Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
516 messages
starting Apr 14 05 and
ending Apr 13 05
Date index |
Thread index |
Author index
3APA3A
Internet Explorer wininet.dll URL parsing memory corruption technical details 3APA3A (Apr 14)
Adam Back
Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability Adam Back (Apr 07)
Adam Baldwin
Neslo Desktop Rover Remote DoS Vulnerability Adam Baldwin (Apr 20)
Adam n30n Simuntis
artmedic_links5 remote file access exploit Adam n30n Simuntis (Apr 23)
admin
WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability (24.04.05) admin (Apr 25)
Alexander Kornbrust
File appending vulnerability in Oracle Webcache 9i Alexander Kornbrust (Apr 28)
Cross Site Scripting in BEA Admin Console Alexander Kornbrust (Apr 28)
Webcache Client Requests Bypass OHS mod_access Restrictions Alexander Kornbrust (Apr 28)
Cross Site Scripting in Oracle Webcache 9i Adminstrator Application Alexander Kornbrust (Apr 28)
Alex Garrett
APG Classmaster Workstation Windows SMB share access vulnerability Alex Garrett (Apr 21)
Allen Parker
Re: Capital One's website inadvertently assists phishing Allen Parker (Apr 20)
Amit Klein (AKsecurity)
Re: HTTP RESPONSE SPLITTING by Diabolic Crab Amit Klein (AKsecurity) (Apr 18)
Re: Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below Amit Klein (AKsecurity) (Apr 18)
Andreas Constantinides
zOOM Media Gallery - Simple SQL Injection discovery Andreas Constantinides (Apr 13)
Andrew
Microsoft Windows image rendering DoS vuln Andrew (Apr 11)
Andrew Y Ng
Apache hacks (./atac, d0s.txt) Andrew Y Ng (Apr 29)
Anthony Zboralski
BCS Asia 2005 Slides and pictures Anthony Zboralski (Apr 14)
Antoine Martin
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Antoine Martin (Apr 22)
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted Antoine Martin (Apr 23)
Antonio Varni
Re: Security Contact for NetApp ? Antonio Varni (Apr 14)
Arkoon Security Team
Information leak in the Linux kernel ext2 implementation Arkoon Security Team (Apr 01)
Ayaz Ahmed Khan
Announcing PAKCON II (2005)! Ayaz Ahmed Khan (Apr 19)
PAKCON II: Call for Papers (CfP - 2005) Ayaz Ahmed Khan (Apr 19)
Bahaa Naamneh
NetManage RUMBA 7.4 Profile Handling Multiple Buffer Overflow Vulnerabilities Bahaa Naamneh (Apr 13)
Buffer Overflow within the RUMBA product Bahaa Naamneh (Apr 01)
Berend-Jan Wever
Details and PoC for MS05-020 MSIE DHTML Object handling vulnerabilities Berend-Jan Wever (Apr 13)
bert
OSX - trojan apps can bypass authentication controls and gain root privilages bert (Apr 06)
Boren, Rich (SSRT)
[security bulletin] SSRT5954 rev.0 HP-UX TCP/IP Remote Denial of Service (DoS) Boren, Rich (SSRT) (Apr 25)
[Security Bulletin] SSRT5958 rev.0 - HP OpenView Radia Mgmt. Portal (RMP) Radia Mgmt. Agent Remote unauthorized Privileged Access and (DoS) Boren, Rich (SSRT) (Apr 28)
Boyce, Nick
RE: iDEFENSE Security Advisory 04.18.05: McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability Boyce, Nick (Apr 20)
Braden Thomas
Re: Safari HTTPS Overflow Braden Thomas (Apr 29)
Brett Moore
[WHITEPAPER] Bugger The Debugger Brett Moore (Apr 11)
Bruce Momjian
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Bruce Momjian (Apr 20)
Bruno Wolff III
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Bruno Wolff III (Apr 22)
byte_jump
Re: Discovering and Stopping Phishing/Scam Attacks byte_jump (Apr 27)
c0d3r
ArGoSoft FTP Server is still vuln + PoC exploit code (IHSTeam) c0d3r (Apr 04)
Ecommerce-Carts SQL injection vulnerability ( IHSTeam ) c0d3r (Apr 20)
PMsoftware mini http server remote stack overflow exploit (IHSTeam) c0d3r (Apr 20)
Golden FTP Server Pro remote stack BOF exploit (IHSTeam) c0d3r (Apr 29)
CENSORED
SQL-injections in Invision Power Board v2.0.1 CENSORED (Apr 26)
SQL-injections in koobi-cms CENSORED (Apr 27)
Cesar
- Argeniss - Oracle exploits and workarounds Cesar (Apr 19)
Charles M. Hannum
Security holes in the iTunes Music Store Charles M. Hannum (Mar 31)
chewkeong
[SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability chewkeong (Apr 07)
CIRT.DK Advisory
[CIRT.DK - Advisory] Novell Nsure Audit 1.0.1 Denial of Service CIRT.DK Advisory (Apr 25)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Vulnerabilities in the Internet Key Exchange Xauth Implementation Cisco Systems Product Security Incident Response Team (Apr 06)
Cisco Security Advisory: Vulnerabilities in Cisco IOS Secure Shell Server Cisco Systems Product Security Incident Response Team (Apr 06)
Clad Strife
Linux vsyscalls may be used as attack vectors Clad Strife (Apr 20)
Linux vsyscalls may be used as attack vectors Clad Strife (Apr 20)
class101 () HAT-SQUAD com
Microsoft Windows Internet Name Service (WINS) Remote Heap Overflow Exploit class101 () HAT-SQUAD com (Apr 04)
Clorox
Centra 7 XSS Exploit Clorox (Apr 12)
Conectiva Updates
[CLA-2005:950] Conectiva Security Announcement - evolution Conectiva Updates (Apr 27)
[CLA-2005:948] Conectiva Security Announcement - squid Conectiva Updates (Apr 27)
[CLA-2005:947] Conectiva Security Announcement - MySQL Conectiva Updates (Apr 20)
[CLA-2005:949] Conectiva Security Announcement - gaim Conectiva Updates (Apr 27)
[CLA-2005:946] Conectiva Security Announcement - MySQL Conectiva Updates (Apr 04)
CorryL
Shoutbox SCRIPT <= 3.0.2 Administrative MD5 Username and Password Retrieval [x0n3-h4ck] CorryL (Apr 20)
MailEnable Smtpd remote Dos [x0n3-h4ck] CorryL (Apr 05)
TowerBlog <= 0.6 Admin Account View [x0n3-h4ck] CorryL (Apr 11)
MailEnable HTTPS Buffer Overflow [x0n3-h4ck] CorryL (Apr 25)
Crispin Cowan
Re: Discovering and Stopping Phishing/Scam Attacks Crispin Cowan (Apr 27)
cybertronic
