Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
393 messages
starting Oct 15 05 and
ending Oct 12 05
Date index |
Thread index |
Author index
3APA3A
Re: Google Talk cleartext proxy credentials vulnerability 3APA3A (Oct 15)
abducter_minds
File Including In PBLang abducter_minds (Oct 28)
SQL IN FORUM.PHP ABDUCTER_MINDS (Oct 31)
File Including In FLAT NUKE abducter_minds (Oct 24)
admin
Woltlab Burning Board info_db.php multiple SQL injection admin (Oct 26)
Advisories
[EEYEB20050803] - Windows UMPNPMGR wsprintfW Stack Buffer Overflow Vulnerability Advisories (Oct 11)
[EEYEB20050915] - MDT2DD.DLL COM Object Uninitialized Heap Memory Vulnerability Advisories (Oct 11)
[EEYEB20050510] - Microsoft DirectShow Remote Code Vulnerability Advisories (Oct 11)
Network Appliance iSCSI Authentication Bypass advisories (Oct 25)
[EEYEB20050708] Microsoft Distributed Transaction Coordinator Memory Modification Vulnerability Advisories (Oct 11)
advisory
Aenovo Multiple Vulnerabilities advisory (Oct 07)
[KAPDA::#9] Techno Dreams Scripts Vulnerabilities advisory (Oct 26)
[KAPDA::#8] Domain Manager Pro Vulnerability advisory (Oct 24)
MailEnable W3C Logging Remote Buffer Overflow Proof of Concept advisory (Oct 07)
[KAPDA::#6] Punbb SQL Injection Vulnerability advisory (Oct 15)
ak
Re: Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers ak (Oct 07)
Oracle Workflow CSS Vulnerability wf_route ak (Oct 20)
Cross-Site-Scripting Vulnerability in Oracle iSQL*Plus ak (Oct 07)
Oracle Workflow CSS Vulnerability wf_monitor ak (Oct 20)
Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB ak (Oct 07)
Cross-Site-Scripting Vulnerability in Oracle XMLDB ak (Oct 07)
Shutdown TNS Listener via Oracle iSQL*Plus ak (Oct 07)
Shutdown TNS Listener via Oracle Forms Servlet ak (Oct 07)
Plaintext Password Vulnerabilitiy during Installation of Oracle HTMLDB ak (Oct 07)
alex
DCP - portal XSS & SQL attacks alex (Oct 24)
Flat Nuke Cross Site Scripting alex (Oct 24)
ali202
Re: Aenovo Multiple Vulnerabilities (Patch) ali202 (Oct 17)
alireza hassani
XSS & Path Disclosure in Chipmunk's products alireza hassani (Oct 20)
XSS vulnerability in Zeroblog alireza hassani (Oct 11)
Re: [KAPDA::#6] Punbb SQL Injection Vulnerability alireza hassani (Oct 19)
alljer
Yahoo RSS XSS Vulnerability (Correction) alljer (Oct 17)
Yahoo RSS XSS Vulnerability alljer (Oct 17)
almaster
SQL In Invision Gallery 2.0.3 almaster (Oct 31)
SQL saphp Lesson almaster (Oct 24)
DBoardGear SQL Injection almaster (Oct 24)
alphakgen
phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. alphakgen (Oct 24)
Andreas Marx
Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through Andreas Marx (Oct 26)
Andreas Zeidler
Re: using php local file include vulnerabilities for command execution Andreas Zeidler (Oct 12)
using php local file include vulnerabilities for command execution Andreas Zeidler (Oct 12)
Re: [SECURITYREASON.COM] phpMyAdmin Local file inclusion 2.6.4-pl1 Andreas Zeidler (Oct 12)
Andrey Bayora
Re: [Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte Andrey Bayora (Oct 26)
Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through Andrey Bayora (Oct 26)
Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through Andrey Bayora (Oct 29)
Update for the magic byte bug Andrey Bayora (Oct 26)
Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through Andrey Bayora (Oct 25)
Re: [Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte Andrey Bayora (Oct 29)
Animal
SQL-Injection in MyBulletinBoard allows attacker to become a board admin. Animal (Oct 26)
announcements
PullThePlug Contest: Call For Papers announcements (Oct 11)
Ariel Berkman
xloadimage buffer overflow. Ariel Berkman (Oct 06)
arpen
Re: Remote File Inclusion in forum PunBB arpen (Oct 29)
Re: [KAPDA::#6] Punbb SQL Injection Vulnerability arpen (Oct 18)
ascii
PHP iCalendar CSS ascii (Oct 25)
[AT]
Remote File Inclusion in vCard :) [AT] (Oct 29)
atmaca
Mirabilis ICQ 2003a Buffer Overflow Download Shellcoded Exploit atmaca (Oct 29)
Auri Rahimzadeh
Trend Micro's Response to the Magic Byte Bug Auri Rahimzadeh (Oct 29)
Ayaz Ahmed Khan
PAKCON II: Call for Paper (CfP), Final Call! Ayaz Ahmed Khan (Oct 05)
bambenek
[Information Disclosure] NetForce v4.02 Sends NIS Password Maps with passwords hashes over sendmail bambenek (Oct 01)
Bernhard Mueller
SEC-Consult SA 20051025-1 :: RSA ACE Web Agent XSS Bernhard Mueller (Oct 25)
SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability Bernhard Mueller (Oct 25)
SEC-CONSULT-SA-20051021-0: Yahoo/MSIE XSS Bernhard Mueller (Oct 21)
Bharat Mediratta
Gallery 2.x Remote File Access Vulnerability Bharat Mediratta (Oct 14)
bhfh01
PHP-Nuke Cross-Site Scripting Vulnerability bhfh01 (Oct 26)
Bipin Gautam
Re: [Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte Bipin Gautam (Oct 29)
Bob Beck
Re: Mozilla Thunderbird SMTP down-negotiation weakness Bob Beck (Oct 29)
Brian J. Bartlett
RE: Advisory: WZCS vulnerabilities Brian J. Bartlett (Oct 05)
Cesar
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers Cesar (Oct 06)
[Argeniss] Story of a dumb patch (Paper advisoryabout CSRSS and Windows Explorer vulnerabilities) Cesar (Oct 21)
chburchert
aRCHILLES Newsworld < 1.5.0-rc1 Multiple Vulnerabilities chburchert (Oct 24)
CIRT.DK Advisory
[CIRT.DK] - Novell ZENworks Patch Management Server 6.0.0.52 - SQL injection CIRT.DK Advisory (Oct 27)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory:Cisco 11500 Content Services Switch SSL Malformed Client Certificate Vulnerability Cisco Systems Product Security Incident Response Team (Oct 19)
Clayton Kossmeyer
Re: [Full-disclosure] Ciscos VPN-Client-Passwords can be decrypted Clayton Kossmeyer (Oct 18)
contact
Announcement: The Web Application Firewall Evaluation Criteria v1 contact (Oct 11)
WASC Threat Classification in 4 languages contact (Oct 06)
dave canuck
Re: [ GLSA 200510-23 ] TikiWiki: XSS vulnerability dave canuck (Oct 28)
Dave English
Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through Dave English (Oct 29)
dave kleiman
RE: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides dave kleiman (Oct 04)
David Ahmad
New List David Ahmad (Oct 31)
David Litchfield
Some new whitepapers ... David Litchfield (Oct 05)
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers David Litchfield (Oct 07)
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers David Litchfield (Oct 06)
Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers David Litchfield (Oct 06)
Revision: Multiple Critical and High Vulnerabilities in Oracle Database Server David Litchfield (Oct 19)
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers David Litchfield (Oct 07)
D_BuG
Re: uplod phpshell in PHP Advanced Transfer Manager D_BuG (Oct 31)
dcrab
Re: Require many large corporate emails for contact regarding vulnerability. dcrab (Oct 18)
Debasis Mohanty
RE: [Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte Debasis Mohanty (Oct 26)
Dirk Mueller
[KDE Security Advisory] KOffice/KWord RTF import buffer overflow Dirk Mueller (Oct 11)
donctl
Advisory: WZCS vulnerabilities donctl (Oct 04)
. EADS CCR DCR/STI/C
Skype security advisory . EADS CCR DCR/STI/C (Oct 25)
edward11
winrar 3.50 Exploit edward11 (Oct 17)
enji
Yapig: XSS / Code Injection Vulnerability enji (Oct 13)
Eric Romang / ZATAZ.com
php < 4.4.1 htaccess apache dos Eric Romang / ZATAZ.com (Oct 24)
Eygene A. Ryabinkin
Re: [Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte Eygene A. Ryabinkin (Oct 29)
Fernando Gont
Revised draft on ICMP attacks Fernando Gont (Oct 24)
Fixer
Security Contacr for Mycall Fixer (Oct 15)
Florian Weimer
Re: [Full-disclosure] SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability Florian Weimer (Oct 29)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-05:21.openssl FreeBSD Security Advisories (Oct 11)
Gadi Evron
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers Gadi Evron (Oct 07)
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers Gadi Evron (Oct 07)
Gary Oleary-Steele
[SEC-1 Advisory] GFI MailSecurity 8.1 Web Module Buffer Overflow Gary Oleary-Steele (Oct 12)
[SEC-1 Advisory] Collaboration Data Objects Buffer Overflow Vulnerability Gary Oleary-Steele (Oct 12)
Georg Wicherski
mwcollect v3.0.0 Release Georg Wicherski (Oct 31)
H D Moore
Metasploit Framework v2.5 H D Moore (Oct 19)
iDEFENSE Labs
iDEFENSE Security Advisory 10.04.05: Symantec AntiVirus Scan Engine Web Service Buffer Overflow Vulnerability iDEFENSE Labs (Oct 05)
iDEFENSE Security Advisory 10.11.05: Microsoft Distributed Transaction Controller TIP DoS Vulnerability iDEFENSE Labs (Oct 11)
iDEFENSE Security Advisory 10.24.05: SCO Openserver authsh 'Home' Buffer Overflow Vulnerability iDEFENSE Labs (Oct 25)
iDEFENSE Security Advisory 10.20.05: Symantec Norton AntiVirus LiveUpdate Local Privilege Escalation iDEFENSE Labs (Oct 21)
