Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
383 messages
starting Jan 01 05 and
ending Jan 31 05
Date index |
Thread index |
Author index
Saturday, 01 January
Jacks FormMail.php remote file access vulnerability Hack Hawk
Windows Media files allow opening any url in Internet Explorer Berend-Jan Wever
Windows LoadImage API Heapoverflow exploit Berend-Jan Wever
7a69Adv#17 - Internet Explorer FTP download path disclosure Albert Puigsech Galicia
Various Vulnerabilities in OWL Intranet Engine Joxean Koret
Cross Site Scripting Vulnerabilities and Possible Code Execution in SugarCRM Joxean Koret
Two Vulnerabilities in ViewCVS Joxean Koret
Monday, 03 January
[SECURITY] [DSA 622-1] New htmlheadline package fixes insecure temporary files Martin Schulze
Remote DoS in GFI MailEssentials due to a bug in Microsoft HTML parser Peter Kruse
STG Security Advisory: [SSA-20041224-21] File extensions restriction bypass vulnerability in GNUBoard advisory
Multiple Vulnerabilities in FlatNuke Pierquinto Manco
Multiple Firewall Products Bypass Vulnerability Ferruh Mavituna
Tuesday, 04 January
3Com 3CDaemon Multiple Vulnerabilities Sowhat .
Serious Vulnerabilities In PhotoPost ReviewPost GulfTech Security
[SECURITY] [DSA 623-1] New nasm packages fix arbitrary code execution Martin Schulze
Multiple PhotoPost Pro Vulnerabilities GulfTech Security
[KDE Security Advisory] ftp kioslave command injection Dirk Mueller
MyBB SQL Injection scottm
Socket termination, format string and XSS in Soldner Secret Wars 30830 Luigi Auriemma
QWikiwiki directory traversal vulnerability Madelman
Wednesday, 05 January
[SECURITY] [DSA 624-1] New zip packages fix arbitrary code execution Martin Schulze
[ GLSA 200501-04 ] Shoutcast Server: Remote code execution Luke Macken
[CLA-2005:910] Conectiva Security Announcement - mplayer Conectiva Updates
[SECURITY] [DSA 625-1] New pcal packages fix arbitrary code execution Martin Schulze
[ GLSA 200501-01 ] LinPopUp: Buffer overflow in message reply Thierry Carrez
[ GLSA 200501-02 ] a2ps: Insecure temporary files handling Thierry Carrez
[ GLSA 200501-03 ] Mozilla, Firefox, Thunderbird: Various vulnerabilities Thierry Carrez
DMA[2005-0103a] - 'William LeFebvre "top" format string vulnerability' KF (Lists)
IBM DB2 db2fmp buffer overflow (#NISR05012005A) NGSSoftware Insight Security Research
Paper: SQL Injection Attacks by Example Steve Friedl
IBM DB2 libdb2.so buffer overflow (#NISR05012005B) NGSSoftware Insight Security Research
IBM DB2 call buffer overflow (#NISR05012005C) NGSSoftware Insight Security Research
IBM DB2 JDBC Applet Server buffer overflow (#NISR05012005D) NGSSoftware Insight Security Research
IBM DB2 SATADMIN.SATENCRYPT buffer overflow (#NISR05012005E) NGSSoftware Insight Security Research
IBM DB2 Windows Permission Problems (#NISR05012005F) NGSSoftware Insight Security Research
IBM DB2 to_char and to_date Denial Of Service (#NISR05012005G) NGSSoftware Insight Security Research
RE: Paper: SQL Injection Attacks by Example David Litchfield
IBM DB2 XML functions overflows (#NISR05012005H) NGSSoftware Insight Security Research
IBM DB2 XML functions file creation vulnerabilities (#NISR05012005I) NGSSoftware Insight Security Research
RE: Paper: SQL Injection Attacks by Example Scovetta, Michael V
Re: Paper: SQL Injection Attacks by Example Chip Andrews
RE: Paper: SQL Injection Attacks by Example Michael Silk
Re: Paper: SQL Injection Attacks by Example Cory Foy
RE: Paper: SQL Injection Attacks by Example David Litchfield
[ GLSA 200501-05 ] mit-krb5: Heap overflow in libkadm5srv Sune Kloppenborg Jeppesen
[ GLSA 200501-06 ] tiff: New overflows in image decoding Thierry Carrez
RE: Paper: SQL Injection Attacks by Example Scovetta, Michael V
Thursday, 06 January