Yager <= 5.24 Remote Buffer Overflow Exploit cybertronic (Apr 25)
RE: ERNW Security Advisory 01/2005 [ EXPLOIT ] cybertronic (Apr 19)
Snmppd SNMP proxy daemon format string exploit cybertronic (Apr 29)
Damian Put
[Overflow.pl] ImageMagick ReadPNMImage() Heap Overflow Damian Put (Apr 25)
Darren
Re: cPanel/WHM demo account problems Darren (Apr 01)
Darren Reed
Re: Solaris 10 Containers / Zones Security Flaw Darren Reed (Apr 04)
Dave Aitel
Re: [Full-disclosure] [VulnDiscuss] Re: -==phpBB 2.0.14 Multiple Vulnerabilities==-[Scanned] Dave Aitel (Apr 25)
Dave Armstrong
Borland Security Contact Dave Armstrong (Apr 28)
David F. Russell
Re: AW: PayPal "security" measures David F. Russell (Apr 04)
David F. Skoll
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords David F. Skoll (Apr 21)
Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords David F. Skoll (Apr 20)
David Malone
Re: crontab from vixie-cron allows read other users crontabs David Malone (Apr 07)
David Remahl
[DR001] AppleWebKit XMLHttpRequest arbitrary file disclosure vulnerability David Remahl (Apr 16)
David Riley
Re: Safari HTTPS Overflow David Riley (Apr 29)
dcrab
Directory transversal, sql injection and xss vulnerabilities in RadBids Gold v2 dcrab (Apr 11)
Multiple SQL Injections in MetaCart2 for PayPal dcrab (Apr 26)
Authenticaion bypass, Directory transversal and XSS vulnerabilities in PayProCart 3.0 - Profitcode Software dcrab (Apr 04)
Multiple Sql injection vulnerabilities in BK Forum v.4 dcrab (Apr 23)
Multiple SQL Injections in MetaCart2 for SQL Server Special Edition U.K dcrab (Apr 26)
Multiple Sql injection and XSS in Asp Nuke 0.80 (Working exploits included) dcrab (Apr 22)
Multiple Sql injections in phpCoin v1.2.2 and below dcrab (Apr 28)
Multiple multiple sql injection/errors and xss vulnerabilities in OneWorldStore dcrab (Apr 14)
Multiple SQL Injections in MetaBid Auctions dcrab (Apr 26)
Active Auction House has multiple Sql injection, error and XSS vulnerabilities dcrab (Apr 06)
Multiple SQL Injections in MetaCart e-Shop V-8 dcrab (Apr 26)
Multiple SQL Injections in StorePortal 2.63 dcrab (Apr 25)
Require many large corporate emails for contact regarding vulnerability. dcrab (Apr 16)
LiteCommerce Sql injection and reveling errors vulnerability dcrab (Apr 06)
HTTP RESPONSE SPLITTING by Diabolic Crab dcrab (Apr 13)
DUportal Pro 3.4 has MANY Sql injection and Sql Errors. dcrab (Apr 20)
Multiple Sql injection and XSS in CartWIZ ASP Cart dcrab (Apr 23)
Multiple Sql injection and XSS vulnerabilities in phpBB Plus v.1.52 and below and some of its modules. dcrab (Apr 13)
Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3 dcrab (Apr 08)
AlstraSoft EPay Pro v2.0 has file include and multiple xss vulnerabilities dcrab (Apr 02)
Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below dcrab (Apr 15)
MetaCart2 for PayFlow Multiple Sql Injection Vulnerabilities dcrab (Apr 26)
D.C. van Moolenbroek
Re: index.cgi script XSS + file show D.C. van Moolenbroek (Apr 25)
deluxe
[SePro Bugtraq] WBB - WoltLab Burning Board <= 2.3.1 - XSS Vulnerability (22.04.05) deluxe (Apr 22)
phpBB - Knowledge Base MOD - SQL-Injection and Full Path Disclosure deluxe (Apr 18)
Denis Jedig
Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Denis Jedig (Apr 02)
Derek Martin
Re: gzip TOCTOU file-permissions vulnerability Derek Martin (Apr 14)
Re: gzip TOCTOU file-permissions vulnerability Derek Martin (Apr 13)
Re: gzip TOCTOU file-permissions vulnerability Derek Martin (Apr 14)
Des Ward
Re: Microsoft Explorer Denial of Service Des Ward (Apr 06)
devnull
Re: gzip TOCTOU file-permissions vulnerability devnull (Apr 15)
dila
OpenText FirstClass 8.0 Client Arbitrary File Execution dila (Apr 11)
Dionysios G. Synodinos
Re: Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3 Dionysios G. Synodinos (Apr 12)
Dirk Mueller
[KDE Security Advisory]: kimgio input validation errors Dirk Mueller (Apr 22)
[KDE Security Advisory]: Kommander untrusted code execution Dirk Mueller (Apr 22)
Dmitry Yu. Bolkhovityanov
Re: gzip TOCTOU file-permissions vulnerability Dmitry Yu. Bolkhovityanov (Apr 16)
Donato Ferrante
directory traversal in Yawcam 0.2.5 Donato Ferrante (Apr 21)
dong-hun you
GLD (Greylisting daemon for Postfix) multiple vulnerabilities. dong-hun you (Apr 13)
[INetCop Security Advisory] Snmppd potentially format string vulnerability. dong-hun you (Apr 25)
echo staff
[ECHO_ADV_12$2005] Vulnerabilities in sphpblog echo staff (Apr 15)
Vulnerabilities in sphpblog echo staff (Apr 15)
Eiji James Yoshida
RE: Microsoft Windows Server 2003 "Shell Folders" Directory Traversal Vulnerability Eiji James Yoshida (Apr 02)
Emanuele "z\" Gentili
E-Cart v1.1 Remote Command Execution Vulnerability Emanuele "z\" Gentili (Apr 25)
E-Cart E-Commerce Software EXPLOIT Emanuele "z\" Gentili (Apr 26)
Erich Klaus
Sql Injection in Confixx 3.06 & 3.08 & 3.?? ? Erich Klaus (Apr 25)
Evgeny Pinchuk
MS05-021 Microsoft Exchange X-LINK2STATE Heap Overflow PoC Evgeny Pinchuk (Apr 19)
exploits () nopiracy de
PunBB <= 1.2.4 - change email to become admin exploit exploits () nopiracy de (Apr 09)
Fabrice Marie
Security Contact for NetApp ? Fabrice Marie (Apr 14)
farhad koosha
ACSblog bug farhad koosha (Apr 23)
fireboy fireboy
remote command execution in include.cgi script fireboy fireboy (Apr 25)
remote command execution in citat.pl script fireboy fireboy (Apr 25)
remote command execution in text.cgi script fireboy fireboy (Apr 25)
remote command execution in inserter.cgi script fireboy fireboy (Apr 25)
remote command execution in ad.cgi script fireboy fireboy (Apr 25)
index.cgi script XSS + file show fireboy fireboy (Apr 25)
