Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
402 messages
starting Nov 01 04 and
ending Nov 30 04
Date index |
Thread index |
Author index
Monday, 01 November
New Whitepaper - "Second-order Code Injection Attacks" Gunter Ollmann
[SECURITY] [DSA 578-1] New mpg123 packages fix arbitrary code execution Martin Schulze
Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33? Anton R Ivanov
XDICT Buffer OverRun Vulnerability,funny :-) Sowhat .
[SECURITY] [DSA 579-1] New abiword packages fix arbitrary code execution Martin Schulze
Re: Critical Vulnerability in Altiris Deployment Server architecture Brian Gallagher
p h i s h i n g p h o r p h u n p h o r p h u q u e s a k e http-equiv () excite com
[ GLSA 200411-01 ] ppp: Remote denial of service vulnerability Luke Macken
[USN-13-1] groff utility vulnerability Martin Pitt
[USN-10-1] XML library vulnerabilities Martin Pitt
[USN-14-1] xpdf vulnerabilities Martin Pitt
[SECURITY] [DSA 580-1] New iptables packages fix modprobe failure Martin Schulze
[OpenPKG-SA-2004.045] OpenPKG Security Advisory (mysql) OpenPKG
TSLSA-2004-0055 - multi Trustix Security Advisor
[OpenPKG-SA-2004.050] OpenPKG Security Advisory (libxml) OpenPKG
[OpenPKG-SA-2004.049] OpenPKG Security Advisory (gd) OpenPKG
Internet Explorer HTML Help Control ActiveX Cross Domain/Zone Scripting Vulnerabilities roozbeh afrasiabi
Safari vulnerable to URL spoofing Gilbert Verdian
[ GLSA 200411-02 ] Cherokee: Format string vulnerability Sune Kloppenborg Jeppesen
Tuesday, 02 November
[CLA-2004:881] Conectiva Security Announcement - rsync Conectiva Updates
Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33? Henning Brauer
[USN-15-1] lvm10 vulnerability Martin Pitt
[ GLSA 200411-03 ] Apache 1.3: Buffer overflow vulnerability in mod_include Matthias Geerdsen
Medium Risk Vulnerability in WinRAR NGSSoftware Insight Security Research
[SECURITY] [DSA 581-1] New xpdf packages fix arbitrary code execution Martin Schulze
[ GLSA 200411-04 ] Speedtouch USB driver: Privilege escalation vulnerability Luke Macken
Exploiting default exception handler to increase exploit stability on win32 tal zeltzer
Cisco Security Advisory: Vulnerability in Cisco Secure Access Control Server EAP-TLS Authentication Cisco Systems Product Security Incident Response Team
zlib 1.2.2 released Mark Adler
Re: [ GLSA 200411-01 ] ppp: Remote denial of service vulnerability Paul Mackerras
MDKSA-2004:117 - Updated gaim packages fix vulnerability Mandrake Linux Security Team
MDKSA-2004:118 - Updated perl-Archive-Zip packages fix vulnerability Mandrake Linux Security Team
MDKSA-2004:119 - Updated MySQL packages fix multiple vulnerabilities Mandrake Linux Security Team
MDKSA-2004:120 - Updated mpg123 packages fix vulnerability Mandrake Linux Security Team
MDKSA-2004:121 - Updated netatalk packages fix temporary file vulnerability Mandrake Linux Security Team
MDKSA-2004:122 - Updated mod_ssl packages fix information disclosure vulnerability Mandrake Linux Security Team
MDKSA-2004:123 - Updated perl-MIME-tools packages fix vulnerability Mandrake Linux Security Team
Re: New Whitepaper - "Second-order Code Injection Attacks" Crispin Cowan
zlib 1.2.2 released Mark Adler
MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) (fwd) Michal Zalewski
Re: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) morning_wood
Rv: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) Elia Florio
[SECURITY] [DSA 582-1] New libxml packages fix arbitrary code execution Martin Schulze