All Symantec Products All Versions Until 2005 - Remote Stack Buffer Overflow Rafel Ivgi, The-Insider
RE: Paper: SQL Injection Attacks by Example Sergey Chernyshev
[SECURITY] [DSA 626-1] New tiff packages fix denial of service Martin Schulze
[SECURITY] [DSA 627-1] New namazu2 packages fix cross-site scripting vulnerability Martin Schulze
[SECURITY] [DSA 628-1] New imlib2 packages fix arbitrary code execution Martin Schulze
RE: All Symantec Products All Versions Until 2005 - Remote Stack Buffer Overflow Polazzo Justin
Socket unreacheable in Amp II engine Luigi Auriemma
[USN-54-1] TIFF library tool vulnerability Martin Pitt
[USN-55-1] imlib2 vulnerabilities Martin Pitt
[ GLSA 200501-07 ] xine-lib: Multiple overflows Thierry Carrez
[CLA-2005:913] Conectiva Security Announcement - samba Conectiva Updates
MDKSA-2005:001 - Updated libtiff packages fix multiple vulnerabilities Mandrake Linux Security Team
re: All Symantec Products All Versions Until 2005 - Remote Stack Buffer Overflow Sym Security
MDKSA-2005:002 - Updated wxGTK2 packages fix vulnerabilities Mandrake Linux Security Team
MDKSA-2005:003 - Updated vim packages fix modeline vulnerabilities Mandrake Linux Security Team
MDKSA-2005:004 - Updated nasm packages fix buffer overflow vulnerability Mandrake Linux Security Team
[ GLSA 200501-08 ] phpGroupWare: Various vulnerabilities Luke Macken
[ GLSA 200501-09 ] xzgv: Multiple overflows Thierry Carrez
[ GLSA 200501-10 ] Vilistextum: Buffer overflow vulnerability Thierry Carrez
WinAc AND WinHKI ZIP File Directory Transversal Rafel Ivgi, The-Insider
Santy and SSL Ofer Shezaf
Friday, 07 January
grsecurity 2.1.0 release / 5 Linux kernel advisories Brad Spengler
grsecurity 2.1.0 release / 5 Linux kernel advisories Brad Spengler
Linux kernel sys_uselib local root vulnerability Paul Starzetz
Mozilla XBM Image Vulnerability Luca Ercoli
Simple PHP Blog directory traversal vulnerability Madelman
[SECURITY] [DSA 629-1] New kerberos packages fix arbitrary code execution Martin Schulze
Linux kernel uselib() privilege elevation, corrected Paul Starzetz
iDEFENSE Security Advisory [IDEF0725] Exim host_aton() Buffer Overflow Vulnerability customer service mailbox
Troj/Winser-A malware analysis Steve Friedl
iDEFENSE Security Advisory [IDEF0731] Exim auth_spa_server() Buffer Overflow Vulnerability customer service mailbox
Monday, 10 January
Security Advisory: Woltlab Burning Board Lite formmail.php XSS Martin Heistermann
[ GLSA 200501-12 ] TikiWiki: Arbitrary command execution Matthias Geerdsen
[SECURITY] [DSA 630-1] New lintian packages fix insecure temporary directory Martin Schulze
SUSE Security Announcement: libtiff/tiff (SUSE-SA:2005:001) Thomas Biege
[SECURITY] [DSA 632-1] New linpopup packages fix arbitrary code execution Martin Schulze
[SECURITY] [DSA 631-1] New kdlibs packages fix arbitrary FTP command execution Martin Schulze
SQL Injection Vulnerability in Invision Community Blog darkhawk matrix
Tuesday, 11 January
[ GLSA 200501-17 ] KPdf, KOffice: More vulnerabilities in included Xpdf Sune Kloppenborg Jeppesen
[ GLSA 200501-16 ] Konqueror: Java sandbox vulnerabilities Sune Kloppenborg Jeppesen
[SECURITY] [DSA 634-1] New hylafax packages fix unauthorised access Martin Schulze
Multi-vendor AV gateway image inspection bypass vulnerability Darren Bounds
UPDATED: the insider exploit( = the latest ie 0day which involves SHOWMODALDIALOG) Liu Die Yu
The Misuse of RC4 in Microsoft Word and Excel Hongjun Wu
HylaFAX hfaxd unauthorized login vulnerability Lee Howard
applicable exploit for winxp-sp2-uptodate Internet Explorer Liu Die Yu
EEYE: Windows ANI File Parsing Buffer Overflow Derek Soeder
VERITAS Backup Exec 8.x/9.x Remote Universal Exploit class 101
[AppSecInc Team SHATTER Security Advisory] Microsoft Windows LPC heap overflow Team SHATTER (Application Security, Inc.)