remote command execution in forum.pl script fireboy fireboy (Apr 25)
hyper.cgi script file show bug fireboy fireboy (Apr 25)
remote command execution in includer.cgi script fireboy fireboy (Apr 25)
Francisco Alisson
All4WWW-Homepagecreator Remote Command Execution Francisco Alisson (Apr 14)
Mafia Blog Francisco Alisson (Apr 15)
myBloggie 2.1.1 Francisco Alisson (Apr 15)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-05:05.cvs FreeBSD Security Advisories (Apr 22)
FreeBSD Security Advisory FreeBSD-SA-05:03.amd64 FreeBSD Security Advisories (Apr 06)
FreeBSD Security Advisory FreeBSD-SA-05:02.sendfile FreeBSD Security Advisories (Apr 05)
FreeBSD Security Advisory FreeBSD-SA-05:04.ifconf FreeBSD Security Advisories (Apr 15)
Gadi Evron
Re: crontab from vixie-cron allows read other users crontabs Gadi Evron (Apr 07)
drone armies C&C report - March/2005 Gadi Evron (Apr 06)
Gandalf The White
New auto download / install / exploit URL? Gandalf The White (Apr 23)
Geoff Vass
RE: New auto download / install / exploit URL? Geoff Vass (Apr 25)
Gerald Quakenbush
eGroupWare Leaks Files Gerald Quakenbush (Apr 12)
GHC team
Vulnerability in Coppermine Photo Gallery 1.3.* GHC team (Apr 18)
gilbert nzeka
The first open source spyware gilbert nzeka (Apr 18)
Gilbert Verdian
Safari HTTPS Overflow Gilbert Verdian (Apr 28)
GomoR
MS05-019 Windows IP options DoS exploit GomoR (Apr 25)
Göran Sandahl
Re: RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Overflow Göran Sandahl (Apr 22)
Greg Roelofs
XV multiple buffer overflows (update) Greg Roelofs (Apr 11)
GreyMagic Security
File Selection May Lead to Command Execution (GM#015-IE) GreyMagic Security (Apr 19)
GulfTech Security Research
Multiple Security Issues Found In AZBB GulfTech Security Research (Apr 20)
RE: Portcullis Security Advisory 05-012 Ebay Session Riding Vulnerability GulfTech Security Research (Apr 19)
phpBB Notes Mod SQL Injection Vulnerability GulfTech Security Research (Apr 28)
Multiple eGroupware Vulnerabilities GulfTech Security Research (Apr 20)
Multiple ModernBill 4.3.0 And Earlier Vulnerabilities GulfTech Security Research (Apr 11)
Gunter Ollmann (NGS)
New Whitepaper: Stopping Automated Attack Tools Gunter Ollmann (NGS) (Apr 26)
HaCkZaTaN
-==phpBB 2.0.14 Multiple Vulnerabilities==- HaCkZaTaN (Apr 23)
Hat-Squad Security Team
[Hat-Squad Advisory] Bakbone NetVault Heap overflow Vulnerabilities Hat-Squad Security Team (Apr 01)
Hermann Arens
Re: New auto download / install / exploit URL? Hermann Arens (Apr 28)
Hillel Himovich
UBB Thread printthread.php SQL Injection Hillel Himovich (Apr 19)
houseofdabus HOD
ICMP attacks against TCP (Proof-of-Concept code) (MS05-019, CISCO:20050412) houseofdabus HOD (Apr 20)
Hyperdose Security
Trojan file issue in Musicmatch software Hyperdose Security (Apr 14)
Arbitrary file overwrite possible by Musicmatch ActiveX control Hyperdose Security (Apr 15)
Local file detection found through Adobe Reader ActiveX control Hyperdose Security (Apr 23)
Trusted Site Cross Site Scripting Elevation of Privilege in Musicmatch Hyperdose Security (Apr 14)
Improper log file storage in Musicmatch software Hyperdose Security (Apr 15)
iDEFENSE Labs
iDEFENSE Security Advisory 04.25.05: MySQL MaxDB Webtool Remote Lock-Token Stack Overflow Vulnerability iDEFENSE Labs (Apr 26)
iDEFENSE Security Advisory 03.31.05: PHP getimagesize() Multiple Denial of Service Vulnerabilities iDEFENSE Labs (Apr 01)
iDEFENSE Labs Releases dltrace iDEFENSE Labs (Apr 27)
iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability iDEFENSE Labs (Apr 09)
iDEFENSE Security Advisory 04.12.05: Microsoft MSHTA Script Execution Vulnerability iDEFENSE Labs (Apr 12)
iDEFENSE Security Advisory 04.26.05: Citrix Program Neighborhood Agent Arbitrary Shortcut Creation Vulnerability iDEFENSE Labs (Apr 26)
iDEFENSE Labs Releases OllyDbg Breakpoint Manager iDEFENSE Labs (Apr 05)
iDEFENSE Security Advisory 04.18.05: McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability iDEFENSE Labs (Apr 19)
iDEFENSE Security Advisory 04.12.05: Microsoft Windows CSRSS.EXE Stack Overflow Vulnerability iDEFENSE Labs (Apr 12)
iDEFENSE Security Advisory 04.26.05: Citrix Program Neighborhood Agent Buffer Overflow iDEFENSE Labs (Apr 26)
iDEFENSE Security Advisory 04.06.05: IBM Lotus Domino Server Web Service DoS Vulnerability iDEFENSE Labs (Apr 06)
iDEFENSE Security Advisory 04.25.05: MySQL MaxDB Webtool Remote Stack Overflow Vulnerability iDEFENSE Labs (Apr 26)
iDEFENSE Security Advisory 04.12.05: Microsoft Windows Internet Explorer Long Hostname Heap Corruption Vulnerability iDEFENSE Labs (Apr 12)
iDEFENSE Security Advisory 04.26.05: MySQL MaxDB Webtool Remote 'If' Stack Overflow Vulnerability iDEFENSE Labs (Apr 26)
iDEFENSE Security Advisory 04.12.05: Microsoft Internet Explorer DHTML Engine Race Condition Vulnerability iDEFENSE Labs (Apr 12)
iDEFENSE Security Advisory 04.05.05: Computer Associates eTrust Intrusion Detection System CPImportKey DoS iDEFENSE Labs (Apr 05)
iDEFENSE Security Advisory 04.07.05: SGI IRIX gr_osview Information Disclosure Vulnerability iDEFENSE Labs (Apr 07)
iDEFENSE Security Advisory 04.07.05: SGI IRIX gr_osview File Overwrite Vulnerability iDEFENSE Labs (Apr 07)
Imran Ghory
rpdump TOCTOU file-permissions vulnerability Imran Ghory (Apr 11)
gzip directory traversal vulnerability Imran Ghory (Apr 20)
================================ GNU Core Utilities race condition file-permissions vulnerability ================================ Software: mkdir, mknod, mkfifo Version: Part of GNU Core Utilities 5.2.1 Software URL: <http://www.gnu.org/software/cor Imran Ghory (Apr 11)