Re: debian dhcpd, old format string bug Javier Fernandez-Sanguino
Re: New Whitepaper - "Second-order Code Injection Attacks" Jeff Williams
Multiple Vulnerabilities in Web Forums Server R00tCr4ck
Microsoft ISA Server Authentication Bypassing Jérôme
URL spoofing bug (with iframes) in Microsoft Internet Explorer (11/02/2004) Benjamin Tobias Franz
[Hat-Squad] SQL injection and XSS Vulnerabilities in HELM Hat-Squad Security Team
RE: New Whitepaper - "Second-order Code Injection Attacks" Gunter Ollmann (NGS)
Wednesday, 03 November
Re: New Whitepaper - "Second-order Code Injection Attacks" Nicolas Gregoire
[CLA-2004:882] Conectiva Security Announcement - squid Conectiva Updates
[USN-16-1] perl vulnerabilities Martin Pitt
[SECURITY] [DSA 583-1] New lvm10 packages fix insecure temporary directory Martin Schulze
[ GLSA 200411-06 ] MIME-tools: Virus detection evasion Thierry Carrez
[ GLSA 200411-05 ] libxml2: Remotely exploitable buffer overflow Thierry Carrez
[ GLSA 200411-07 ] Proxytunnel: Format string vulnerability Thierry Carrez
ERRATA: [ GLSA 200411-01 ] ppp: No denial of service vulnerability Luke Macken
Thursday, 04 November
[CLA-2004:885] Conectiva Security Announcement - apache Conectiva Updates
[CLA-2004:884] Conectiva Security Announcement - gaim Conectiva Updates
[HV-MED] Zip/Linux long path buffer overflow vuln
[CLA-2004:883] Conectiva Security Announcement - subversion Conectiva Updates
[SECURITY] [DSA 584-1] New dhcp packages fix format string vulnerability Martin Schulze
SSC Advisory TSA-052 (Callwave.com) Secure Science Corporation Advisory Notice
[ GLSA 200411-09 ] shadow: Unauthorized modification of account information Matthias Geerdsen
SSC Advisory TSA-052 (Callwave.com) Secure Science Corporation Advisory Notice
[ GLSA 200411-08 ] GD: Integer overflow Thierry Carrez
Re: [ GLSA 200411-09 ] shadow: Unauthorized modification of account information Solar Designer
MDKSA-2004:124 - Updated xorg-x11 packages fix libXpm overflow vulnerabilities Mandrake Linux Security Team
Friday, 05 November
MDKSA-2004:125 - Updated iptables packages fix vulnerability Mandrake Linux Security Team
MDKSA-2004:126 - Updated shadow-utils packages fix security bypass vulnerability Mandrake Linux Security Team
MDKSA-2004:127 - Updated libxml and libxml2 packages fix multiple vulnerabilities Mandrake Linux Security Team
RE: New Whitepaper - "Second-order Code Injection Attacks" Gunter Ollmann (NGS)
Re: debian dhcpd, old format string bug Martin Schulze
Multiple vulnerabilities in Icewarp Web Mail 5.2.8 : New face of old problems. ShineShadow
[USN-18-1] zip vulnerability Martin Pitt
FW: Hacker Group back again, this time claiming to have source code to Cisco PIX firewall Graham, Brian
Re: [Full-Disclosure] [HV-MED] Zip/Linux long path buffer overflow Martin Pitt
TSLSA-2004-0056 - apache Trustix Security Advisor
[FLSA-2004:2076] Updated foomatic package fixes security vulnerability Marc Deslauriers
[USN-17-1] passwd vulnerability Martin Pitt
SSC Advisory TSA-053 (Ureach.com) Secure Science Corporation Advisory Notice
Re: [Full-Disclosure] [HV-MED] Zip/Linux long path buffer overflow Josh Bressers
In-game format string bug in the Lithtech engine Luigi Auriemma
Making distinctions between similar-looking vulnerabilities Steven M. Christey
[SECURITY] [DSA 585-1] New shadow packages fix unintended behaviour Martin Schulze
Saturday, 06 November
UPDATE: [ GLSA 200410-20 ] Xpdf, CUPS: Multiple integer overflows Thierry Carrez