[AppSecInc Team SHATTER Security Advisory] Microsoft Windows Improper Token Validation Team SHATTER (Application Security, Inc.)
Portcullis Security Advisory 05-010 Paul J Docherty
Firespoofing [Firefox 1.0] mikx
[ GLSA 200501-18 ] KDE FTP KIOslave: Command injection Sune Kloppenborg Jeppesen
Portcullis Security Advisory 05-005 Paul J Docherty
Portcullis Security Advisory 05-001 Paul J Docherty
Portcullis Security Advisory 05-007 Paul J Docherty
Mod_dosevasive symlink and race vulnerability LSS Security
Portcullis Security Advisory 05-006 Paul J Docherty
Portcullis Security Advisory 05-003 Paul J Docherty
[SECURITY] [DSA 633-1] New bmv package fixes insecure temporary file creation Martin Schulze
[OpenPKG-SA-2005.001] OpenPKG Security Advisory (perl) OpenPKG
Portcullis Security Advisory 05-004 Paul J Docherty
Metasploit Framework v2.3 H D Moore
Woltlab Burning Book addentry.php SQL Injection Martin Heistermann
Apache mod_auth_radius remote integer overflow LSS Security
[ GLSA 200501-11 ] Dillo: Format string vulnerability Thierry Carrez
[USN-58-1] MIT Kerberos server vulnerability Martin Pitt
[ GLSA 200501-21 ] HylaFAX: hfaxd unauthorized login vulnerability Thierry Carrez
Portcullis Security Advisory 05-009 Paul J Docherty
Security Contact for Nokia Mobile phone softwares rohit
[ GLSA 200501-20 ] o3read: Buffer overflow during file conversion Thierry Carrez
IlohaMail Insecure Configuration Files wang
Fwd: APPLE-SA-2005-01-11 iTunes 4.7.1 David Ahmad
Re: Firespoofing [Firefox 1.0] Pavel Kankovsky
Re: DSL- Router Teledat 530 DoS Stefan S .
Re: [Full-Disclosure] Multi-vendor AV gateway image inspection bypass vulnerability Darren Bounds
[ GLSA 200501-22 ] poppassd_pam: Unauthorized password changing Thierry Carrez
Re: [Full-Disclosure] Multi-vendor AV gateway image inspection bypass vulnerability Danny
[NILESA-20050101]: Denial of Service vulnerability due to the mountd bug Jonglim Yun
Re: The Misuse of RC4 in Microsoft Word and Excel Brendan Dolan-Gavitt
[ GLSA 200501-13 ] pdftohtml: Vulnerabilities in included Xpdf Thierry Carrez
Squirrelmail vacation v0.15 local root exploit LSS Security
[USN-59-1] mailman vulnerabilities Martin Pitt
WMV (Windows Media Player) trojan in wild Marc Bejarano
Portcullis Security Advisory 05-008 Paul J Docherty
Wednesday, 12 January
Linux kernel i386 SMP page fault handler privilege escalation Paul Starzetz
Arkeia Possible remote root & information leakage Maciej Bogucki
[SECURITY] [DSA 635-1] New exim packages fix arbitrary code execution Martin Schulze
Security Advisory: BiTBOARD xss Martin Heistermann
[SECURITY] [DSA 636-1] New libc6 packages fix insecure temporary files Martin Schulze
[ GLSA 200501-23 ] Exim: Two buffer overflows Matthias Geerdsen
Is DEP easily evadable? John Richard Moser
Windows ANI File Parsing Proof Of Concept (MS05-002) assaf404
[waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNuke Janek Vind
Thursday, 13 January
[SECURITY] [DSA 638-1] New gopher packages fix several vulnerabilities Martin Schulze
[CLA-2005:915] Conectiva Security Announcement - php4 Conectiva Updates
[SECURITY] [DSA 637-1] New exim-tls packages fix arbitrary code execution Martin Schulze
[CLA-2005:916] Conectiva Security Announcement - ethereal Conectiva Updates
XSS Vulnerability in ForumKIT tom cruise
Re: Is DEP easily evadable? Florian Weimer
[CLA-2005:917] Conectiva Security Announcement - krb5 Conectiva Updates
Cross Site Scripting holes found in Horde 3.0 Hyperdose Security
TSLSA-2005-0001 - multi Trustix Security Advisor
IE issue with percent 20 RSnake
InternetExploiter 3.2 Berend-Jan Wever
UPDATE: [ GLSA 200412-25 ] CUPS: Multiple vulnerabilities Thierry Carrez
Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack CIRT Advisory
MDKSA-2005:006 - Updated hylafax packages fix vulnerability Mandrake Linux Security Team
Re: Is DEP easily evadable? John Richard Moser
Re: Is DEP easily evadable? Ben Pfaff
SB2005002: pron to bypass APF checking uid(0) routine x90c
MDKSA-2005:007 - Updated imlib packages fix vulnerability Mandrake Linux Security Team
STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities advisory
Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack Hammud_Saway
iDEFENSE Security Advisory 01.13.05 - Apple iTunes Playlist Parsing Buffer Overflow Vulnerability customer service mailbox
Server crash in Breed patch #1 Luigi Auriemma
Friday, 14 January
iDEFENSE Security Advisory 01.13.05: MySQL MaxDB WebAgent websql logon Buffer Overflow Vulnerability customer service mailbox
iDEFENSE Security Advisory 01.13.05: SGI IRIX inpview Design Error Vulnerability customer service mailbox
XSS Vulnerability in Siteman v1.1.9 Pedram hayati
Internet Explorer valid JavaScript-file successfull load detection local file enumeration Berend-Jan Wever
[CLA-2005:918] Conectiva Security Announcement - twiki Conectiva Updates
Re: Is DEP easily evadable? John Richard Moser
Paper: How to exploit overflow vulnerability under Fedora Core 2 vangelis vangelis
Re: Is DEP easily evadable? Ben Pfaff
MDKSA-2005:005 - Updated nfs-utils packages fix 64bit vulnerability Mandrake Linux Security Team
new tool : the first remote PHP vulnerability scanner bad boy
Re: Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack shadown
Re: Multiple Firewall Products Bypass Vulnerability Ansgar -59cobalt- Wiechers
[SECURITY] [DSA 639-1] New mc packages fix several vulnerabilities Martin Schulze
iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer Overflow Vulnerability customer service mailbox
Saturday, 15 January
Re: rssh and scponly arbitrary command execution Derek Martin
iDefense iTunes advisory. nemo
[USN-60-0] Linux kernel vulnerabilities Martin Pitt
Various Vulnerabilities in SparkleBlog Kovács László
XSS in the nested BB tag in many forum pigrelax
Apple Airport WDS DoS Dylan Griffiths
RE: Various Vulnerabilities in SparkleBlog Alan W. Rateliff, II
exim dns_buld_reverse() proof-of-concept Rafael San Miguel Carrasco
Monday, 17 January
[ GLSA 200501-25 ] Squid: Multiple vulnerabilities Sune Kloppenborg Jeppesen
[SECURITY] [DSA 640-1] New gatos packages fix arbitrary code execution Martin Schulze
[OpenPKG-SA-2005.002] OpenPKG Security Advisory (sudo) OpenPKG
[OpenPKG-SA-2005.003] OpenPKG Security Advisory (a2ps) OpenPKG
[SECURITY] [DSA 641-1] New playmidi packages fix local root exploit Martin Schulze
[SECURITY] [DSA 642-1] New gallery packages fix several vulnerabilities Martin Schulze
SUSE Security Announcement: php4/mod_php4 (SUSE-SA:2005:002) Ludwig Nussel
Tuesday, 18 January
[SIG^2 G-TEC] NodeManager Professional V2.00 Buffer Overflow Vulnerability chewkeong
Minis directory traversal vulnerability Madelman
Multiple Vulnerabilities in Netgear FVS318 Router Paul Kurczaba
phpGiftReq SQL Injection Madelman
MDKSA-2005:008 - Updated cups packages fix multiple vulnerabilities Mandrake Linux Security Team
Wednesday, 19 January
Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i NGSSoftware Insight Security Research
[SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution Martin Schulze
[SECURITY] [DSA 643-1] New queue packages fix buffer overflows Martin Schulze
IE HHCTRL exploit still usable even after patch Valentin Avram
iDEFENSE Security Advisory 01.17.05: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability customer service mailbox
UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : chroot A known exploit can break a chroot prison. please_reply_to_security
Novell GroupWise WebAccess error modules loading Marc Ruef
[USN-62-1] imagemagick vulnerability Martin Pitt
Netegrity SiteMinder smpwservicescgi.exe target specification Marc Ruef
[USN-63-1] MySQL client vulnerability Martin Pitt
Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations Rafel Ivgi, The-Insider
[USN-61-1] vim vulnerabilities Martin Pitt
Unrestricted I/O access vulnerability in INCA Gameguard Ryu Connor
Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability Rafel Ivgi, The-Insider
iDEFENSE Security Advisory 01.18.05 - Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow customer service mailbox
PeteFinnigan.com - Oracle security advisory Pete Finnigan
Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations Berend-Jan Wever
Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations Markus Kern
Cisco Security Advisory: Vulnerability in Cisco IOS Embedded Call Processing Solutions Cisco Systems Product Security Incident Response Team
RealPlayer Arbitrary File Deletion Vulnerability (#NISR19012005f) NGSSoftware Insight Security Research
MSN Heartbeat Control Buffer Overflow NGSSoftware Insight Security Research
RealPlayer Miscellaneous Vulnerabilities (#NISR19012005g) NGSSoftware Insight Security Research
Multiple vulnerabilities in the AtHoc Toolbar (#NISR19012005c) NGSSoftware Insight Security Research
Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a) NGSSoftware Insight Security Research
Darwin Kernel Vulnerability nemo
RealPlayer 'ShowPreferences' Buffer Overflow Vulnerability (#NISR19012005e) NGSSoftware Insight Security Research
iDEFENSE Security Advisory 01.19.05: MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities Michael Sutton
[SECURITY] [DSA 645-1] New CUPS packages fix arbitrary code execution Martin Schulze
Thursday, 20 January
Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations Markus Kern
[SECURITY] [DSA 646-1] New ImageMagick packages fix arbitrary code execution Martin Schulze
[SECURITY] [DSA 647-1] New mysql packages fix insecure temporary files Martin Schulze
Microsoft Internet Explorer HTML Help Control Vulnerability Still Exploitable After Patch Valentin Avram
fkey[v0.0.2]: local/remote file accessibility exploit. Vade 79
[SECURITY] [DSA 651-1] New squid packages fix denial of service Martin Schulze
[USN-64-1] xpdf, CUPS vulnerabilities Martin Pitt
[SECURITY] [DSA 650-1] New sword packages fix arbitrary command execution Martin Schulze
[USN-66-1] PHP vulnerabilities Martin Pitt
[CLA-2005:920] Conectiva Security Announcement - libtiff3 Conectiva Updates
[USN-67-1] Squid vulnerabilities Martin Pitt
Multiple vulnerabilities in Konversation Wouter Coekaerts
MDKSA-2005:011 - Updated xine packages fix multiple vulnerabilities Mandrake Linux Security Team
Integrigy Security Advisory - High Risk Security Issues in the Oracle Database and Oracle Applications Integrigy Security
Re: Darwin Kernel Vulnerability neil
MDKSA-2005:009 - Updated mpg123 packages fix vulnerability Mandrake Linux Security Team
MDKSA-2005:010 - Updated playmidi packages fix buffer overflow vulnerability Mandrake Linux Security Team
STG Security Advisory: [SSA-20050120-24] GForge 3.x directory traversal vulnerability advisory
STG Security Advisory: [SSA-20050120-22] JSBoard file disclosure vulnerability advisory
[SECURITY] [DSA 649-1] New xtrlock packages fix authentication bypass Martin Schulze
God Admin Injection Vulnerability in Siteman 1.0.x Pedram hayati
OpenServer 5.0.6 OpenServer 5.0.7 : bind remote attacker can poison the nameserver cache please_reply_to_security
