrative Password in Cisco Guard and Traffic Anomaly Detector Cisco Systems Product Security Incident Response Team
Re: Linux kernel IGMP vulnerabilities Paul Starzetz
iwebnegar is vulnerable to all kind of sql injections shervin khaleghjou
Cisco Security Advisory: Cisco Unity Integrated with Exchange Has Default Passwords Cisco Systems Product Security Incident Response Team
STG Security Advisory: [SSA-20041215-15] Vulnerability of uploading files with multiple extensions in MoniWiki advisory
CSS in phpBB 1.4.4 SandI]
Re: Linux kernel scm_send local DoS even multiplexed
Re: Linux kernel IGMP vulnerabilities stephen joseph butler
php unserialize Martin Eiszner
Re: Linux kernel scm_send local DoS gadgeteer
MDKSA-2004:150 - Updated kdelibs and kdebase packages fix vulnerability Mandrake Linux Security Team
RE: CSS in phpBB 1.4.4 Paul Owen
Re: Linux kernel IGMP vulnerabilities matthew-bugtraq

Thursday, 16 December

Re: php unserialize Stefan Esser
iDEFENSE Security Advisory 12.15.04: Computer Associates eTrust EZ Antivirus Insecure File Permission Vulnerability customer service mailbox
[SAMBA] CAN-2004-1154 : Integer overflow could lead to remote code execution in Samba 2.x, 3.0.x <= 3.0.9 Gerald Carter
STG Security Advisory: [SSA-20041215-17] Vulnerability of uploading files with multiple extensions in JSBoard advisory
STG Security Advisory: [SSA-20041215-18] Vulnerability of uploading files with multiple extensions in phpBB Attachment Mod advisory
[MaxPatrol] SQL-injection in Ikonboard 3.1.x Alexander Anisimov
STG Security Advisory: [SSA-20041215-19] Vulnerability of uploading files with multiple extensions in MediaWiki advisory
Multiple XSS Vulnerabilities in Wordpress 1.2.1 Thomas Waldegger
DJB's students release 44 *nix software vulnerability advisories Thor Larholm
PHP Input Validation Vulnerabilities Daniel Fabian
Re: [ GLSA 200412-10 ] Vim, gVim: Vulnerable options in modelines Alexey I. Froloff
iDEFENSE Security Advisory 12.16.04: Samba smbd Security Descriptor Integer Overflow Vulnerability iDEFENSE Security Advisory
iDEFENSE Security Advisory 12.16.04: Veritas Backup Exec Agent Browser Registration Request Buffer Overflow Vulnerability iDEFENSE Security Advisory
iDEFENSE Security Advisory 12.16.04: MPlayer Remote RTSP HeapOverflow Vulnerability iDEFENSE Security Advisory
[USN-39-1] Linux amd64 kernel vulnerability Martin Pitt
[USN-40-1] PHP vulnerabilities Martin Pitt
iDEFENSE Security Advisory 12.16.04: MPlayer MMST Streaming Stack Overflow Vulnerability iDEFENSE Security Advisory
Yahoo! Mail Cross-Site Scripting Vulnerability Rafel Ivgi, The-Insider
iDEFENSE Security Advisory 12.16.04: MPlayer Bitmap Parsing Remote Heap Overflow Vulnerability iDEFENSE Security Advisory
Hotmail Cross-Site Scripting Vulnerability #2 Rafel Ivgi, The-Insider
Hotmail Cross-Site Scripting Vulnerability #1 Rafel Ivgi, The-Insider
Discussion: Microsoft(R) PowerPoint “Action Settings” feature allows invocation of default browser pointed at arbitrary URL. Monte Ratzlaff
[OpenPKG-SA-2004.053] OpenPKG Security Advisory (php) OpenPKG
[ GLSA 200412-11 ] Cscope: Insecure creation of temporary files Luke Macken
[SIG^2 G-TEC] singapore Image Gallery Web Application v0.9.10 Multiple Vulnerabilities chewkeong
Re: *nix data wipe tools David Cannings
RE: STG Security Advisory: [SSA-20041215-17] Vulnerability of uploading files with multiple extensions in JSBoard Richard Stanway
RE: Linux kernel IGMP vulnerabilities Wolfpaw - Dale Corse