iDEFENSE Security Advisory 10.13.05: Multiple Vendor XMail 'sendmail' Recipient Buffer Overflow Vulnerability iDEFENSE Labs (Oct 13)
iDEFENSE Security Advisory 10.10.05: SGI IRIX runpriv Design Error Vulnerability iDEFENSE Labs (Oct 11)
iDEFENSE Security Advisory 10.20.05: Symantec Norton AntiVirus DiskMountNotify Local Privilege Escalation iDEFENSE Labs (Oct 21)
iDEFENSE Security Advisory 10.24.05: SCO Unixware Setuid ppp prompt Buffer Overflow Vulnerability iDEFENSE Labs (Oct 25)
iDefense Security Advisory 10.28.05: Multiple Vendor chmlib CHM File Handling Buffer Overflow Vulnerability iDEFENSE Labs (Oct 28)
iDEFENSE Security Advisory 10.24.05: SCO Openserver backupsh 'Home' Buffer Overflow Vulnerability iDEFENSE Labs (Oct 25)
iDEFENSE Security Advisory 10.10.05: Kaspersky Anti-Virus Engine CHM File Parser Buffer Overflow Vulnerability iDEFENSE Labs (Oct 11)
iDEFENSE Security Advisory 10.20.05: Multiple Vendor Ethereal srvloc Buffer Overflow Vulnerability iDEFENSE Labs (Oct 21)
RE: iDEFENSE Security Advisory 10.04.05: Symantec AntiVirus Scan Engine Web Service Buffer Overflow Vulnerability iDEFENSE Labs (Oct 05)
iDEFENSE Security Advisory 10.13.05: Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability iDEFENSE Labs (Oct 13)
iDEFENSE Security Advisory 10.04.05: UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability iDEFENSE Labs (Oct 05)
iDEFENSE Security Advisory 10.11.05: Microsoft Distributed Transaction Controller Packet Relay DoS Vulnerability iDEFENSE Labs (Oct 11)
Integrigy Security
Vulnerabilities in Oracle E-Business Suite 11i - Critical Patch Update October 2005 Integrigy Security (Oct 20)
Ivan .
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers Ivan . (Oct 07)
Jason Coombs
Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides Jason Coombs (Oct 03)
Jason Haar
Re: Mozilla Thunderbird SMTP down-negotiation weakness Jason Haar (Oct 26)
Re: Mozilla Thunderbird SMTP down-negotiation weakness Jason Haar (Oct 29)
Jerome Athias
Re: Some new whitepapers ... Jerome Athias (Oct 06)
khc
RTasarim WebAdmin modul SQL injection khc (Oct 14)
Kurt Seifried
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers Kurt Seifried (Oct 08)
Lachniet, Mark
RE: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides Lachniet, Mark (Oct 03)
L. Adrian Griffis
RE: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides L. Adrian Griffis (Oct 03)
Len Sassaman
CodeCon 2006 Call For Papers Len Sassaman (Oct 11)
lgreenem
Research for network security news article lgreenem (Oct 12)
Lila Buchalski
RE: Some new whitepapers ... Lila Buchalski (Oct 06)
Announcement : Core Banking Application Security List Lila Buchalski (Oct 06)
list
Kaspersky Antivirus Remote Heap Overflow list (Oct 03)
liudieyu
ie7 will have more mechanisms liudieyu (Oct 17)
lms
Planet Technology Corp FGSW2402RS switch default password / "backdoor" lms (Oct 06)
Ludwig Nussel
SUSE Security Announcement: permissions (SUSE-SA:2005:062) Ludwig Nussel (Oct 24)
Luigi Auriemma
F.E.A.R. 1.01 likes lithsock Luigi Auriemma (Oct 21)
m123303
Google Talk cleartext proxy credentials vulnerability m123303 (Oct 14)
Mandriva Security Team
MDKSA-2005:190 - Updated nss_ldap/pam_ldap packages fix privilege vulnerabilities. Mandriva Security Team (Oct 21)
MDKSA-2005:178 - Updated squirrelmail packages fixes XSS vulberability Mandriva Security Team (Oct 12)
MDKSA-2005:196 - Updated perl-Compress-Zlib packages fix vulnerabilities Mandriva Security Team (Oct 26)
MDKSA-2005:188 - Updated graphviz packages fix temporary file vulnerability. Mandriva Security Team (Oct 21)
MDKSA-2005:179 - Updated openssl packages fix vulnerabilities Mandriva Security Team (Oct 12)
MDKSA-2005:177 - Updated hylafax packages fix temporary file vulnerability Mandriva Security Team (Oct 08)
MDKSA-2005:191 - Updated ruby packages fix safe level and taint flag protections vulnerability Mandriva Security Team (Oct 21)
MDKSA-2005:195 - Updated squid packages fix vulnerabilities Mandriva Security Team (Oct 26)
MDKSA-2005:193 - Updated ethereal packages fix multiple vulnerabilities Mandriva Security Team (Oct 26)
MDKSA-2005:183 - Updated wget packages fix NTLM authentication vulnerability Mandriva Security Team (Oct 14)
MDKSA-2005:201 - Updated sudo packages fix vulnerability Mandriva Security Team (Oct 28)
MDKSA-2005:185 - Updated koffice packages fix KWord RTF import overflow vulnerability Mandriva Security Team (Oct 15)