UPDATE: [ GLSA 200410-30 ] GPdf, KPDF, KOffice: Vulnerabilities in included xpdf Thierry Carrez
[ GLSA 200411-10 ] Gallery: Cross-site scripting vulnerability Luke Macken
Resources consumption in 602 Lan Suite 2004.0.04.0909 Luigi Auriemma
[ GLSA 200411-11 ] ImageMagick: EXIF buffer overflow Sune Kloppenborg Jeppesen
[USN-19-1] squid vulnerabilities Martin Pitt
Monday, 08 November
Re: [Full-Disclosure] MSIE src&name property disclosure Michal Zalewski
[SECURITY] [DSA 587-1] New freeam packages fix arbitrary code execution Martin Schulze
[ GLSA 200411-13 ] Portage, Gentoolkit: Temporary file vulnerabilities Sune Kloppenborg Jeppesen
MSIE src&name property disclosure Berend-Jan Wever
[SECURITY] CAN-2004-0930: Potential Remote Denial of Service Vulnerability in Samba 3.0.x <= 3.0.7 Gerald (Jerry) Carter
DOS against Java JNDI/DNS Kurt Huwig
Microsoft Internet Explorer permits to examine the existence of local files Benjamin Tobias Franz
[SECURITY] [DSA 588-1] New gzip packages fix insecure temporary files Martin Schulze
Re: [Full-Disclosure] MSIE src&name property disclosure Dave Aitel
Offline WPA-PSK auditing tool (coWPAtty) Joshua Wright
Re: [Full-Disclosure] MSIE src&name property disclosure Paul Schmehl
Re: [Full-Disclosure] MSIE src&name property disclosure Michal Zalewski
[ GLSA 200411-15 ] OpenSSL, Groff: Insecure tempfile handling Thierry Carrez
up-imapproxy DoS vulnerabilities Timo Sirainen
[ GLSA 200411-12 ] zgv: Multiple buffer overflows Luke Macken
[ GLSA 200411-14 ] Kaffeine, gxine: Remotely exploitable buffer overflow Luke Macken
[HV-LOW] Symantec LiveUpdate issues may cause DoS vuln
[SECURITY] [DSA 586-1] New ruby packages fix denial of service Martin Schulze
Re: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) Menashe Eliezer
[CLA-2004:888] Conectiva Security Announcement - libtiff3 Conectiva Updates
Tuesday, 09 November
[CLA-2004:886] Conectiva Security Announcement - xpdf Conectiva Updates
MDKSA-2004:128 - Updated ruby packages fix remote DoS vulnerability Mandrake Linux Security Team
Evidence Mounts that the Vote Was Hacked Atom 'Smasher'
BoF in Windows 2000: ddeshare.exe Jack C
Vulnerabilities in JAF CMS y3dips
[SECURITY] [DSA 590-1] New gnats packages fix arbitrary code execution Martin Schulze
Re: New URL spoofing bug in Microsoft Internet Explorer roozbeh afrasiabi
[USN-20-1] Ruby CGI module vulnerability Martin Pitt
Re: [HV-LOW] Symantec LiveUpdate issues may cause DoS secure
Re: BoF in Windows 2000: ddeshare.exe Berend-Jan Wever
Security Contact for T-Mobile? Jake Appelbaum
[SECURITY] [DSA 589-1] New libgd1 packages fix arbitrary code execution Martin Schulze
Re: Update: Web browsers - a mini-farce (MSIE gives in) Heikki Kortti
[SECURITY] [DSA 591-1] New libgd2 packages fix arbitrary code execution Martin Schulze
EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service Marc Maiffret
[ GLSA 200411-17 ] mtink: Insecure tempfile handling Sune Kloppenborg Jeppesen
Re: Evidence Mounts that the Vote Was Hacked Jay D. Dyson
Re: BoF in Windows 2000: ddeshare.exe Valdis . Kletnieks
[ GLSA 200411-16 ] zip: Path name buffer overflow Sune Kloppenborg Jeppesen
Wednesday, 10 November
Linux ELF loader vulnerabilities Paul Starzetz
Multiple Vulnerabilities in WebCalendar Joxean Koret
[SquirrelMail Security Advisory] Cross Site Scripting in encoded text Jonathan Angliss
Nortel Networks Contivity VPN Client information leakage vulnerability Network Intelligence (I) Pvt. Ltd.