Friday, 17 December

Unchecked returns from kernel_read() in linux-2.6.10-rc2 kernel Katrina Tsipenyuk
Re: DJB's students release 44 *nix software vulnerability advisories Crispin Cowan
RE: Linux kernel IGMP vulnerabilities Jirka Kosina
[OpenPKG-SA-2004.054] OpenPKG Security Advisory (samba) OpenPKG
Gadu-Gadu, another two bugs Jaroslaw Sajko
NetBSD Security Advisory 2004-010: Insufficient argument validation in compat code NetBSD Security-Officer
phphpbb2 + php version < 4.3.10 unserialize() memory dump sql password from config.php exploit bad boy
[ GLSA 200412-12 ] Adobe Acrobat Reader: Buffer overflow vulnerability Luke Macken
Re: *nix data wipe tools Wietse Venema
4 Vulnerabilities in GamePort amoXi Devilkin
Re: *nix data wipe tools Thomas C. Greene
Re: DJB's students release 44 *nix software vulnerability advisories cees-bart
Re: iDEFENSE Security Advisory 12.16.04: MPlayer MMST Streaming Stack Overflow Vulnerability Hideki Yamane
Re: DJB's students release 44 *nix software vulnerability advisories security curmudgeon
NetBSD kernel local vulnerabilities Evgeny Demidov
4 Vulnerabilities in GamePort amoXi Devilkin
[OpenPKG-SA-2004.056] OpenPKG Security Advisory (cvstrac) OpenPKG
Re: *nix data wipe tools Casper . Dik
Internet Explorer Code Execution Bypass Vulnerability aikon none
[SECURITY] [DSA 610-1] New cscope packages fix insecure temporary file creation Martin Schulze
Bug in Crypt::ECB perl module Bennett R. Samowich
Re: *nix data wipe tools George Georgalis
[ GLSA 200412-13 ] Samba: Integer overflow Sune Kloppenborg Jeppesen

Sunday, 19 December

Multiple Vulnerabilities In Kayako eSupport v2.x GulfTech Security
Re: DJB's students release 44 *nix software vulnerability advisories D. J. Bernstein
MS Windows Media Player 9 Vulns (2) Arman Nayyeri

Monday, 20 December

MDKSA-2004:151 - Updated php packages fix multiple vulnerabilities Mandrake Linux Security Team
Re: Patch available for multiple critical flaws in Oracle Marc Bejarano
Re: DJB's students release 44 *nix software vulnerability advisories Julian T J Midgley
[USN-41-1] Samba vulnerability Martin Pitt
[SECURITY] [DSA 611-1] New htget packages fix arbitrary code execution Martin Schulze
Security Bulletin SSRT4687 rev.0 HP-UX newgrp(1) local privilege elevation Boren, Rich (SSRT)
[ GLSA 200412-14 ] PHP: Multiple vulnerabilities Thierry Carrez
AIX 5.1/5.2/5.3 local root exploits cees-bart
PHP shmop.c module permits write of arbitrary memory. Stefano Di Paola
TSLSA-2004-0066 - multi Trustix Security Advisor
TSLSA-2004-0068 - kernel Trustix Security Advisor
[ GLSA 200412-15 ] Ethereal: Multiple vulnerabilities Sune Kloppenborg Jeppesen
Crystal FTP Pro Client Buffer Overflow Luca Ercoli
Windows Explorer TGA Crash Bill
KDE Security Advisory: Konqueror Java Vulnerability Waldo Bastian
Re: Internet Explorer Code Execution Bypass Vulnerability cmthemc
UPDATE: [ GLSA 200410-12 ] WordPress: HTTP response splitting and XSS vulnerabilities Luke Macken
Exploit for Ultrix 4.5 dxterm Kristoffer Brånemyr
[ GLSA 200412-16 ] kdelibs, kdebase: Multiple vulnerabilities Sune Kloppenborg Jeppesen
Internet Explorer Help ActiveX Control Local Zone Security Restriction Bypass Vulnerability (updated) Paul
[ GLSA 200412-17 ] kfax: Multiple overflows in the included TIFF library Sune Kloppenborg Jeppesen
[ GLSA 200412-20 ] NASM: Buffer overflow vulnerability Luke Macken
[ GLSA 200412-18 ] abcm2ps: Buffer overflow vulnerability Luke Macken
[ GLSA 200412-21 ] MPlayer: Multiple overflows Thierry Carrez
[USN-42-1] Xine library vulnerabilities Martin Pitt
[Full-Disclosure] [ GLSA 200412-19 ] phpMyAdmin: Multiple vulnerabilities Sune Kloppenborg Jeppesen
Re: Gadu-Gadu, another two bugs Przemyslaw Frasunek
Re: DJB's students release 44 *nix software vulnerability advisories Marcin Owsiany
Gadu-Gadu Remote DoS (all versions) Maciej Soltysiak
[SECURITY] [DSA 612-1] New a2ps packages fix arbitrary command execution Martin Schulze
MDKSA-2004:153 - Updated aspell packages fix vulnerability Mandrake Linux Security Team
MDKSA-2004:152 - Updated ethereal packages fix multiple vulnerabilities Mandrake Linux Security Team
Updated: TSLSA-2004-0068 - kernel Trustix Security Advisor
[USN-43-1] groff utility vulnerabilities Martin Pitt
Re: [Full-Disclosure] Re: Gadu-Gadu, another two bugs Maciej Soltysiak
MITKRB5-SA-2004-004: heap overflow in libkadm5srv Tom Yu