[ GLSA 200501-26 ] ImageMagick: PSD decoding heap overflow Sune Kloppenborg Jeppesen
[USN-65-1] Apache utility script vulnerability Martin Pitt
Friday, 21 January
[SECURITY] [DSA 652-1] New unarj packages fix several vulnerabilities Martin Schulze
UnixWare 7.1.3 UnixWare 7.1.1 : OpenSSL Multiple Vulnerabilities please_reply_to_security
iDEFENSE Security Advisory 01.20.05: 3Com OfficeConnect Wireless 11g AP Information Disclosure Vulnerability iDefense Customer Service
[ GLSA 200501-27 ] Ethereal: Multiple vulnerabilities Luke Macken
SUSE Security Announcement: kernel local privilege escalation (SUSE-SA:2005:003) Marcus Meissner
Various Buffer Overflows in Oracle 10g Tools Joxean Koret
bug report comersus Back Office Lite 6.0 and 6.0.1 raf somers
Saturday, 22 January
Mac OS X 10.3 iSync Privilege Escalation Braden Thomas
(MS05-002) Cursor and Icon Format Handling Vulnerability (PoC for all affected systems) houseofdabus HOD
Re: Advanced Guestbook Stewart Souter
PHRACK #63 CALL FOR PAPERS rm
Call for DEFCON Capture the Flag Organizers. The Dark Tangent
Re: Various Buffer Overflows in Oracle 10g Tools David Litchfield
[ GLSA 200501-29 ] Mailman: Cross-site scripting vulnerability Luke Macken
Arbitrary files overwriting through skins in DivX Player 2.6 Luigi Auriemma
Microsoft NetDDE Service Unauthenticated Remote Buffer Overflow NGSSoftware Insight Security Research
[SECURITY] [DSA 653-1] New ethereal packages fix buffer overflow Martin Schulze
KDE Security Advisory: KOffice PDF Import Filter Vulnerability Waldo Bastian
ASH Hashing Algorithm seasonedpaper
[SECURITY] [DSA 654-1] New enscript packages fix several vulnerabilities Martin Schulze
Security Contact within RIM / Blackberry Mark Litchfield
KDE Security Advisory: Multiple vulnerabilities in Konversation Waldo Bastian
[ GLSA 200501-28 ] Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2 Thierry Carrez
[ GLSA 200501-30 ] CUPS: Stack overflow in included Xpdf code Thierry Carrez
Siteman User Database Line Insertion Vulnerability shoalie sefid
Internet Explorer URL obfuscation. Stewart, Graeme
RealVNC Contact DSGM
Re: Novell GroupWise WebAccess error modules loading Jonathan Rockway
Netscape Overflow. Carlos Ulver
Monday, 24 January
[KDE Security Advisory] kpdf Buffer Overflow Vulnerability Dirk Mueller
[ GLSA 200501-33 ] MySQL: Insecure temporary file creation Luke Macken
[ GLSA 200501-32 ] KPdf, KOffice: Stack overflow in included Xpdf code Sune Kloppenborg Jeppesen
Re: Internet Explorer URL obfuscation. Berend-Jan Wever
SUSE Security Announcement: Realplayer 8 (SUSE-SA:2005:004) Marcus Meissner
SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow 3APA3A
Local buffer-overflow in W32Dasm 8.93 Luigi Auriemma
Portcullis Security Advisory 05-002 Spectrum Cash Receipting System Weak Password Encryption Paul J Docherty
MDKSA-2005:012 - Updated zhcon packages fix vulnerability Mandrake Linux Security Team
Multiple vulnerabilities in MercuryBoard 1.1.1 Alberto Trivero
English-language version of K-OTik.COM launched today ! K-OTiK Security
iDEFENSE Security Advisory 01.24.05: DataRescue Interactive Disassembler Pro Buffer Overflow Vulnerability iDefense Customer Service
[ GLSA 200501-35 ] Evolution: Integer overflow in camel-lock-helper Luke Macken
MDKSA-2005:013 - Updated ethereal packages fix multiple vulnerabilities Mandrake Linux Security Team
Tuesday, 25 January
[SECURITY] [DSA 657-1] New xine-lib packages fix arbitrary code execution Martin Schulze
logwatch and logrotate might create a blind spot in reporting Sami Pitko
[SECURITY] [DSA 656-1] New vdr packages fix insecure file access Martin Schulze
[SECURITY] [DSA 655-1] New zhcon packages fix unauthorised file access Martin Schulze