MDKSA-2005:181 - Updated squid packages fix vulnerabilities Mandriva Security Team (Oct 12)
MDKSA-2005:199 - Updated netpbm packages fix pnmtopng vulnerabilities Mandriva Security Team (Oct 26)
MDKSA-2005:171 - Updated kernel packages fix multiple vulnerabilities Mandriva Security Team (Oct 03)
MDKSA-2005:187 - Updated dia packages fix python SVG import vulnerability. Mandriva Security Team (Oct 21)
MDKSA-2005:198 - Updated uim packages fix suid linking vulnerabilities. Mandriva Security Team (Oct 26)
MDKSA-2005:173 - Updated mozilla-firefox packages fix vulnerabilities Mandriva Security Team (Oct 07)
MDKSA-2005:175 - Updated texinfo packages fix temporary file vulnerability Mandriva Security Team (Oct 07)
MDKSA-2005:193-1 - Updated ethereal packages fix multiple vulnerabilities Mandriva Security Team (Oct 26)
MDKSA-2005:192 - Updated xli packages fix buffer overflow vulnerabilities. Mandriva Security Team (Oct 21)
MDKSA-2005:184 - Updated cfengine packages fix temporary file vulnerabilities Mandriva Security Team (Oct 14)
MDKSA-2005:186-1 - Updated lynx packages fix remote buffer overflow Mandriva Security Team (Oct 26)
MDKSA-2005:176 - Updated webmin package fixes authentication bypass vulnerability Mandriva Security Team (Oct 08)
MDKSA-2005:182 - Updated curl packages fix NTLM authentication vulnerability Mandriva Security Team (Oct 14)
MDKSA-2005:186 - Updated lynx packages fix remote buffer overflow Mandriva Security Team (Oct 18)
MDKSA-2005:172 - Updated openssh packages fix GSSAPI credentials vulnerability Mandriva Security Team (Oct 07)
MDKSA-2005:189 - Updated imap packages fix buffer overflow vulnerabilities. Mandriva Security Team (Oct 21)
MDKSA-2005:200 - Updated apache-mod_auth_shadow packages fix security restriction bypass issues. Mandriva Security Team (Oct 28)
MDKSA-2005:174 - Updated mozilla-thunderbird packages fix multiple vulnerabilities Mandriva Security Team (Oct 07)
MDKSA-2005:194 - Updated php-imap packages fix buffer overflow vulnerabilities. Mandriva Security Team (Oct 26)
MDKSA-2005:180 - Updated xine-lib packages fixes cddb vulnerability Mandriva Security Team (Oct 12)
MDKSA-2005:197 - Updated unzip packages fix suid, permissions vulnerabilities. Mandriva Security Team (Oct 26)
ma+nomail
fetchmail security announcement 2005-02 (CVE-2005-3088) ma+nomail (Oct 27)
Marcus Meissner
SUSE Security Announcement: openSSL protocol downgrade attack (SUSE-SA:2005:061) Marcus Meissner (Oct 19)
Martin Pitt
[USN-207-1] PHP vulnerability Martin Pitt (Oct 17)
[USN-213-1] sudo vulnerability Martin Pitt (Oct 31)
[USN-195-1] Ruby vulnerability Martin Pitt (Oct 10)
[USN-196-1] Xine library vulnerability Martin Pitt (Oct 10)
[USN-200-1] Thunderbird vulnerabilities Martin Pitt (Oct 11)
[USN-155-3] Fixed mozilla locale packages Martin Pitt (Oct 04)
[USN-206-1] Lynx vulnerability Martin Pitt (Oct 17)
[USN-197-1] Shorewall vulnerability Martin Pitt (Oct 10)
[USN-198-1] cfengine vulnerabilities Martin Pitt (Oct 10)
[USN-151-3] zlib vulnerabilities Martin Pitt (Oct 31)
[USN-204-1] SSL library vulnerability Martin Pitt (Oct 14)
[USN-211-1] Enigmail vulnerability Martin Pitt (Oct 20)
[USN-210-1] netpbm vulnerability Martin Pitt (Oct 18)
[USN-201-1] SqWebmail vulnerabilities Martin Pitt (Oct 12)
[USN-203-1] Abiword vulnerabilities Martin Pitt (Oct 13)
Re: [Full-disclosure] [USN-208-1] SSH server vulnerability Martin Pitt (Oct 18)
[USN-208-1] graphviz vulnerability Martin Pitt (Oct 17)
[USN-193-1] dia vulnerability Martin Pitt (Oct 04)
[USN-202-1] KOffice vulnerability Martin Pitt (Oct 12)
[USN-212-1] libgda2 vulnerability Martin Pitt (Oct 31)
[USN-194-1] texinfo vulnerability Martin Pitt (Oct 06)
[USN-206-2] Fixed lynx packages for USN-206-1 Martin Pitt (Oct 31)
[USN-205-1] Curl and wget vulnerabilities Martin Pitt (Oct 14)
[USN-208-1] SSH server vulnerability Martin Pitt (Oct 17)
[USN-199-1] Linux kernel vulnerabilities Martin Pitt (Oct 10)
Martin Schulze
[SECURITY] [DSA 871-1] New libgda2 packages fix arbitrary code execution Martin Schulze (Oct 25)
[SECURITY] [DSA 833-1] New mysql-dfsg-4.1 packages fix arbitrary code execution Martin Schulze (Oct 01)
[SECURITY] [DSA 871-2] New libgda2 packages fix arbitrary code execution Martin Schulze (Oct 25)
[SECURITY] [DSA 833-2] New mysql-dfsg-4.1 package fixes arbitrary code execution Martin Schulze (Oct 04)
[SECURITY] [DSA 870-1] New sudo packages fix arbitrary command execution Martin Schulze (Oct 25)