BNC 2.8.9 remote buffer overflow LSS Security
Cisco Security Advisory: Cisco IOS DHCP Blocked Interface Denial-of-Service Cisco Systems Product Security Incident Response Team
Re: BoF in Windows 2000: ddeshare.exe J. S. Connell
Re: Evidence Mounts that the Vote Was Hacked Jay D. Dyson
Security Contact Info for IPSWITCH Tom
Re: Evidence Mounts that the Vote Was Hacked Jei
Unsecure Ftpd on HP PSC 2510 Printer Justin Rush
04WebServer Three Vulnerabilities Jérôme
Re: Nortel Networks Contivity VPN Client information leakage vulnerability Quincy Jackson
Re: Evidence Mounts that the Vote Was Hacked bkfsec
Hotfoon Ver 4.0 Highv Risk saudi linux
Re: Evidence Mounts that the Vote Was Hacked Atom 'Smasher'
Re: Evidence Mounts that the Vote Was Hacked Rick Crelia
Re: Evidence Mounts that the Vote Was Hacked Peter Conrad
Thursday, 11 November
Re: Linux ELF loader vulnerabilities Ted Percival
SQL injection in vBulletin forums (last10.php) Dr. Death
Cisco Security Advisory: Crafted Timed Attack Evades Cisco Security Agent Protections Cisco Systems Product Security Incident Response Team
[CLA-2004:889] Conectiva Security Announcement - sasl2 Conectiva Updates
Re: [Full-Disclosure] Re: Linux ELF loader vulnerabilities Jirka Kosina
[ GLSA 200411-20 ] ez-ipupdate: Format string vulnerability Sune Kloppenborg Jeppesen
Zone Labs IMsecure Active Link Filter Bypass Kurczaba Associates advisories
[ GLSA 200411-19 ] Pavuk: Multiple buffer overflows Luke Macken
[waraxe-2004-SA#037 - Sql injection bug in Phorum 5.0.12 and older versions] Janek Vind
[ GLSA 200411-18 ] Apache 2.0: Denial of Service by memory consumption Matthias Geerdsen
Re: New URL spoofing bug in Microsoft Internet Explorer http-equiv () excite com
[ GLSA 200411-22 ] Davfs2, lvm-user: Insecure tempfile handling Sune Kloppenborg Jeppesen
[USN-21-1] libgd vulnerabilities Martin Pitt
security hole (http response splitting) in phpwebsite Maestro De-Seguridad
[USN-22-1] samba vulnerability Martin Pitt
RE: Norton AntiVirus Script Blocking Exploit -- Symantec's response Daniel Milisic
RE: Evidence Mounts that the Vote Was Hacked David Hayden
Re: Evidence Mounts that the Vote Was Hacked Jake Appelbaum
Re: Linux ELF loader vulnerabilities Pavel Kankovsky
Contact in HP related to OpenView / Coda Noam Rathaus
Friday, 12 November
Re: Unsecure Ftpd on HP PSC 2510 Printer Lawrence MacIntyre
Unofficial Internet Explorer FRAME/IFRAME fix Thomas Rogg
[ GLSA 200411-21 ] Samba: Remote Denial of Service Matthias Geerdsen
[USN-23-1] apache2 vulnerability Martin Pitt
[USN-24-1] openssl script vulnerability Martin Pitt
Security flaw in ALCATEL/THOMSON Speed Touch Pro ADSL modems Gregory Duchemin
[SECURITY] [DSA 592-1] New ez-ipupdate packages fix format string vulnerability Martin Schulze
Re: Linux ELF loader vulnerabilities Jirka Kosina
Vulnerability not with vBulletin Kier Darby
Re: Unsecure Ftpd on HP PSC 2510 Printer KF_lists
Re: Unsecure Ftpd on HP PSC 2510 Printer Lawrence MacIntyre
Re: Unsecure Ftpd on HP PSC 2510 Printer KF_lists
Re: Unsecure Ftpd on HP PSC 2510 Printer Lawrence MacIntyre
Sudo version 1.6.8p2 now available (fwd) je
Crash in Secure Network Messenger 1.4.2 Luigi Auriemma
SQL Injection in phpBT (bug.php) jessica soules
phpBB Code EXEC (v2.0.10) jessica soules
Saturday, 13 November
Eudora 6.2 attachment spoof Paul Szabo
TWiki search function allows arbitrary shell command execution Hans Ulrich Niedermann
IPSwitch-IMail-8.13 Stack Overflow in the DELETE Command Jérôme
SQL Injection in phpBT (bug.php - Add) Jérôme
SQL Injection in phpBT (bug.php) add project jessica soules
Multiple XSS holes in TheFaceBook Alex Lanstein
Re: Security flaw in ALCATEL/THOMSON Speed Touch Pro ADSL modems 3APA3A
Re: Security flaw in ALCATEL/THOMSON Speed Touch Pro ADSL modems Gregory Duchemin
Monday, 15 November