Vulnerabilities in eXponent 0.95 Ahmad Muammar
MDKSA-2005:015 - Updated mailman packages fix vulnerabilities Mandrake Linux Security Team
MDKSA-2005:014 - Updated squid packages fix multiple vulnerabilities Mandrake Linux Security Team
Re: ADVISORY: security hole (http response splitting) in snitz forums 2000 Harold Lines
[USN-68-1] enscript vulnerabilities Martin Pitt
Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow Michael Hampton
[CLA-2005:921] Conectiva Security Announcement - xpdf Conectiva Updates
[USN-69-1] Evolution vulnerability Martin Pitt
[ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilities Thierry Carrez
Re: "Local" and "Remote" considered insufficient Frank Knobbe
[USN-70-1] Perl DBI module vulnerability Martin Pitt
[SECURITY] [DSA 658-1] New libdbi-perl packages fix insecure temporary file Martin Schulze
phpEventCalendar HTML injection Madelman
[ GLSA 200501-36 ] AWStats: Remote code execution Luke Macken
wifi AP + broadcoast ping Miroslav Kubik
Wednesday, 26 January
OpenServer 5.0.6 OpenServer 5.0.7 : scosessoin local privilege elevation please_reply_to_security
OpenServer 5.0.6 OpenServer 5.0.7 : wu-ftp local users can bypass access restrictions please_reply_to_security
MDKSA-2005:022 - Updated cups packages fix multiple vulnerabilities Mandrake Linux Security Team
List of all admin accounts in phpBB Predrag Damnjanovic
MDKSA-2005:020 - Updated kdegraphics packages fix buffer overflow vulnerability Mandrake Linux Security Team
DMA[2005-0125a] - 'berlios gpsd format string vulnerability' KF (Lists)
MDKSA-2005:017 - Updated xpdf packages fix buffer overflow vulnerability Mandrake Linux Security Team
Cisco Security Advisory: Multiple Crafted IPv6 Packets Cause Reload Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Misformed BGP Packet Causes Reload Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Crafted Packet Causes Reload on Cisco Routers Cisco Systems Product Security Incident Response Team
UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : x.org possible local socket hijacking please_reply_to_security
[SECURITY] [DSA 660-1] New kdebase packages fix authentication bypass Martin Schulze
Re: [ GLSA 200501-36 ] AWStats: Remote code execution Delian Krustev
iDEFENSE Security Advisory 01.26.05: Openswan XAUTH/PAM Buffer Overflow Vulnerability iDefense Customer Service
Black Hat new content on-line & Registration now open for Asia and Europe. Jeff Moss
[SECURITY] [DSA 659-1] New libpam-radius-auth packages fix several vulnerabilities Martin Schulze
MDKSA-2005:016 - Updated gpdf packages fix buffer overflow vulnerability Mandrake Linux Security Team
MDKSA-2005:018 - Updated cups packages fix buffer overflow vulnerability Mandrake Linux Security Team
MDKSA-2005:019 - Updated koffice packages fix buffer overflow vulnerability Mandrake Linux Security Team
MDKSA-2005:021 - Updated tetex packages fix buffer overflow vulnerability Mandrake Linux Security Team
Multiple Vulnerabilities in Pocket IE kers0r
Re: List of all admin accounts in phpBB Aaron Klein
[CLA-2005:923] Conectiva Security Announcement - squid Conectiva Updates
Re: logwatch and logrotate might create a blind spot in reporting The Tibetan Traveller
Thursday, 27 January
HKLM locking Vladimir Kraljevic
NSFOCUS SA2005-01 : Buffer Overflow in WinAMP in_cdda.dll CDA Device Name NSFOCUS Security Team
Ingate Firewall: Removed PPTP tunnels not deactivated Per Cederqvist
DMA[2005-0127a] - 'Apple OSX batch family poor use of setuid' KF (Lists)
NOVL-2005-10096251 GroupWise WebAccess Error modules loading (report) Ed Reed
[Contact] Motorola broadband appliance team? William A. Rowe, Jr.