Tuesday, 21 December

TSLSA-2004-0069 - kerberos5 Trustix Security Advisor
[SECURITY] [DSA 614-1] New xzgv packages fix arbitrary code execution Martin Schulze
Re: AIX 5.1/5.2/5.3 local root exploits (diag issue) Shiva Persaud
phpBB Worm Shannon Lee
Xprobe 0.2.1 Released bugtraq
Re: DJB's students release 44 *nix software vulnerability advisories Jonathan T Rockway
Re: DJB's students release 44 *nix software vulnerability advisories milw0rm Inc.
SUSE Security Announcement: various kernel problems (SUSE-SA:2004:044) Marcus Meissner
Re: DJB's students release 44 *nix software vulnerability advisories Artem Chuprina
Re: DJB's students release 44 *nix software vulnerability advisories Dave Holland
Re: DJB's students release 44 *nix software vulnerability advisories Antoine Martin
Re: DJB's students release 44 *nix software vulnerability advisories Thor
Re: phpBB Worm Raymond Dijkxhoorn
iDEFENSE Security Advisory 12.21.04: Multiple Vendor xpdf PDF Viewer Buffer Overflow Vulnerability customer service mailbox
iDEFENSE Security Advisory 12.21.04: Multiple Vendor Xine version 0.99.2 PNM Handler Negative Read Length Heap Overflow Vulnerability customer service mailbox
iDEFENSE Security Advisory 12.21.04: Multiple Vendor Xine version 0.99.2 PNM Handler PNA_TAG Heap Overflow Vulnerability customer service mailbox
iDEFENSE Security Advisory 12.21.04: libtiff Directory Entry Count Integer Overflow Vulnerability customer service mailbox
Re: DJB's students release 44 *nix software vulnerability advisories Stephen Samuel
iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability customer service mailbox
iDEFENSE Security Advisory 12.21.04: Hewlett Packard HP-UX ftpd Remote Buffer Overflow Vulnerability customer service mailbox
Re: Wordpress 1.2.2 is still vulnerable Thomas Waldegger
RE: DJB's students release 44 *nix software vulnerability advisories Devin Ganger
Re: Windows Explorer TGA Crash is a DoS bug in Internet Explorer. Berend-Jan Wever
Re: DJB's students release 44 *nix software vulnerability advisories David F. Skoll
WebWorm using PHPBB vulnerability in the wild! Niki Denev
Re: AIX 5.1/5.2/5.3 local root exploits (paginit issue) Shiva Persaud
RE: phpBB Worm Paul Kurczaba
[SECURITY] [DSA 613-1] New ethereal packages fix denial of service Martin Schulze
Re: DJB's students release 44 *nix software vulnerability advisories laffer1
Re: DJB's students release 44 *nix software vulnerability advisories Stephen Harris
Re: Windows Explorer TGA Crash is a DoS bug in Internet Explorer. Berend-Jan Wever
Re: DJB's students release 44 *nix software vulnerability advisories Raymond M. Reskusich