[SECURITY] [DSA 862-1] New Ruby 1.6 packages fix safety bypass Martin Schulze (Oct 11)
[SECURITY] [DSA 873-1] New net-snmp packages fix denial of service Martin Schulze (Oct 26)
[SECURITY] [DSA 837-1] New Mozilla Firefox packages fix denial of service Martin Schulze (Oct 03)
[SECURITY] [DSA 869-1] New eric packages fix arbitrary code execution Martin Schulze (Oct 21)
[SECURITY] [DSA 866-1] New Mozilla packages fix several vulnerabilities Martin Schulze (Oct 20)
[SECURITY] [DSA 548-2] New imlib packages fix arbitrary code execution Martin Schulze (Oct 26)
[SECURITY] [DSA 865-1] New hylafax packages fix insecure temporary files Martin Schulze (Oct 13)
[SECURITY] [DSA 839-1] New apachetop packages fix insecure temporary file Martin Schulze (Oct 04)
[SECURITY] [DSA 842-1] New egroupware packages fix arbitrary code execution Martin Schulze (Oct 04)
[SECURITY] [DSA 878-1] New netpbm-free packages fix arbitrary code execution Martin Schulze (Oct 28)
[SECURITY] [DSA 848-1] New masqmail packages fix several vulnerabilities Martin Schulze (Oct 08)
[SECURITY] [DSA 851-1] New openvpn packages fix denial of service Martin Schulze (Oct 11)
[SECURITY] [DSA 836-1] New cfengine2 packages fix arbitrary file overwriting Martin Schulze (Oct 01)
[SECURITY] [DSA 849-1] New shorewall packages fix firewall bypass Martin Schulze (Oct 08)
[SECURITY] [DSA 857-1] New graphviz packages fix insecure temporary file Martin Schulze (Oct 11)
[SECURITY] [DSA 867-1] New module-assistant package fixes insecure temporary file Martin Schulze (Oct 20)
[SECURITY] [DSA 861-1] New uw-imap packages fix arbitrary code execution Martin Schulze (Oct 11)
[SECURITY] [DSA 874-1] New lynx packages fix arbitrary code execution Martin Schulze (Oct 27)
[SECURITY] [DSA 876-1] New lynx-ssl packages fix arbitrary code execution Martin Schulze (Oct 27)
[SECURITY] [DSA 864-1] New Ruby 1.8 packages fix safety bypass Martin Schulze (Oct 13)
[SECURITY] [DSA 863-1] New xine-lib packages fix arbitrary code execution Martin Schulze (Oct 12)
[SECURITY] [DSA 850-1] New tcpdump packages fix denial of service Martin Schulze (Oct 11)
[SECURITY] [DSA 834-1] New prozilla packages fix arbitrary code execution Martin Schulze (Oct 01)
[SECURITY] [DSA 860-1] New Ruby packages fix safety bypass Martin Schulze (Oct 11)
[SECURITY] [DSA 843-1] New arc packages fix insecure temporary files Martin Schulze (Oct 05)
[SECURITY] [DSA 858-1] New xloadimage packages fix arbitrary code execution Martin Schulze (Oct 11)
[SECURITY] [DSA 852-1] New up-imapproxy packages fix arbitrary code execution Martin Schulze (Oct 11)
[SECURITY] [DSA 853-1] New ethereal packages fix several vulnerabilities Martin Schulze (Oct 11)
[SECURITY] [DSA 844-1] New mod-auth-shadow packages fix authentication bypass Martin Schulze (Oct 05)
[SECURITY] [DSA 872-1] New koffice packages fix arbitrary code execution Martin Schulze (Oct 26)
[SECURITY] [DSA 856-1] New py2play packages fix arbitrary code execution Martin Schulze (Oct 11)
[SECURITY] [DSA 840-1] New drupal packages fix remote command execution Martin Schulze (Oct 04)
[SECURITY] [DSA 847-1] New dia packages fix arbitrary code execution Martin Schulze (Oct 08)
[SECURITY] [DSA 845-1] New mason packages fix missing init script Martin Schulze (Oct 06)
[SECURITY] [DSA 875-1] New OpenSSL packages fix cryptographic weakness Martin Schulze (Oct 27)
[SECURITY] [DSA 846-1] New cpio packages fix several vulnerabilities Martin Schulze (Oct 07)
[SECURITY] [DSA 877-1] New gnump3d packages fix several vulnerabilities Martin Schulze (Oct 28)
[SECURITY] [DSA 854-1] New tcpdump packages fix denial of service Martin Schulze (Oct 11)
[SECURITY] [DSA 859-1] New xli packages fix arbitrary code execution Martin Schulze (Oct 11)
[SECURITY] [DSA 855-1] New weex packages fix arbitrary code execution Martin Schulze (Oct 11)
[SECURITY] [DSA 868-1] New Mozilla Thunderbird packages fix several vulnerabilities Martin Schulze (Oct 20)
[SECURITY] [DSA 835-1] New cfengine packages fix arbitrary file overwriting Martin Schulze (Oct 01)
max
[SECURITYREASON.COM] phpMyAdmin Local file inclusion 2.6.4-pl1 max (Oct 11)
Meder Kydyraliev
Linux Orinoco drivers information leakage Meder Kydyraliev (Oct 12)
mgotts
Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through mgotts (Oct 29)
Michael Stone
[SECURITY] [DSA 838-1] New mozilla-firefox packages fox multiple vulnerabilities Michael Stone (Oct 03)
mkanat