[SIG^2 G-TEC] Magic Winmail Server v4.0 Multiple Vulnerabilities chewkeong
UEBIMIAU <= 2.7.2 MULTIPLES VULNERABILITIES Nash Leon
[ GLSA 200501-38 ] Perl: rmtree and DBI tmpfile vulnerabilities Thierry Carrez
[ GLSA 200501-37 ] GraphicsMagick: PSD decoding heap overflow Thierry Carrez
[SECURITY] [DSA 661-1] New f2c packages fix insecure temporary files Martin Schulze
MDKSA-2005:024 - Updated evolution packages fix vulnerability Mandrakelinux Security Team
WarFTPD 1.82 RC9 DoS MC.Iglo
Friday, 28 January
Multiple vulnerabilities in Alt-N WebAdmin <= 3.0.2 David Alonso Pérez
[ GLSA 200501-39 ] SquirrelMail: Multiple vulnerabilities Sune Kloppenborg Jeppesen
WebWasher Classic - HTTP CONNECT weakness Oliver Karow
[OpenPKG-SA-2005.004] OpenPKG Security Advisory (sasl) OpenPKG
Re: UEBIMIAU <= 2.7.2 MULTIPLES VULNERABILITIES pokley
Multiple vulnerabilities in Icewarp Web Mail 5.3.0: New holes ShineShadow
Winamp Exploit (POC) 5.08 Stack Overflow Rojodos
RE: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow David LeBlanc
Re: Unrestricted I/O access vulnerability in INCA Gameguard David Roberts
[ GLSA 200501-40 ] ngIRCd: Buffer overflow Thierry Carrez
Saturday, 29 January
Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow Damien Miller
RE: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow David LeBlanc
SquirrelMail Security Advisory Jonathan Angliss
Re: List of all admin accounts in phpBB Paul Laudanski
Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow Lee Dilkie
XSS in Infinite Mobile Delivery v2.6 Webmail steven
Monday, 31 January
[ GLSA 200501-42 ] VDR: Arbitrary file overwriting issue Thierry Carrez
[ GLSA 200501-43 ] f2c: Insecure temporary file creation Thierry Carrez
[ GLSA 200501-44 ] ncpfs: Multiple vulnerabilities Thierry Carrez
WASC-Articles: "The 80/20 Rule for Web Application Security" robert
Security Bulletin - SSRT4875 rev.1 - HP Tru64 UNIX Java (TM) Technology Software Denial of Service (DoS) Boren, Rich (SSRT)
[ GLSA 200501-41 ] TikiWiki: Arbitrary command execution Sune Kloppenborg Jeppesen
drone armies C&C report - Jan/2005 Gadi Evron
Re[2]: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow 3APA3A
Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow Casper . Dik
Broadcast crash in Xpand Rally 1.0.0.0 Luigi Auriemma
[ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability Luke Macken
Re: Winamp Exploit (POC) 5.08 Stack Overflow Black Dot
Re: iDEFENSE Security Advisory 01.24.05: DataRescue Interactive Disassembler Pro Buffer Overflow Vulnerability dila
[PersianHacker.net] Full Path Disclosure and PHP Injection In Pafiledb 3.1 Final Pedram hayati
Zyxel / Netgear and probably other routers leaking information. Jens Kalvik
New Whitepaper available on security best practices Gunter Ollmann
Re: [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability Paul Laudanski
MDKSA-2005:025 - Updated clamav packages fix vulnerability Mandrakelinux Security Team
[ GLSA 200501-46 ] ClamAV: Multiple issues Sune Kloppenborg Jeppesen