Wednesday, 22 December

SUSE Security Announcement: samba (SUSE-SA:2004:045) Sebastian Krahmer
[SECURITY] [DSA 615-1] New debmake package fixes insecure temporary directories Martin Schulze
Local versus remote security holes D. J. Bernstein
MDKSA-2004:154 - Updated kdelibs packages fix multiple vulnerability Mandrake Linux Security Team
Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability Dmitry V. Levin
Sybase ASE 12.5.2 vulnerabilities NGSSoftware Insight Security Research
Re: DJB's students release 44 *nix software vulnerability advisories D. J. Bernstein
Re: DJB's students release 44 *nix software vulnerability advisories Jonathan Rockway
Re: DJB's students release 44 *nix software vulnerability advisories Chris Paget
MDKSA-2004:156 - Updated krb5 packages fix buffer overflow vulnerability Mandrake Linux Security Team
Re: DJB's students release 44 *nix software vulnerability advisories Jonathan Rockway
Re: phpBB Worm Sebastian Wiesinger
Re: phpBB Worm Alexander Klimov
malware effecting broadband users in Israel Gadi Evron
Java Runtime Environment Remote Denial-of-Service (DoS) Vulnerability Marc Schoenefeld
Re: DJB's students release 44 *nix software vulnerability advisories Valdis . Kletnieks
Re: phpBB Worm ycw1bh302
Re: Local versus remote security holes Adam Shostack
possible local exploit via sendmail with procmail on solaris Michael Barnes
Re: DJB's students release 44 *nix software vulnerability advisories Steven M. Christey
Permission problem in Skype BETA for linux Peter Conrad
PHP v4.3.x exploit for Windows. The Warlock
Re: DJB's students release 44 *nix software vulnerability advisories David Eisner
Re: DJB's students release 44 *nix software vulnerability advisories Steven M. Christey
Realone2.0 "pnxr3260.dll" Lets Remote Users IE Browser Crash Wei Li
[ GLSA 200412-23 ] Zwiki: XSS vulnerability Luke Macken
Re: DJB's students release 44 *nix software vulnerability advisories Casper . Dik
RE: DJB's students release 44 *nix software vulnerability advisories Manning, Robert (Mission Systems)
Re: DJB's students release 44 *nix software vulnerability advisories Crispin Cowan
stick with "anonymous" or "authenticated" when describing attacks Jonathan G. Lampe
MDKSA-2004:155 - Updated logcheck packages fix temporary file vulnerability Mandrake Linux Security Team
Webmin BruteForce + Command execution - By Di42lo <DiAblo_2 () 012 net il> amit sides
MDKSA-2004:157 - Updated mplayer packages fix multiple vulnerabilities Mandrake Linux Security Team
Re: DJB's students release 44 *nix software vulnerability advisories Jack Lloyd
2Bgal : 2.4 & 2.5.1 SQL injection Vulnerability zib zib
Security Advisory for ALL forum services with client-set images James Bandara
SUSE Security Announcement: kernel local privilege escalation (SUSE-SA:2004:046) Marcus Meissner
Re: WebWorm using PHPBB vulnerability in the wild! Nick Johnson
Re: DJB's students release 44 *nix software vulnerability advisories sean