gzip TOCTOU file-permissions vulnerability Imran Ghory (Apr 05)
cpio TOCTOU file-permissions vulnerability Imran Ghory (Apr 13)
cpio directory traversal vulnerability Imran Ghory (Apr 20)
IRM Advisories
IRM 011: Sygate,Security Agent (Sygate Secure Enterprise) Fail Open DoS IRM Advisories (Apr 12)
I)ruid
CAU - New Tool: hcraft - HTTP Vuln Request Crafter I)ruid (Apr 19)
jaguar
Annuaire Netref v4.2 [ fwrite php ] vulnerability jaguar (Apr 20)
Janek Vind
[waraxe-2005-SA#042] - Multiple vulnerabilities in Coppermine Photo Gallery 1.3.2 Janek Vind (Apr 20)
[waraxe-2005-SA#041] - Critical Sql Injection in PhpNuke 6.x-7.6 Top module Janek Vind (Apr 06)
Jason Coombs
DHS Security Contact Jason Coombs (Apr 28)
Jason Dodson
Re: Vulnerability kali's tagboard Jason Dodson (Apr 21)
Jason V. Miller
Re: bzip2 TOCTOU file-permissions vulnerability Jason V. Miller (Apr 02)
J B
RE: AW: PayPal "security" measures J B (Apr 04)
Jean-Yves Lefort
multiple remote denial of service vulnerabilities in Gaim Jean-Yves Lefort (Apr 01)
Jeff Moss
Black Hat USA 2005 Reminder CFP closing soon! Jeff Moss (Apr 27)
JeiAr
Double Choco Latte Remote Code Execution JeiAr (Apr 09)
Re: Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below JeiAr (Apr 15)
Jeremy Rasmussen
PayPal "security" measures Jeremy Rasmussen (Apr 01)
Jesse Morgan
Re: Microsoft Windows image rendering DoS vuln Jesse Morgan (Apr 22)
Jesus
Re: Vulnerability kali's tagboard Jesus (Apr 28)
jim allan
Re: Solaris 10 Containers / Zones Security Flaw jim allan (Apr 04)
Solaris 10 Containers / Zones Security Flaw jim allan (Apr 01)
Jim C. Nasby
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Jim C. Nasby (Apr 20)
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Jim C. Nasby (Apr 20)
Jim Knoble
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Jim Knoble (Apr 22)
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Jim Knoble (Apr 21)
Joey Hess
Re: gzip TOCTOU file-permissions vulnerability Joey Hess (Apr 13)
John Cobb
[NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure John Cobb (Apr 06)
RE: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure John Cobb (Apr 06)
joke0
Re: New auto download / install / exploit URL? joke0 (Apr 26)
Jonathan Katz
Re: Solaris 10 Containers / Zones Security Flaw Jonathan Katz (Apr 02)
Jordi Corrales
Dameware NT Utilities and MiniRemote Control <= 4.9 vulnerability Jordi Corrales (Apr 15)
Joseph Barillari
Capital One's website inadvertently assists phishing Joseph Barillari (Apr 19)
Re: Capital One's website inadvertently assists phishing Joseph Barillari (Apr 20)
Josh Berkus
Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Josh Berkus (Apr 21)
Joshua D. Drake
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Joshua D. Drake (Apr 21)
Joxean Koret
Security contact at sourceforge? Joxean Koret (Apr 28)
Karol Więsek
crontab from vixie-cron allows read other users crontabs Karol Więsek (Apr 06)
KF (Lists)
DMA[2005-0401a] - 'IVT BlueSoleil Directory Transversal' KF (Lists) (Apr 01)
Re: Borland Security Contact KF (lists) (Apr 28)
Re: OSX - trojan apps can bypass authentication controls and gain root privilages KF (lists) (Apr 06)
DMA[2005-0423a] - 'Nokia Affix Bluetooth Integer Underflow' KF (lists) (Apr 25)
'Widcomm BTW (Microsoft Windows BT stack) Directory Transversal' KF (lists) (Apr 13)
Kold
GrayCMS php code injection Kold (Apr 26)
Kozan
Miranda IM and Miranda Installer Let Local Users Execute Arbitrary Code Kozan (Apr 11)
kreon
serendipity SQL Injection vulnerability kreon (Apr 13)
DoKuWiki file-upload vulnerabilities kreon (Apr 12)
lacertosum
WebCT 4.1 vulnerable to XSS attacks lacertosum (Apr 12)
Lance James
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Lance James (Apr 21)
Larry Seltzer
RE: iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability Larry Seltzer (Apr 12)
RE: Microsoft Explorer Denial of Service Larry Seltzer (Apr 06)
lee xiaojun
OpenOffice DOC document Heap Overflow lee xiaojun (Apr 11)
liquid
QuickTime for Windows malformed GIF DoS liquid (Apr 12)
Luca Ercoli
Microsoft Explorer Denial of Service Luca Ercoli (Apr 06)
LG U8120 Mobile Phone Denial of Service Luca Ercoli (Apr 13)
Re: Microsoft Explorer Denial of Service Luca Ercoli (Apr 11)
Luigi Auriemma
In-game server buffer-overflow in Jedi Academy 1.011 Luigi Auriemma (Apr 02)
In-game players kicking in the Quake 3 engine Luigi Auriemma (Apr 02)
Multiple vulnerabilities in Yager 5.24 Luigi Auriemma (Apr 14)
In-game server crash in Call of Duty 1.5b and United Offensive 1.51b Luigi Auriemma (Apr 02)
Luis Alberto Cortes Zavala
Microsoft Windows image rendering DoS vuln Luis Alberto Cortes Zavala (Apr 22)
Luis Fernando
Multiples Full Path Disclosure in php-nuke 7.6 (and below) Luis Fernando (Apr 29)
Luke Macken
[ GLSA 200504-05 ] Gaim: Denial of Service issues Luke Macken (Apr 06)
[ GLSA 200504-06 ] sharutils: Insecure temporary file creation Luke Macken (Apr 07)
Macromedia Security Zone
Macromedia Security Bulletin - ColdFusion MX 6.1 Macromedia Security Zone (Apr 07)
Mailinglists
ERNW Security Advisory 01/2005 Mailinglists (Apr 18)
Maksymilian Arciemowicz
Re: Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3 Maksymilian Arciemowicz (Apr 12)
[SECURITYREASON.COM] phpnuke 7.6 Multiple vulnerabilities in Web_Links Module cXIb8O3.14 Maksymilian Arciemowicz (Apr 07)
[SECURITYREASON.COM] phpnuke 7.6 Multiple vulnerabilities in Downloads Module cXIb8O3.13 Maksymilian Arciemowicz (Apr 07)
[SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12 Maksymilian Arciemowicz (Apr 04)
Mandrakelinux Security Team
MDKSA-2005:069 - Updated gdk-pixbuf packages fix vulnerability Mandrakelinux Security Team (Apr 08)