Format string bug in Army Men RTS Luigi Auriemma
[SNS Advisory No.79] A Possibility of Cookie Overwrite in Microsoft Internet Explorer Jérôme
Multiple vulnerabilities in Hired Team: Trial (Shine engine) Luigi Auriemma
Re: 04WebServer Three Vulnerabilities chewkeong
Advisory 13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow Stefan Esser
XSS in TheFaceBook round 2 Alex Lanstein
iDEFENSE Security Advisory 11.15.04: Multiple Security Vulnerabilities in Fcron customer service mailbox
SUSE Security Announcement: samba (SUSE-SA:2004:040) Marcus Meissner
[SAMBA] CAN-2004-0882: Possiebl Buffer Overrun in smbd Gerald (Jerry) Carter
[USN-25-1] libgd2 vulnerability Martin Pitt
Re: Crash in Secure Network Messenger 1.4.2 r`Futile
Google Desktop Search ignores Preferences Elliott Bäck
Tuesday, 16 November
Skype callto:// BoF technical details Berend-Jan Wever
Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution Florian Weimer
[SECURITY] [DSA 593-1] New imagemagick packages fix arbitrary code execution Martin Schulze
[ GLSA 200411-24 ] BNC: Buffer overflow vulnerability Sune Kloppenborg Jeppesen
Flaws in SP2 security features, part II Juergen Schmidt
TSLSA-2004-0058 - multi Trustix Security Advisor
[waraxe-2004-SA#038 - Multiple vulnerabilities in Event Calendar module for PhpNuke] Janek Vind
Re: New URL spoofing bug in Microsoft Internet Explorer q q
Re: Skype callto:// BoF technical details Fabian Becker
Airport x-ray software creating images of phantom weapons? Jason Coombs
Re: Skype callto:// BoF technical details Berend-Jan Wever
[ GLSA 200411-23 ] Ruby: Denial of Service issue Thierry Carrez
Wednesday, 17 November
[SECURITY] [DSA 594-1] New Apache packages fix arbitrary code execution Martin Schulze
[ GLSA 200411-25 ] SquirrelMail: Encoded text XSS vulnerability Sune Kloppenborg Jeppesen
Re: New URL spoofing bug in Microsoft Internet Explorer GuidoZ
SUSE Security Announcement: xshared, XFree86-libs, xorg-x11-libs (SUSE-SA:2004:041) Thomas Biege
MDKSA-2004:135 - Updated apache2 packages fix request DoS Mandrake Linux Security Team
Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities Stefan Esser
[USN-26-1] bogofilter vulnerability Martin Pitt
[USN-27-1] libxpm4 vulnerability Martin Pitt
MDKSA-2004:132 - Updated gd packages fix integer overflows Mandrake Linux Security Team
[USN-28-1] sudo vulnerability Martin Pitt
MDKSA-2004:134 - Updated apache packages fix buffer overflow in mod_include Mandrake Linux Security Team
RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch. rexolab
[ GLSA 200411-26 ] GIMPS, SETI@home, ChessBrain: Insecure installation Sune Kloppenborg Jeppesen
MDKSA-2004:133 - Updated sudo packages fix vulnerability Mandrake Linux Security Team
RE: New URL spoofing bug in Microsoft Internet Explorer Michael Silk
Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.) Jerome ATHIAS
Thursday, 18 November
Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch. Hans-Bernhard Broeker
FreeBSD Security Advisory FreeBSD-SA-04:16.fetch FreeBSD Security Advisories
[CLA-2004:890] Conectiva Security Announcement - libxml2 Conectiva Updates
EXEC exploit in phpBB - fix Paul S. Owen
[CLA-2004:892] Conectiva Security Announcement - MySQL Conectiva Updates
[MaxPatrol] SQL-injection in Invision Power Board 2.x Alexander Anisimov
AppServ 2.5.x and Prior Exploit saudi linux
Re: Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.) Rafael San Miguel Carrasco
Buffer overlow in DMS POP3 Server for Windows 2000/XP 1.5.3 build 37 and prior versions. Reed Arvin
[USN-29-1] samba vulnerability Martin Pitt
Re: Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.) Robert Hetzler
[ GLSA 200411-27 ] Fcron: Multiple vulnerabilities Luke Macken
[USN-30-1] Linux kernel vulnerabilities Martin Pitt
RE: EXEC exploit in phpBB - fix Ron Brinker