Security Advisory for Bugzilla 2.18.3, 2.20rc2, and 2.21 mkanat (Oct 01)
Morten Torstensen
Re: Windows host based firewall tester Morten Torstensen (Oct 19)
Neil Dickey
RE: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides Neil Dickey (Oct 04)
NGSSoftware Insight Security Research
High Risk Vulnerability in Sun Directory Server NGSSoftware Insight Security Research (Oct 06)
Multiple Critical and High Vulnerabilities in Oracle Database Server NGSSoftware Insight Security Research (Oct 18)
Patches available for critical flaws in HP Openview NGSSoftware Insight Security Research (Oct 05)
Nicob
Re: [Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Nicob (Oct 29)
none
Trusted Digital, Trusted Mobility Suite Authorization Bypass Vulnerability none (Oct 14)
noreply
APPLE-SA-2005-10-31 Mac OS X v10.4.3 noreply (Oct 31)
OpenPKG
[OpenPKG-SA-2005.022] OpenPKG Security Advisory (openssl) OpenPKG (Oct 17)
papipsycho
Nuked klan 1.7: Remote Exploit papipsycho (Oct 24)
Nuked klan 1.7: XSS vulnerability papipsycho (Oct 21)
Nuked klan 1.7: SQL vulnerability papipsycho (Oct 24)
Nuked klan 1.7: Bypassed level admin on forum(corrected) papipsycho (Oct 24)
Paul
RE: Possible Bug in PHP-Fusion 6.0.204 Paul (Oct 25)
Paul Craig
Multiple vulnerabilities within RockLiffe MailSite Express WebMail Paul Craig (Oct 28)
Paul Laudanski
Re: [Full-disclosure] Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service Paul Laudanski (Oct 18)
phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Paul Laudanski (Oct 26)
Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Paul Laudanski (Oct 29)
Paul Szabo
gnome-pty-helper writes arbitrary utmp records Paul Szabo (Oct 08)
peanut
Possible Bug in PHP-Fusion 6.0.204 peanut (Oct 24)
Phantasmal Phantasmagoria
The Malloc Maleficarum Phantasmal Phantasmagoria (Oct 11)
philipp
Trillian remote crashable philipp (Oct 03)
Piotr Bania
Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service Piotr Bania (Oct 13)
Exploiting Windows Device Drivers Whitepaper Piotr Bania (Oct 17)
please_reply_to_security
UnixWare 7.1.4 UnixWare 7.1.3 : ppp buffer overflow please_reply_to_security (Oct 21)
OpenServer 5.0.7 : authsh and backupsh buffer overflow please_reply_to_security (Oct 21)
poizon
DboardGear - uncorrect import themes (SQL-inject) poizon (Oct 25)
ppwd25
Windows UMPNPMGR wsprintfW Stack Buffer Overflow Vulnerability PoC ppwd25 (Oct 21)
preben
aspReady FAQ - open for SQL-injections preben (Oct 06)
Vulnerability in MG2 php based Image Gallery - bypass security, view password protected images preben (Oct 29)
Radoslav Dejanović
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers Radoslav Dejanović (Oct 07)
Rainer Duffner
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers Rainer Duffner (Oct 06)
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers Rainer Duffner (Oct 06)
retrogod
e107 remote commands execution retrogod (Oct 18)
Cyphor 0.19 SQL Injection / Board takeover / cross site scripting retrogod (Oct 08)
MyBloggie 2.1.3beta null char + SQL Injection -> Login Bypass retrogod (Oct 01)
PhpNuke 7.8 with all security fixes/patches "Your_Account", "Downloads", "Web Links" SQL Injection / Remote commans execution retrogod (Oct 24)
Utopia News Pro 1.1.3 SQL Injection / cross site scripting retrogod (Oct 07)
rgod
versatileBulletinBoard V1.0.0 RC2 (possibly prior versions) multiple SQL injection vulnerabilities / login bypass / board takeover rgod (Oct 11)
Richard M. Smith
Looking for security contacts at Sony and Lenovo (FKA IBM) Richard M. Smith (Oct 26)
Looking for a security contact at Macrovision/InstallShield Richard M. Smith (Oct 26)
rod hedor
Remote File Inclusion in forum PunBB rod hedor (Oct 24)
Scott Cromar
Insecure Temporary Files in BMC/Control-M Agent Scott Cromar (Oct 24)
Sebastian Krahmer
SUSE Security Announcement: OpenWBEM (SUSE-SA:2005:060) Sebastian Krahmer (Oct 17)
SEC Consult Research
Re: [Full-disclosure] SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability SEC Consult Research (Oct 29)
Secunia Research
Secunia Research: ATutor Multiple Vulnerabilities Secunia Research (Oct 27)
Secunia Research: ALZip Multiple Archive Handling Buffer Overflow Secunia Research (Oct 05)
Secunia Research: Mantis "t_core_path" File Inclusion Vulnerability Secunia Research (Oct 26)
Secunia Research: ZipGenius Multiple Archive Handling Buffer Overflow Secunia Research (Oct 21)
Secunia Research: Webroot Desktop Firewall Two Vulnerabilities Secunia Research (Oct 06)