Thursday, 23 December

Oracle Trigger Abuse (#NISR2122004I) NGSSoftware Insight Security Research
Oracle clear text passwords (#NISR2122004D) NGSSoftware Insight Security Research
Oracle ISQLPlus file access vulnerability (#NISR2122004E) NGSSoftware Insight Security Research
Oracle Character Conversion Bugs (#NISR2122004G) NGSSoftware Insight Security Research
Oracle extproc buffer overflow (#NISR23122004A) NGSSoftware Insight Security Research
Oracle extproc directory traversal (#NISR23122004B) NGSSoftware Insight Security Research
Oracle extproc local command execution (#NISR23122004C) NGSSoftware Insight Security Research
IBM DB2 generate_distfile buffer overflow vulnerability (#NISR2122004L) NGSSoftware Insight Security Research
Oracle TNS Listener DoS (#NISR2122004F) NGSSoftware Insight Security Research
Oracle wrapped procedure overflow (#NISR2122004J) NGSSoftware Insight Security Research
Oracle multiple PL/SQL injection vulnerabilities (#NISR2122004H) NGSSoftware Insight Security Research
[OpenPKG-SA-2004.055] OpenPKG Security Advisory (gettext) OpenPKG
IBM DB2 rec2xml buffer overflow vulnerability (#NISR2122004J) NGSSoftware Insight Security Research
[SECURITY] [DSA 616-1] New telnetd-ssl packages fix arbitrary code execution Martin Schulze
Microsoft Windows Kernel ANI File Parsing Crash and DOS Vulnerability flashsky fangxing
Microsoft Windows LoadImage API Integer Buffer overflow flashsky fangxing
Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability Moritz Muehlenhoff
SHOUTcast remote format string vulnerability Damian Put
Re: phpBB Worm Alvin Packard
Crystal FTP Pro 2.8 PoC cybertronic
[USN-47-1] Linux kernel vulnerabilities Martin Pitt
Cross Site Scripting In PsychoStats 2.2.4 Beta && Earlier GulfTech Security
Re: phpBB Worm Anders Henke
Re: stick with "anonymous" or "authenticated" when describing Steven M. Christey
Re: Linux kernel scm_send local DoS Pavel Kankovsky
Re: DJB's students release 44 *nix software vulnerability advisories Michal Zalewski
RE: DJB's students release 44 *nix software vulnerability advisories Palmer, Paul (ISSAtlanta)
Re: DJB's students release 44 *nix software vulnerability advisories D. J. Bernstein
Re: Security Advisory for ALL forum services with client-set images Stefan Paletta
Re: DJB's students release 44 *nix software vulnerability advisories Crispin Cowan
Inexcusable weakness in Kmail / GnuPG Thomas C. Greene
Re: [webmin-l] Re: Webmin BruteForce + Command execution - By Di42lo <DiAblo_2 () 012 net il> Jamie Cameron
Re: phpBB Worm William Geoghegan
Re: DJB's students release 44 *nix software vulnerability advisories Crispin Cowan
Microsoft Windows winhlp32.exe Heap Overflow Vulnerability flashsky fangxing
RE: Local versus remote security holes David Brodbeck
RE: Crystal FTP Pro 2.8 PoC cybertronic
[USN-48-1] xpdf, tetex-bin vulnerabilities Martin Pitt
[USN-49-1] debmake vulnerability Martin Pitt
[USN-51-1] teTeX auxiliary script vulnerability Martin Pitt
[USN-52-1] vim vulnerability Martin Pitt
RE: phpBB Worm Ofer Shezaf
[ Security Bulletin ] SSRT4699 rev.0 HP-UX SAM local privilege increase Boren, Rich (SSRT)
WPkontakt message parsing error Jaroslaw Sajko
[Security Bulletin] SSRT4867 rev.0 Netscape Directory Server on HP-UX LDAP remote buffer overflow Boren, Rich (SSRT)
[Security Bulletin] SSRT4876 rev.0 HP Tru64 UNIX SWS (Apache) Secure Web Server Remote Boren, Rich (SSRT)
Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation flashsky fangxing
Re: [Full-Disclosure] Re: Linux kernel scm_send local DoS Valdis . Kletnieks
Re: Security Advisory for ALL forum services with client-set images Tim Jackson
[Security Bulletin] SSRT4883 rev.3 HP-UX ftp and ftpd remote unauthorized access Boren, Rich (SSRT)
[USN-50-1] CUPS vulnerabilities Martin Pitt
Re: phpBB Worm Anders Henke
[Security Bulletin] SSRT4696 rev.0 - HP Tru64 UNIX TCP Stack Remote Denial of Service (DoS) Boren, Rich (SSRT)
Re: Webmin BruteForce + Command execution - By Di42lo <DiAblo_2 () 012 net il> Martin Mewes
Re: possible local exploit via sendmail with procmail on solaris Jeff Damens
raptor's xmas pack 2004 Marco Ivaldi

Friday, 24 December

[SECURITY] [DSA 618-1] New imlib packages fix arbitrary code execution Martin Schulze
[SECURITY] [DSA 617-1] New libtiff packages fix arbitrary code execution Martin Schulze
Re: DJB's students release 44 *nix software vulnerability advisories Crispin Cowan
Re: DJB's students release 44 *nix software vulnerability advisories David Wagner
Re: phpBB Worm steve
Re: [USN-52-1] vim vulnerability Liu Die Yu
STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard advisory
Re: Inexcusable weakness in Kmail / GnuPG Simple Nomad
XSS in yacy 0.31 Donato Ferrante
Final Call for Papers & Workshops - BCS Asia 2005 Anthony.zboralski
Re: phpBB Worm Raymond Dijkxhoorn

Saturday, 25 December

Re: phpBB Worm Zeljko Brajdic
CleanCache v2.19: False Sense of Security WBG Links
New Santy-Worm attacks *all* PHP-skripts Juergen Schmidt
new phpBB worm affects 2.0.11 Herman Sheremetyev
New Winhlp32.exe vuln bad_son
PHPBB worm in action Colin Keith
RE: phpBB Worm Chris Ess
Re: Microsoft Windows LoadImage API Integer Buffer overflow Brett Glass
Re: New Santy-Worm attacks *all* PHP-skripts ( Santy.c ? ) K-OTiK Security
Microsoft Internet Explorer SP2 Fully Automated Remote Compromise Paul