A Brief Analysis of Bofra/MyDoom.AG/AH Bryan Burns
Friday, 19 November
Apache 2.0.52 DoS Exploit v2 Daniel Guido
Inofficial updates to 758884/NISCC/DNS Roy Arends
Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch. rexolab
Privilege escalation in Mailtraq Version 2.6.1.1677. Reed Arvin
SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit Jérôme ATHIAS
Corsaire Security Advisory - Danware NetOp Host multiple information disclosure issues advisories
Zone Labs Ad-Blocking Instability Nicolas Robillard
Zone Labs Security Advisory: Ad-Blocking Instability Zone Labs Product Security
Java Vulnerabilities in Opera 7.54 Marc Schoenefeld
EXEC exploit in phpBB - new release Paul S. Owen
Privilege escalation flaw in AClient Service for Windows (Version 5.6.181). Reed Arvin
MDKSA-2004:136 - Updated samba packages fix remote vulnerability Mandrake Linux Security Team
SecurityForest - Public Release #1 loni
FreeBSD Security Advisory FreeBSD-SA-04:16.fetch security-advisories
Corsaire Security Advisory - Netopia Timbuktu remote buffer overflow issue advisories
Addendum, recent Linux <= 2.4.27 vulnerabilities Paul Starzetz
[ GLSA 200411-28 ] X.Org, XFree86: libXpm vulnerabilities Thierry Carrez
Microsoft Internet Explorer 6 SP2 Vulnerabilities / Full disclosure Vs. Security by Obscurity... K-OTiK Security
[ GLSA 200411-29 ] unarj: Long filenames buffer overflow and a path traversal vulnerability Thierry Carrez
TWiki exploit (search.pm / CAN-2004-1037) Roman Medina-Heigl Hernandez
Saturday, 20 November
Re: SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit security curmudgeon
IpbProArace 2.5.x SQL injection. axl daivy
[ECL] WCI TC-IDE embedded linux vulnerabilities ECL team
Re: SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit Jerome ATHIAS
Monday, 22 November
CoffeeCup FTP Clients Buffer Overflow Vulnerability Komrade
TSLSA-2004-0061 - multi Trustix Security Advisor
WeOnlyDo! COM Ftp DELUXE ActiveX Control Buffer Overflow Vulnerability Komrade
Changes to the filesystem while find is running - comments? James Youngman
Broadcast client crash in Halo 1.05 Luigi Auriemma
GFHost PHP GMail remote command execution exploit that achieves webserver id privileges Jerome ATHIAS
Re: Changes to the filesystem while find is running - comments? Dmitry V. Levin
Router ZyXEL Prestige 650 HW http remote admin. José
PHPKIT SQL Injection, XSS Steve
iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrary Package Access Vulnerability customer service mailbox
[SIG^2 G-TEC] Prevx Home v1.0 Instrusion Prevention Features Can Be Disabled by Direct Service Table Restoration chewkeong
Re: Changes to the filesystem while find is running - comments? Martin Buchholz
Tuesday, 23 November
Hardware support for XP SP2 DEP not enabled by default ? Nicolas RUFF
Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities Stefan Esser
Winamp - Buffer Overflow In IN_CDDA.dll Brett Moore
MDKSA-2004:137 - Updated libxpm4 packages fix libXpm vulnerabilities Mandrake Linux Security Team
Re: Changes to the filesystem while find is running - comments? Martin Buchholz
[ GLSA 200411-30 ] pdftohtml: Vulnerabilities in included Xpdf Thierry Carrez
Fotolog.net cross-site scripting vulnerabilities [RLSA_05-2004] Jerome ATHIAS
[ GLSA 200411-31 ] ProZilla: Multiple vulnerabilities Thierry Carrez
Re: Changes to the filesystem while find is running - comments? Paul Szabo
echalk vuln kevin anonymous
IPFront - Release Hernan Racciatti
RE: iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrar y Package Access Vulnerability Sherlock, Nathan
Re: Changes to the filesystem while find is running - comments? James Youngman
Re: Changes to the filesystem while find is running - comments? James Youngman
MDKSA-2004:137 - Updated libxpm4 packages fix libXpm vulnerabilities Mandrake Linux Security Team