MDKSA-2005:066 - Updated grip packages fix vulnerability Mandrakelinux Security Team (Apr 02)
MDKSA-2005:065 - Updated ImageMagick packages fix multiple vulnerabilities Mandrakelinux Security Team (Apr 02)
MDKSA-2005:068 - Updated gtk+2.0 packages fix vulnerability Mandrakelinux Security Team (Apr 08)
MDKSA-2005:067 - Updated sharutils packages fix multiple vulnerabilities Mandrakelinux Security Team (Apr 08)
MDKSA-2005:070 - Updated MySQL packages fix vulnerability Mandrakelinux Security Team (Apr 13)
Mandriva Security Team
MDKSA-2005:075 - Updated libcdaudio1 packages fix vulnerability Mandriva Security Team (Apr 21)
MDKSA-2005:074 - Updated gnome-vfs2 packages fix vulnerability Mandriva Security Team (Apr 21)
MDKSA-2005:072 - Updated php packages fix multiple vulnerabilities Mandriva Security Team (Apr 19)
MDKSA-2005:080 - Updated libxpm4 packages fix libXpm vulnerabilities Mandriva Security Team (Apr 29)
MDKSA-2005:079 - Updated perl packages to fix rmtree vulnerability Mandriva Security Team (Apr 29)
MDKSA-2005:077 - Updated cdrecord packages fix vulnerability Mandriva Security Team (Apr 21)
MDKSA-2005:076 - Updated xli packages fix multiple vulnerabilities Mandriva Security Team (Apr 21)
MDKSA-2005:078 - Updated squid packages fix vulnerability Mandriva Security Team (Apr 29)
MDKSA-2005:071 - Updated gaim packages fix multiple vulnerabilities Mandriva Security Team (Apr 14)
MDKSA-2005:073 - Updated cvs packages fix vulnerability Mandriva Security Team (Apr 21)
Marcin "CiNU5" Krupowicz
Sql injection in jPortal version 2.3.1 (module banner) Marcin "CiNU5" Krupowicz (Apr 12)
Sql injection in jPortal version 2.3.1 (module banner) Marcin "CiNU5" Krupowicz (Apr 11)
Marc Schoenefeld
MacOSX Java Runtime Environment Remote Denial-of-Service (DoS) Vulnerability Marc Schoenefeld (Apr 08)
Marcus Meissner
SUSE Security Announcement: PostgreSQL buffer overflow problems (SUSE-SA-2005:027) Marcus Meissner (Apr 20)
SUSE Security Announcement: kernel local privilege escalation (SUSE-SA:2005:021) Marcus Meissner (Apr 04)
SUSE Security Announcement: various KDE security problems (SUSE-SA:2005:022) Marcus Meissner (Apr 11)
SUSE Security Announcement: RealPlayer buffer overflow in RAM file handling (SUSE-SA:2005:026) Marcus Meissner (Apr 20)
SUSE Security Announcement: Mozilla Firefox, Mozilla various security problems (SUSE-SA:2005:028) Marcus Meissner (Apr 27)
Mark Senior
RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Mark Senior (Apr 22)
RE: gzip TOCTOU file-permissions vulnerability Mark Senior (Apr 14)
Markus Stenzel
Re: [bugtraq] Re: Borland Security Contact Markus Stenzel (Apr 29)
Martin Pitt
[USN-107-1] racoon vulnerability Martin Pitt (Apr 05)
[USN-104-1] unshar vulnerability Martin Pitt (Apr 04)
[USN-110-1] Linux kernel vulnerabilities Martin Pitt (Apr 11)
[USN-103-1] Linux kernel vulnerabilities Martin Pitt (Apr 01)
Re: gzip TOCTOU file-permissions vulnerability Martin Pitt (Apr 13)
[USN-106-1] Gaim vulnerabilities Martin Pitt (Apr 05)
[USN-112-1] PHP4 vulnerabilities Martin Pitt (Apr 14)
[USN-111-1] Squid vulnerability Martin Pitt (Apr 14)
[USN-109-1] MySQL vulnerability Martin Pitt (Apr 06)
[USN-105-1] PHP4 vulnerabilities Martin Pitt (Apr 05)
[USN-108-1] GDK vulnerability Martin Pitt (Apr 06)
Martin Schulze
[SECURITY] [DSA 708-1] New PHP3 packages fix denial of service Martin Schulze (Apr 15)
[SECURITY] [DSA 711-1] New info2www packages fix cross-site scripting vulnerability Martin Schulze (Apr 19)
[SECURITY] [DSA 712-1] New geneweb packages fix insecure file operations Martin Schulze (Apr 19)
[SECURITY] [DSA 702-1] New ImageMagick packages fix several vulnerabilities Martin Schulze (Apr 01)
[SECURITY] [DSA 716-1] New gaim packages fix denial of service Martin Schulze (Apr 27)
[SECURITY] [DSA 661-2] New f2c packages fix insecure temporary files Martin Schulze (Apr 20)
[SECURITY] [DSA 706-1] New axel packages fix arbitrary code execution Martin Schulze (Apr 13)
[SECURITY] [DSA 709-1] New libexif packages fix arbitrary code execution Martin Schulze (Apr 15)
[SECURITY] [DSA 718-2] New ethereal packages fix buffer overflow Martin Schulze (Apr 28)
[SECURITY] [DSA 713-1] New junkbuster packages fix several vulnerabilities Martin Schulze (Apr 21)
[SECURITY] [DSA 718-1] New ethereal packages fix buffer overflow Martin Schulze (Apr 28)
[SECURITY] [DSA 715-1] New cvs packages fix unauthorised repository access Martin Schulze (Apr 27)
[SECURITY] [DSA 717-1] New lsh packages fix several vulnerabilities Martin Schulze (Apr 27)
[SECURITY] [DSA 719-1] New prozilla packages fix arbitrary code execution Martin Schulze (Apr 28)
[SECURITY] [DSA 705-1] New wu-ftpd packages fix denial of service Martin Schulze (Apr 04)
[SECURITY] [DSA 707-1] New mysql packages fix several vulnerabilities Martin Schulze (Apr 13)
[SECURITY] [DSA 710-1] New gtkhtml packages fix denial of service Martin Schulze (Apr 18)
[SECURITY] [DSA 703-1] New krb5 packages fix arbitrary code execution Martin Schulze (Apr 01)
[SECURITY] [DSA 704-1] New remstats packages fix several vulnerabilities Martin Schulze (Apr 04)
[SECURITY] [DSA 714-1] New kdelibs packages fix arbitrary code execution Martin Schulze (Apr 26)
[SECURITY] [DSA 701-2] New samba packages fix correct sporadic crash Martin Schulze (Apr 21)
Matthias Geerdsen
[ GLSA 200504-19 ] MPlayer: Two heap overflow vulnerabilities Matthias Geerdsen (Apr 20)
[ GLSA 200504-24 ] eGroupWare: XSS and SQL injection vulnerabilities Matthias Geerdsen (Apr 25)
maty siman
Yet Another Forum.net XSS vulnerabilities maty siman (Apr 02)
Max Cerny
[exploits] phpMyVisites 1.3 local file retrieval Max Cerny (Apr 26)