Tuesday, 28 December

Multiple Vulnerabilities in Moodle Bartek Nowotarski
MDKSA-2004:158 - Updated samba packages fix integer overflow vulnerabilities Mandrake Linux Security Team
possible error in latest NGS realplayer advisory Marc Bejarano
Did a 16-bit counter overflow shut down Comair? Richard M. Smith
Multiple WHM Autopilot Vulnerabilities GulfTech Security
Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability Marcus Meissner
Remote code execution with parameters withoutu ser interaction, even with XP SP2 ShredderSub7 SecExpert
[HAT-SQUAD] NetCat Remote Critical Vulnerability, Poc included Hat-Squad Security Team
Netcat v1.11 For Windows , New fixed version Hat-Squad Security Team
XSA-2004-7: stack overflow in AIFF demultiplexer Michael Roitzsch
Re: [HAT-SQUAD] NetCat Remote Critical Vulnerability, Poc included Chris Wysopal
KDE Security Advisory: kpdf Buffer Overflow Vulnerability Dirk Mueller
Re: Microsoft Windows LoadImage API IntegerBuffer overflow Berend-Jan Wever

Wednesday, 29 December

php-Calendar File Include Vulnerability [ Command Exec ] GulfTech Security
QNX crrtrap arbitrary file read/write vulnerability [RLSA_06-2004] Julio Cesar Fort
Sanity Worm Concepts Andy Fewtrell
Re: Did a 16-bit counter overflow shut down Comair? Mike Nice
Re: Did a 16-bit counter overflow shut down Comair? Avleen Vig
[CLA-2004:909] Conectiva Security Announcement - netpbm Conectiva Updates
[ GLSA 200412-25 ] CUPS: Multiple vulnerabilities Thierry Carrez
[ GLSA 200412-26 ] ViewCVS: Information leak and XSS vulnerabilities Thierry Carrez
[ GLSA 200412-24 ] Xpdf, GPdf: New integer overflows Thierry Carrez
Heap overflow in Mozilla Browser <= 1.7.3 NNTP code. Maurycy Prodeus

Thursday, 30 December

[SECURITY] [DSA 620-1] New perl packages fix several vulnerabilities Martin Schulze
MDKSA-2004:160 - Updated kdelibs packages fix konqueror email vulnerability Mandrake Linux Security Team
MDKSA-2004:161 - Updated xpdf packages fix buffer overflow vulnerability Mandrake Linux Security Team
KorWeblog php injection Vulnerability Min-sung Choi
NetCat V 1.11 Multiple Bugs CorryL
[SECURITY] [DSA 619-1] New xpdf packages fix arbitrary code execution Martin Schulze
MDKSA-2004:164 - Updated cups packages fix buffer overflow vulnerability Mandrake Linux Security Team
MDKSA-2004:159 - Updated glibc packages fix temporary file vulnerability Mandrake Linux Security Team
Strange Java Loader duffbeer
MDKSA-2004:163 - Updated kdegraphics packages fix buffer overflow vulnerability Mandrake Linux Security Team
MDKSA-2004:165 - Updated koffice packages fix multiple vulnerabilities Mandrake Linux Security Team
Re: Strange Java Loader (not so strange - Trojan.ByteVerify) K-OTiK Security
MDKSA-2004:162 - Updated gpdf packages fix buffer overflow vulnerability Mandrake Linux Security Team
Re: Multiple Vulnerabilities in Moodle Martin Dougiamas
Re: Sanity Worm Concepts Paul Laudanski
MDKSA-2004:166 - Updated tetex packages fix multiple vulnerabilities Mandrake Linux Security Team

Friday, 31 December

SQL Injection Vulnerability In IBProArcade mike bailey
[EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC houseofdabus HOD
ArGoSoft FTP Server reveals valid usernames and allows for brute force attacks steven
Re: [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC Alberto Garcia Hierro
[SECURITY] [DSA 621-1] New CUPS packages fix arbitrary code execution Martin Schulze
Cross Site Scripting DOS (Zyxel B-420 Ethernet Bridge) beniwiedmer
WHM AutoPilot Security Release [ Plus Upgrade Instructions ] GulfTech Security
Re: [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC Steve Friedl
PreviousPrevious period
Next periodNext