Broadcast memory corruption in Soldier of Fortune II 1.03 Luigi Auriemma
Re: Changes to the filesystem while find is running - comments? Paul Szabo
Re: Changes to the filesystem while find is running - comments? Paul Szabo
Re: Changes to the filesystem while find is running - comments? Martin Buchholz
RE: iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrar y Package Access Vulnerability Randal, Phil
Sun Java Plugin arbitrary package access vulnerability Jouko Pynnonen
Re: Changes to the filesystem while find is running - comments? Martin Buchholz
[CLA-2004:894] Conectiva Security Announcement - shadow-utils Conectiva Updates
Re: Changes to the filesystem while find is running - comments? James Youngman
Re: Sun Java Plugin arbitrary package access vulnerability Ken S
Windows Mobile Pocket PC Security kers0r
Incorrect reporting of the Bofra/The Register exploit matt
Re: Router ZyXEL Prestige 650 HW http remote admin. Hugo van der Kooij
MDKSA-2004:138 - Updated XFree86 packages fix libXpm vulnerabilities Mandrake Linux Security Team
Re: Changes to the filesystem while find is running - comments? James Youngman
Wednesday, 24 November
MDKSA-2004:138 - Updated XFree86 packages fix libXpm vulnerabilities Mandrake Linux Security Team
SecureCRT - Remote Command Execution Brett Moore
[CLA-2004:896] Conectiva Security Announcement - bugzilla Conectiva Updates
Re: [SIG^2 G-TEC] Prevx Home v1.0 Instrusion Prevention Features Can Be Disabled by Direct Service Table Restoration dullien
STG Security Advisory: [SSA-20041122-10] KorWeblog directory traversal vulnerability advisory
Re: Incorrect reporting of the Bofra/The Register exploit Florian Laws
[SECURITY] [DSA 596-1] New sudo packages fix privilege escalation Martin Schulze
[SECURITY] [DSA 596-2] New sudo packages removes debug output Martin Schulze
Re: Changes to the filesystem while find is running - comments? Martin Buchholz
Re: Changes to the filesystem while find is running - comments? Casper . Dik
Limited buffer-overflow and arbitrary memory access in Star Wars Battlefront 1.11 Luigi Auriemma
[SECURITY] [DSA 595-1] New bnc packages arbitrary code execution Martin Schulze
STG Security Advisory: [SSA-20041122-09] cscope insecure temp file creation vulnerability advisory
[USN-31-1] cyrus21-imapd vulnerabilities Martin Pitt
Re: Changes to the filesystem while find is running - comments? devnull
Re: Router ZyXEL Prestige 650 HW http remote admin. Steve Clement
STG Security Advisory: [SSA-20041122-11] JSPWiki XSS vulnerability advisory
Re: Changes to the filesystem while find is running - comments? Casper . Dik
Prozilla Remote Exploit Serkan Akpolat
[ GLSA 200411-33 ] TWiki: Arbitrary command execution Sune Kloppenborg Jeppesen
Thursday, 25 November
[SIG^2 G-TEC] CMailServer WebMail v5.2 Multiple Vulnerabilities chewkeong
Re: [SIG^2 G-TEC] Prevx Home v1.0 Instrusion Prevention Features Can Be Disabled by Direct Service Table Restoration Ralph Harvey
STG Security Advisory: [SSA-20041122-12] Zwiki XSS vulnerability advisory
Re: Router ZyXEL Prestige 650 HW http remote admin. Laurent Papier
Re: Changes to the filesystem while find is running - comments? James Youngman
XSS in Brazilian Insite products Carlos Ulver
Re: Sun Java Plugin arbitrary package access vulnerability Ken S
MSIE flaws: nested array sort() loop Stack overflow exception Berend-Jan Wever
[SECURITY] [DSA 598-1] New yardradius packages fix arbitrary code execution Martin Schulze
FIREFOX flaws: nested array sort() loop Stack overflow exception Berend-Jan Wever
Atari800 - local root. Adam Zabrocki
[ GLSA 200411-34 ] Cyrus IMAP Server: Multiple remote vulnerabilities Thierry Carrez
[USN-32-1] mysql vulnerabilities Martin Pitt
EZshopper is still vulnerable against Directory Traversal. Zero_X www . lobnan . de Team