Max Moser
Sanboxed browsing and authentication credentials Max Moser (Apr 05)
McAllister, Andrew
RE: PayPal "security" measures McAllister, Andrew (Apr 06)
RE: PayPal "security" measures McAllister, Andrew (Apr 04)
Michael Roitzsch
xine security announcement: multiple heap overflows in MMS and Real RTSP streaming clients Michael Roitzsch (Apr 21)
Michael Rueve
AW: PayPal "security" measures Michael Rueve (Apr 04)
Michael Samuel
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted Michael Samuel (Apr 22)
Microsoft Security Response Center
How to Report a Security Vulnerability to Microsoft Microsoft Security Response Center (Apr 09)
mike
Re: AW: PayPal 'security' measures mike (Apr 04)
Mike Fratto
RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Mike Fratto (Apr 22)
RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Mike Fratto (Apr 21)
RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Mike Fratto (Apr 22)
mikx
Firesearching 1 + 2 [Firefox 1.0.2] mikx (Apr 18)
Firelinking [Firefox 1.0.2] mikx (Apr 18)
Mohit Muthanna
OT: Two Factor Authentication on Linux / Mac / Windows Mohit Muthanna (Apr 28)
msdarkflyer
Directoy Traversal Attack in apexec.pl (.%00./-Bug) msdarkflyer (Apr 19)
Next Generation Insight Security Research (NGS Software)
Remote Buffer Overflow in Lotus Domino Next Generation Insight Security Research (NGS Software) (Apr 12)
NGSSoftware Insight Security Research
Patch available for critical Veritas i3 Server vulnerability NGSSoftware Insight Security Research (Apr 13)
Windows kernel overflow fixed NGSSoftware Insight Security Research (Apr 13)
High risk flaw in HP OpenView Radia Management Agent NGSSoftware Insight Security Research (Apr 28)
Sybase ASE Multiple Security Issues (#NISR05042005) NGSSoftware Insight Security Research (Apr 05)
Multiple High Risk flaws fixed in Oracle NGSSoftware Insight Security Research (Apr 13)
Multiple medium risk flaws fixed in new version of PHP (late advisory) NGSSoftware Insight Security Research (Apr 13)
nibbler999
Re: Vulnerability in Coppermine Photo Gallery 1.3.* nibbler999 (Apr 20)
Nicob
Re: New auto download / install / exploit URL? Nicob (Apr 28)
Nicolas Montoza
Possible XSS in User-Agent Nicolas Montoza (Apr 25)
E-Cart v1.1 Remote Command Execution Nicolas Montoza (Apr 23)
WordPress XSS and HTML injection Nicolas Montoza (Apr 12)
Oliver Karow
SonicWALL SOHO/10 - XSS vulnerability Oliver Karow (Apr 04)
OpenPKG
[OpenPKG-SA-2005.006] OpenPKG Security Advisory (mysql) OpenPKG (Apr 20)
[OpenPKG-SA-2005.005] OpenPKG Security Advisory (imapd) OpenPKG (Apr 05)
Oriol Torrent Santiago
phpMyAdmin Cross-site Scripting Vulnerability Oriol Torrent Santiago (Apr 04)
Overflow.pl
[Overflow.pl] Libsafe - Safety Check Bypass Vulnerability Overflow.pl (Apr 15)
[Overflow.pl] GOCR - Multiple vulnerabilities Overflow.pl (Apr 15)
Ovidiu Constantin
Re: BitDefender 8 - Race condition vulnerability Ovidiu Constantin (Apr 25)
pak_ml
RE: Netflix Site may assist Phishing pak_ml (Apr 28)
pasquale minervini
possible privilege escalation on Sco OpenServer 5.0.7 pasquale minervini (Apr 04)
patr0n
Local buffer overflow on Aeon<=0.2a patr0n (Apr 04)
patrick
Re: Microsoft Windows image rendering DoS vuln patrick (Apr 20)
Re: Microsoft Windows image rendering DoS vuln patrick (Apr 21)
Paul J Docherty
Portcullis Security Advisory 05-012 Ebay Session Riding Vulnerability Paul J Docherty (Apr 19)
Paul Laudanski
Re: -==phpBB 2.0.14 Multiple Vulnerabilities==- Paul Laudanski (Apr 25)
Re: Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below Paul Laudanski (Apr 16)
NY sues Spyware Intermix, funded by Tiaa-Cref Paul Laudanski (Apr 28)
Re: [SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12 Paul Laudanski (Apr 12)
Pavel Kankovsky
Re: ================================ GNU Core Utilities race condition file-permissions vulnerability ================================ Software: mkdir, mknod, mkfifo Version: Part of GNU Core Utilities 5. Pavel Kankovsky (Apr 16)
Peachtree Linux Security Team
[PLSN-0002] - Multiple vulnerabilities in Gaim Peachtree Linux Security Team (Apr 22)
[PLSN-0003] - Remote exploits in mplayer Peachtree Linux Security Team (Apr 22)
[PLSN-0002] - Multiple vulnerabilities in Gaim Peachtree Linux Security Team (Apr 21)
[PLSN-0004] - Buffer overflow in PostgreSQL Peachtree Linux Security Team (Apr 21)
[PLSN-0003] - Remote exploits in MPlayer Peachtree Linux Security Team (Apr 22)
[PLSN-0001] - Multiple vulnerabilities in Gaim Peachtree Linux Security Team (Apr 22)
[PLSN-0006] new libexif package available Peachtree Linux Security Team (Apr 26)
[PLSN-0007] new libcdaudio package available Peachtree Linux Security Team (Apr 26)
[PLSN-0001] - Multiple PHP vulnerabilities Peachtree Linux Security Team (Apr 21)
[PLSN-0005] new cvs package available Peachtree Linux Security Team (Apr 26)
Peter J. Holzer
Re: gzip TOCTOU file-permissions vulnerability Peter J. Holzer (Apr 15)
Re: gzip TOCTOU file-permissions vulnerability Peter J. Holzer (Apr 13)
Philippe Oechslin
windux-linux-gui-rainbow-lanman-cracker released Philippe Oechslin (Apr 15)
piker piker
Vulnerability kali's tagboard piker piker (Apr 21)
Piotr Bania
RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Overflow Piotr Bania (Apr 20)
(PAPER) "Vision of danger: The Firefox Greasemonkey" Piotr Bania (Mar 31)
please_reply_to_security
UnixWare 7.1.4 : cdrecord local root exploit please_reply_to_security (Apr 07)
OpenServer 5.0.6 OpenServer 5.0.7 : termsh atcronsh auditsh environment buffer overflows please_reply_to_security (Apr 07)
UnixWare 7.1.4 : libtiff Multiple vulnerabilities please_reply_to_security (Apr 07)
UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : telnet client multiple issues please_reply_to_security (Apr 09)
UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : CDE dtlogin unspecified double free please_reply_to_security (Apr 07)
OpenServer 5.0.6 OpenServer 5.0.7 : cscope local attacker can remove arbitrary files please_reply_to_security (Apr 07)
Pluf
7a69Adv#23 - Jar tool directory transversal vulnerability Pluf (Apr 12)
pokley
runcms/e-xoops 1.1A and below file upload vulnerability pokley (Apr 06)
psz
Re: gzip TOCTOU file-permissions vulnerability psz (Apr 14)
Rafael San Miguel Carrasco
JavaMail allows directory traversal in attachments Rafael San Miguel Carrasco (Apr 12)
Rager, Anton (Anton)
RE: Capital One's website inadvertently assists phishing Rager, Anton (Anton) (Apr 28)
Rainer Duffner
Re: AW: PayPal "security" measures Rainer Duffner (Apr 04)
Randy
Re: Microsoft Windows image rendering DoS vuln Randy (Apr 22)
Ravish Ahuja
RE: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure Ravish Ahuja (Apr 06)
Reed Arvin
Privilege escalation in BulletProof FTP Server v2.4.0.31 Reed Arvin (Apr 27)
Privilege escalation in BakBone NetVault 7.1 Reed Arvin (Apr 27)
Buffer overflow in KMiNT21 Software Golden FTP Server Pro v2.52 (10.04.2005) Reed Arvin (Apr 27)
Richard Moore
Re: crontab from vixie-cron allows read other users crontabs Richard Moore (Apr 06)
Richard Stanway
RE: Miranda IM and Miranda Installer Let Local Users Execute Arbitrary Code Richard Stanway (Apr 11)
Robert Escue
Re: Solaris 10 Containers / Zones Security Flaw Robert Escue (Apr 02)
rock master
SQL INJECTION in DLMan Pro. PHPBB Mod. rock master (Apr 05)
SQL INJECTION in LinksLinks Pro. PHPBB Mod. rock master (Apr 05)
Rod Taylor
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted Rod Taylor (Apr 21)
Romain Francoise
Re: tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits. Romain Francoise (Apr 28)
Re: tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop DOS. Romain Francoise (Apr 28)
Román Ramírez
Logics Software BS2000 Host to Web Client ALL PLATFORMS Román Ramírez (Apr 05)
Salim Gasmi
Gld 1.5 released (security fix) Salim Gasmi (Apr 13)
Sara Togian
Netflix Site may assist Phishing Sara Togian (Apr 28)
Scott Gifford
Re: gzip TOCTOU file-permissions vulnerability Scott Gifford (Apr 15)
Scott Grayban
insecure user account lam-runtime-7.0.6-2mdk rpm Scott Grayban (Apr 28)
Re: Security contact at sourceforge? Scott Grayban (Apr 28)
Scovetta, Michael V
RE: Possible XSS in User-Agent Scovetta, Michael V (Apr 25)
sebastian
Re: serendipity SQL Injection vulnerability sebastian (Apr 14)
Sebastian Krahmer
SUSE Security Announcement: cvs (SUSE-SA:2005:024) Sebastian Krahmer (Apr 18)
SecuBox fRoGGz
BitDefender 8 - Race condition vulnerability SecuBox fRoGGz (Apr 22)
dBpowerAMP Auxiliary - Abnormal execution SecuBox fRoGGz (Apr 25)
Secure Computer Group
[CAN-2005-1062] Administration protocol abuse allows local/remote password cracking Secure Computer Group (Apr 29)
[CAN-2005-1063] Administration protocol abuse leads to Service and System Denial of Service Secure Computer Group (Apr 29)
security
rsnapshot Security Advisory 001 security (Apr 11)
security curmudgeon
Re: Vulnerability kali's tagboard security curmudgeon (Apr 28)
SecurityReason
Full path disclosure and XSS in PHPNuke SecurityReason (Apr 04)
sh0rtie
Re: PayPal "security" measures sh0rtie (Apr 06)
shadown
ADV: NetTerm's NetFtpd 4.2.2 Buffer Overflow + PoC Exploit shadown (Apr 26)
Shalom Carmel
Disclosure of AS/400 user accounts via the FTP server Shalom Carmel (Apr 04)
Enumeration of AS/400 users and their status via POP3 Shalom Carmel (Apr 15)
Reverse shell using netcat on AS/400 Shalom Carmel (Mar 31)
Canonicalization and directory traversal in iSeries FTP security products Shalom Carmel (Apr 21)
ShineShadow
Multiple vulnerabilities in Argosoft Mail Server 1.8.7.6 ShineShadow (Apr 22)
Sieg Fried
ZRCSA-200501 - Multiple vulnerabilities in Claroline Sieg Fried (Apr 27)
snsadv
[SNS Advisory No.80] nProtect:Netizen Arbitrary File Download Vulnerability snsadv (Apr 25)
sonderling
Mac OS X Cocktail 3.5.4 admin password disclosure sonderling (Apr 29)
Son SonOfLilit
Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Son SonOfLilit (Apr 04)
sp3x
[SECURITYREASON.COM] Full path disclosure and XSS in PHPNuke part 3 sp3x (Apr 05)
SPI Labs
IBM WebSphere Widespread configuration JSP disclosure SPI Labs (Apr 13)
SSC Advisory Notice
Secure Science Corporation Application Software Advisory 055 SSC Advisory Notice (Apr 20)
Status-x
phpBB Upload Script "up.php" Arbitrary File Upload Status-x (Apr 08)
Stephen Frost
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Stephen Frost (Apr 22)
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Stephen Frost (Apr 22)
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Stephen Frost (Apr 21)
Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Stephen Frost (Apr 20)
Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Stephen Frost (Apr 20)
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Stephen Frost (Apr 21)
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Stephen Frost (Apr 21)
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted Stephen Frost (Apr 23)
Steve G
Re: cpio TOCTOU file-permissions vulnerability Steve G (Apr 19)
Steve Grubb
Re: gzip TOCTOU file-permissions vulnerability Steve Grubb (Apr 14)
Re: bzip2 TOCTOU file-permissions vulnerability Steve Grubb (Apr 02)
Re: bzip2 TOCTOU file-permissions vulnerability Steve Grubb (Apr 14)
steven
Discovering and Stopping Phishing/Scam Attacks steven (Apr 26)
Steven M. Christey