Secunia Research: MySource Cross-Site Scripting and File Inclusion Vulnerabilities Secunia Research (Oct 18)
Secunia Research: WinRAR Format String and Buffer Overflow Vulnerabilities Secunia Research (Oct 11)
Secunia Research: PHP-Fusion Two SQL Injection Vulnerabilities Secunia Research (Oct 06)
Secunia Research: Novell NetMail NMAP Agent "USER" Buffer Overflow Vulnerability Secunia Research (Oct 12)
Secunia Research: AhnLab V3 Antivirus ALZ/UUE/XXE Archive Handling Buffer Overflow Secunia Research (Oct 13)
secure
VERITAS NetBackup: Java User-Interface, format string vulnerability secure (Oct 12)
security
Re: Online Dating Software by AEwebworks - aeDating Script <= 4.0 Version Vulnerability security (Oct 03)
Security Alert
[security bulletin] SSRT5975 HP-UX Running on Itanium Platforms Local Denial of Service (DoS) Security Alert (Oct 13)
security-alert
[security bulletin] SSRT051041 rev.0 - HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS) security-alert (Oct 04)
[security bulletin] SSRT051043 rev.0 - Apache Remote Unauthorized access security-alert (Oct 07)
[security bulletin] SSRT051030 rev.1 - HP OpenView Event Correlation Services (OV ECS) Remote Unauthorized Privileged Access security-alert (Oct 04)
[security bulletin] SSRT051003 rev.1 - HP-UX Java Web Start remote unauthorized privileged access security-alert (Oct 07)
[security bulletin] SSRT051055 rev.0 - HP Oracle for OpenView (OfO) Critical Patch Update October 2005 security-alert (Oct 24)
[security bulletin] SSRT051040 rev.0 - HP-UX Mozilla Remote Unauthorized Execution of Privileged Code security-alert (Oct 04)
[security bulletin] SSRT4743, SSRT4884 rev.1 - HP Tru64 UNIX TCP/IP remote Denial of Service (DoS) security-alert (Oct 06)
[security bulletin] SSRT5940 rev.2 - HP-UX Mozilla remote, unauthorized user may execute privileged code security-alert (Oct 04)
[security bulletin] SSRT051023 rev.5 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access security-alert (Oct 04)
[security bulletin] SSRT051052 rev.1 - HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE) Remote Privileged Access security-alert (Oct 21)
[security bulletin] SSRT051004 rev.1 - HP-UX Java Runtime Environment (JRE) Untrusted Applet Elevates Privilege security-alert (Oct 06)
[security bulletin] SSRT051052 rev.0 - HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE) Remote Privileged Access security-alert (Oct 20)
[security bulletin] SSRT051041 rev.1 - HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS) security-alert (Oct 13)
security curmudgeon
Re: [Dailydave] Security contact for ... security curmudgeon (Oct 07)
Seth Fogie
Airscanner Mobile Security Advisory #05101001: iTunes Shared Music Denial of Service/Spoofing/Flooding/Abuse Seth Fogie (Oct 14)
Shell
Linksys WRT54G/S Directory Traversal Shell (Oct 18)
sikikmail
Zomplog Script Injection Vulnerability =>3.4 (all versions vulnerable) sikikmail (Oct 24)
SparkleBlog Journal.php HTML Injection Vulnerability =>v2.1 (all versions vulnerable) sikikmail (Oct 25)
Silent / Saracoth
Re: Opinion: Complete failure of Oracle security response and utter neglect of t Silent / Saracoth (Oct 11)
slythers
PHP local safedir restriction bypass slythers (Oct 17)
snsadv
[SNS Advisory No.84] Oracle Application Server HTTP Response Splitting Vulnerability snsadv (Oct 21)
[SNS Advisory No.85] XOOPS Multiple Cross-site Scripting Vulnerabilities snsadv (Oct 25)
sp3x
SecurityAlert SA025 : PHPNuke Remote Directory Traversal sp3x (Oct 19)
SPI Labs
Oracle 10g - emagent.exe Stack-Based Overflow SPI Labs (Oct 20)
sQl
uplod phpshell in PHP Advanced Transfer Manager sQl (Oct 29)
Stefan Esser
Advisory 17/2005: phpBB Multiple Vulnerabilities Stefan Esser (Oct 31)
Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo() Stefan Esser (Oct 31)
Advisory 20/2005: PHP File-Upload $GLOBALS Overwrite Vulnerability Stefan Esser (Oct 31)
Advisory 19/2005: PHP register_globals Activation Vulnerability in parse_str() Stefan Esser (Oct 31)
Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability Stefan Esser (Oct 24)
Stefano Zanero
Re: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides Stefano Zanero (Oct 04)
Steven M. Christey
A common researcher diagnosis error: misreading error messages Steven M. Christey (Oct 04)
steve . shockley
Re: Network Appliance iSCSI Authentication Bypass steve . shockley (Oct 29)
Steve Shockley