Re: [Full-Disclosure] Re: Sun Java Plugin arbitrary package access vulnerability Exchange
Re: Liferay Cross Site Scripting Flaw michael young
Re: Sun Java Plugin arbitrary package access vulnerability Peter Greenwood
Re: Sun Java Plugin arbitrary package access vulnerability Alla Bezroutchko
Remote buffer overflow in MailEnable IMAP service [Hat-Squad Advisory] Jerome ATHIAS
Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception Heikki Toivonen
Rumours about Opera Marc Schoenefeld
Friday, 26 November
[SECURITY] [DSA 599-1] New tetex-bin packages fix arbitrary code execution Martin Schulze
[ GLSA 200411-32 ] phpBB: Remote command execution Sune Kloppenborg Jeppesen
Jabberd2.x remote BuffJabberd2.x remote Buffer Overflowser Overflows icbm
Buffer Overflow in Open Dc Hub 0.7.14 Donato Ferrante
[CLA-2004:899] Conectiva Security Announcement - samba Conectiva Updates
[SECURITY] [DSA 597-1] New cyrus-imapd packages fix arbitrary code execution Martin Schulze
Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched] Brett Moore
Saturday, 27 November
MDKSA-2004:139 - Updated cyrus-imapd packages fix multiple vulnerabilities Mandrake Linux Security Team
MDKSA-2004:140 - Updated a2ps packages fix vulnerability Mandrake Linux Security Team
MDKSA-2004:141 - Updated zip packages fix vulnerability Mandrake Linux Security Team
Re: MSIE flaws: nested array sort() loop Stack overflow exception isno
RE: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched] alex cottle
Re: Atari800 - local root. (fwd) Petr Stehlik
Re: STG Security Advisory: [SSA-20041122-12] Zwiki XSS vulnerability Chris Withers
phpCMS <= 1.2.1 Xss Vulnerability, Information disclosure Cyrille Barthelemy
php 4.3.7 memory limit POC exploit Gyan chawdhary
FluxBox crash vulnerability Quith
PnTresMailer code browser 6.03 Vulnerabilities John Cobb
Phpbb id: 10701 update and Attachmodule add-on Directory Traversal zee
Re: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched] K-OTiK Security
Java version downgrading proof-of-concept auto333584
Immunity, Inc Advisor Nicolas Waisman
[ GLSA 200411-35 ] phpWebSite: HTTP response splitting vulnerability Matthias Geerdsen
[CLA-2004:900] Conectiva Security Announcement - sun-jre Conectiva Updates
[ GLSA 200411-36 ] phpMyAdmin: Multiple XSS vulnerabilities Luke Macken
Setiri + Invisible browsers != browsers Haroon Meer
Sunday, 28 November
Microsoft Help ActiveX Control Related Topics Local Content Accessing Vulnerability Paul
Monday, 29 November
[OpenPKG-SA-2004.051] OpenPKG Security Advisory (imapd) OpenPKG
Macromedia provided wrong "Solution" in mpsb02-08 Liu Die Yu
ncpfs buffer overflow Karol Więsek
[SECURITY] [DSA 601-1] New libgd1 packages fix arbitrary code execution Martin Schulze
Buffer-overflow in Orbz 2.10 Luigi Auriemma
Multiple buffer overlows in WS_FTP Server Version 5.03, 2004.10.14. Reed Arvin
[ GLSA 200411-38 ] Sun and Blackdown Java: Applet privilege escalation Sune Kloppenborg Jeppesen
Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038 Liu Die Yu
[SECURITY] [DSA 602-1] New libgd2 packages fix arbitrary code execution Martin Schulze
Privilege escalation flaw in MDaemon 7.2. Reed Arvin
Password Disclosure for SMB Shares in KDE's Konqueror Daniel Fabian
TSL-2004-0063 - multi Trustix Security Advisor
Tuesday, 30 November
Players overflow in Serious engine UDP (was Alpha Black Zero, 29 Sep 2004) Luigi Auriemma
Linux Netwosix NEPOTE Updated! Vincenzo Ciaglia
[SHK-001]Payflow Link Default Config may lead to Hidden Field Modification M. Shirk
MDKSA-2004:137-1 - Updated libxpm4 packages correct issues with previous update Mandrake Linux Security Team
Re: Privilege escalation flaw in MDaemon 7.2. kf_lists
CuteFTP 6.0 Professional Remote Buffer Overflow Vulnerability Hongzhen Zhou
Endless loops in the http-server and pna-proxy modules of Jana server 2.4.4 Luigi Auriemma