Re: SQL-injections in Invision Power Board v2.0.1 Steven M. Christey (Apr 27)
Steve Shockley
Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Steve Shockley (Apr 04)
Stuart Pearson
Microsoft Jet (msjet40.dll) Exploit Stuart Pearson (Apr 11)
Sumy
How to write remote exploits ( V. 1.1) Sumy (Apr 02)
(Paper) Programming: The Heart of Web Security Sumy (Apr 01)
Sune Kloppenborg Jeppesen
[ GLSA 200504-10 ] Gld: Remote execution of arbitrary code Sune Kloppenborg Jeppesen (Apr 13)
[ GLSA 200504-14 ] monkeyd: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Apr 15)
[ GLSA 200504-25 ] Rootkit Hunter: Insecure temporary file creation Sune Kloppenborg Jeppesen (Apr 26)
[ GLSA 200504-17 ] XV: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Apr 19)
[ GLSA 200504-13 ] OpenOffice.Org: DOC document Heap Overflow Sune Kloppenborg Jeppesen (Apr 15)
[ GLSA 200504-23 ] Kommander: Insecure remote script execution Sune Kloppenborg Jeppesen (Apr 22)
[ GLSA 200504-28 ] Heimdal: Buffer overflow vulnerabilities Sune Kloppenborg Jeppesen (Apr 28)
UPDATE: [ GLSA 200504-16 ] CVS: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Apr 22)
[ GLSA 200504-11 ] JunkBuster: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Apr 13)
UPDATE: [ GLSA 200410-10 ] gettext: Insecure temporary file handling Sune Kloppenborg Jeppesen (Apr 22)
[ GLSA 200504-16 ] CVS: Multiple vulnerabilities Sune Kloppenborg Jeppesen (Apr 18)
[ GLSA 200504-26 ] Convert-UUlib: Buffer overflow Sune Kloppenborg Jeppesen (Apr 26)
[ GLSA 200504-22 ] KDE kimgio: PCX handling buffer overflow Sune Kloppenborg Jeppesen (Apr 22)
Team SHATTER
[AppSecInc Team SHATTER Security Advisory] SQL Injection in ALTER_MANUALLOG_CHANGE_SOURCE procedure Team SHATTER (Apr 18)
[AppSecInc Team SHATTER Security Advisory] SQL Injection in CREATE_SCN_CHANGE_SET procedure Team SHATTER (Apr 18)
[AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages Team SHATTER (Apr 18)
[AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_METADATA package Team SHATTER (Apr 18)
[AppSecInc Team SHATTER Security Advisory] Denial of Service in Oracle interMedia Team SHATTER (Apr 18)
Terencentanio Enache
myPHP Forum v3 (possible v1 & 2 also) Identification 'spoof' Terencentanio Enache (Apr 27)
The Dark Tangent
DEF CON - New CTF Organizers chosen! The Dark Tangent (Apr 29)
Theodor Milkov
Re: gzip TOCTOU file-permissions vulnerability Theodor Milkov (Apr 15)
Thierry Carrez
[ GLSA 200504-12 ] rsnapshot: Local privilege escalation Thierry Carrez (Apr 13)
[ GLSA 200504-07 ] GnomeVFS, libcdaudio: CDDB response overflow Thierry Carrez (Apr 11)
UPDATE: [ GLSA 200503-35 ] Smarty: Template vulnerability Thierry Carrez (Apr 11)
[ GLSA 200504-04 ] mit-krb5: Multiple buffer overflows in telnet client Thierry Carrez (Apr 06)
[ GLSA 200504-27 ] xine-lib: Two heap overflow vulnerabilities Thierry Carrez (Apr 27)
[ GLSA 200504-18 ] Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities Thierry Carrez (Apr 19)
[ GLSA 200504-02 ] Sylpheed, Sylpheed-claws: Buffer overflow on message display Thierry Carrez (Apr 02)
[ GLSA 200504-20 ] openMosixview: Insecure temporary file creation Thierry Carrez (Apr 21)
[ GLSA 200504-01 ] telnet-bsd: Multiple buffer overflows Thierry Carrez (Apr 01)
[ GLSA 200504-21 ] RealPlayer, Helix Player: Buffer overflow vulnerability Thierry Carrez (Apr 22)
[ GLSA 200504-15 ] PHP: Multiple vulnerabilities Thierry Carrez (Apr 18)
[ GLSA 200504-03 ] Dnsmasq: Poisoning and Denial of Service vulnerabilities Thierry Carrez (Apr 04)
Thor (Hammer of God)
Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Thor (Hammer of God) (Apr 01)
Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities Thor (Hammer of God) (Apr 04)
Tino Wildenhain
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted Tino Wildenhain (Apr 21)
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Tino Wildenhain (Apr 21)
tom cruise
phpBB datenbank mod has XSS/SQL Injection in the id variable tom cruise (Apr 16)
Pafiledb ACTION Parameter XSS tom cruise (Apr 09)
Tom Lane
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Tom Lane (Apr 20)
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Tom Lane (Apr 20)
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Tom Lane (Apr 20)
Trustix Security Advisor
TSLSA-2005-0011 - kernel Trustix Security Advisor (Apr 05)
TSLSA-2005-0015 - postgresql Trustix Security Advisor (Apr 25)
TSLSA-2005-0013 - cvs Trustix Security Advisor (Apr 21)
Vade 79
tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits. Vade 79 (Apr 26)
tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop DOS. Vade 79 (Apr 26)
sumus[v0.2.2]: (httpd) remote buffer overflow exploit. Vade 79 (Apr 14)
ViPeR
RE: IE - cross site click detection? ViPeR (Apr 27)
IE - cross site click detection? ViPeR (Apr 26)
vorlon
[ GLSA 200504-09 ] Axel: Vulnerability in HTTP redirection handling vorlon (Apr 12)
vuln
[HV-HIGH] Microsoft Jet DB engine vulnerabilities vuln (Mar 31)
WBG Links
Window Washer 6.0: False Sense of Security WBG Links (Apr 12)
Williams, James K
Computer Associates BrightStor ARCserve Backup and BrightStor Enterprise Backup UniversalAgent buffer overflow vulnerability Williams, James K (Apr 14)
Yuri Gushin
[ECL] Windows IP Options DoS POC [ECL] Yuri Gushin (Apr 18)
Zinho
[HSC Security Group] Ocean12 Calendar manager 1.01 SQL injection Zinho (Apr 20)
[HSC Security Group] Comersus v6 Script injection Zinho (Apr 27)
[Hackers Center Security Group] Sqwebmail Http Splitting Vulnerability Zinho (Apr 26)
[HSC Security Group] Ocean12 Mailing List Manager Pro SQL injection Zinho (Apr 28)
zwell zwell
ms05016 POC zwell zwell (Apr 13)