Re: Network Appliance iSCSI Authentication Bypass Steve Shockley (Oct 29)
Sune Kloppenborg Jeppesen
[ GLSA 200510-08 ] xine-lib: Format string vulnerability Sune Kloppenborg Jeppesen (Oct 08)
[ GLSA 200510-15 ] Lynx: Buffer overflow in NNTP processing Sune Kloppenborg Jeppesen (Oct 17)
[ GLSA 200510-09 ] Weex: Format string vulnerability Sune Kloppenborg Jeppesen (Oct 08)
[ GLSA 200510-16 ] phpMyAdmin: Local file inclusion vulnerability Sune Kloppenborg Jeppesen (Oct 17)
[ GLSA 200510-25 ] Ethereal: Multiple vulnerabilities in protocol dissectors Sune Kloppenborg Jeppesen (Oct 31)
[ GLSA 200510-26 ] XLI, Xloadimage: Buffer overflow Sune Kloppenborg Jeppesen (Oct 31)
[ GLSA 200510-05 ] Ruby: Security bypass vulnerability Sune Kloppenborg Jeppesen (Oct 06)
[ GLSA 200510-03 ] Uim: Privilege escalation vulnerability Sune Kloppenborg Jeppesen (Oct 04)
[ GLSA 200510-06 ] Dia: Arbitrary code execution through SVG import Sune Kloppenborg Jeppesen (Oct 06)
[ GLSA 200510-12 ] KOffice, KWord: RTF import buffer overflow Sune Kloppenborg Jeppesen (Oct 14)
sup3r_linux
Remote MySQL User on Cpanel Default installation with blank password sup3r_linux (Oct 29)
Tatercrispies
Re: [Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Tatercrispies (Oct 29)
Thierry Carrez
[ GLSA 200510-22 ] SELinux PAM: Local password guessing attack Thierry Carrez (Oct 28)
Re: [ GLSA 200510-23 ] TikiWiki: XSS vulnerability Thierry Carrez (Oct 28)
[ GLSA 200510-23 ] TikiWiki: XSS vulnerability Thierry Carrez (Oct 28)
[ GLSA 200510-10 ] uw-imap: Remote buffer overflow Thierry Carrez (Oct 12)
[ GLSA 200510-02 ] Berkeley MPEG Tools: Multiple insecure temporary files Thierry Carrez (Oct 04)
[ GLSA 200510-07 ] RealPlayer, Helix Player: Format string vulnerability Thierry Carrez (Oct 07)
[ GLSA 200510-19 ] cURL: NTLM username stack overflow Thierry Carrez (Oct 25)
[ GLSA 200510-11 ] OpenSSL: SSL 2.0 protocol rollback Thierry Carrez (Oct 12)
[ GLSA 200510-01 ] gtkdiskfree: Insecure temporary file creation Thierry Carrez (Oct 04)
[ GLSA 200510-21 ] phpMyAdmin: Local file inclusion and XSS vulnerabilities Thierry Carrez (Oct 25)
[ GLSA 200510-24 ] Mantis: Multiple vulnerabilities Thierry Carrez (Oct 28)
[ GLSA 200510-04 ] Texinfo: Insecure temporary file creation Thierry Carrez (Oct 05)
[ GLSA 200510-13 ] SPE: Insecure file permissions Thierry Carrez (Oct 15)
[ GLSA 200510-14 ] Perl, Qt-UnixODBC, CMake: RUNPATH issues Thierry Carrez (Oct 17)
[ GLSA 200510-17 ] AbiWord: New RTF import buffer overflows Thierry Carrez (Oct 20)
[ GLSA 200510-18 ] Netpbm: Buffer overflow in pnmtopng Thierry Carrez (Oct 20)
[ GLSA 200510-20 ] Zope: File inclusion through RestructuredText Thierry Carrez (Oct 25)
Thierry Zoller
Ciscos VPN-Client-Passwords can be decrypted Thierry Zoller (Oct 17)
Thomas Biege
Call for Papers - DIMVA 2006 Thomas Biege (Oct 04)
Thomas Henlich
Mozilla Thunderbird SMTP down-negotiation weakness Thomas Henlich (Oct 25)
Tim
Windows host based firewall tester Tim (Oct 18)
Tobias Glemser
Re: VoIP-Phones: Weakness in proccessing SIP-Notify-Messages Tobias Glemser (Oct 12)
Tony Finch
Re: Mozilla Thunderbird SMTP down-negotiation weakness Tony Finch (Oct 26)
Tony Jambu
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers Tony Jambu (Oct 08)
Trustix Security Advisor
TSLSA-2005-0059 - multi Trustix Security Advisor (Oct 24)
Ulf Harnhammar
Lynx Remote Buffer Overflow Ulf Harnhammar (Oct 17)
unsecure
Antivirus detection bypass by special crafted archive. unsecure (Oct 08)
v9
OpenVPN[v2.0.x]: foreign_option() formart string vulnerability. v9 (Oct 31)
why
NetFlow Analyzer 4 XSS Vulnerability why (Oct 18)
Will Belcher
SECURECon 2006 Call for papers! Will Belcher (Oct 18)
Williams, James K
RE: CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability Williams, James K (Oct 20)
Re: Antivirus detection bypass by special crafted archive. Williams, James K (Oct 14)
cacam_logsecurity_win32 exploit published on 20051018 by Metasploit Williams, James K (Oct 19)
Re: Security contact for ... Williams, James K (Oct 07)
Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through forged magic byte Williams, James K (Oct 29)
CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability Williams, James K (Oct 14)
ZATAZ Audits
flexbackup default config insecure temporary file creation ZATAZ Audits (Oct 17)
zdi-disclosures
ZDI-05-001: VERITAS NetBackup Remote Code Execution zdi-disclosures (Oct 12)