Buqtraq Archiv März 2005

Date Index

Firefox Software Update, Kai Howells
- Re: Firefox Software Update, Michael Hampton
  - Re: Firefox Software Update, Stan Bubrouski
- Re: Firefox Software Update, Matt Venzke
- Re: Firefox Software Update, Beau Henderson
- Re: Firefox Software Update, Adam Kane
  - Re: Firefox Software Update, Kai Howells
    - Re: Firefox Software Update, Gilles DEMARTY
- Re: Firefox Software Update, Kurt Seifried
  - Re: Firefox Software Update, Rainer Duffner
Badblue HTTP Server Exploit, Miguel Tarascó Acuña
[ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ], JoCaNoR SeCuRiTy TeaM
- <Possible follow-ups>
- Re: [ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ], Maksymilian Arciemowicz
- [ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ], Jose Pedro Andres
Re: BizMail 2.1 Spam Exploit, Jason Frisvold
Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files, Han Boetes
- Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files, devnull
- Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files, exon
Re: iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error, dveditz
[SIG^2 G-TEC] RaidenHTTPD Server Buffer Overflow and CGI Source Disclosure Vulnerabilities, chewkeong
Kernelpanik Labs Digest 2005-2, Kernelpanik Labs - Security Lists
IObjectSafety and Internet Explorer, Shane Hird
phpBB <= 2.0.12 UID Exploit, federico gonzales
- Re: phpBB <= 2.0.12 UID Exploit, Nicob
OpenServer 5.0.6 OpenServer 5.0.7 : A vulnerability in TCP, please_reply_to_security
427BB profile.php XSS vulnerability., Raven
- <Possible follow-ups>
- 427BB profile.php XSS vulnerability., Raven
[KDE Security Advisory] kppp Privileged fd Leak Vulnerability, Dirk Mueller
Software PBLang 4.63 delpm.php authentication vulnerability, Raven
Software PBLang 4.63 sendpm.php reply file read vulnerability, Raven
Forumwa search.php xss vulnerability, Raven
[ GLSA 200503-01 ] Qt: Untrusted library search path, Sune Kloppenborg Jeppesen
iDEFENSE Security Advisory 03.01.05: RealNetworks RealPlayer .smil Buffer Overflow Vulnerability, Michael Sutton
PHP News <= 1.2.4 - Remote File Inclusion (VXSfx), Filip Groszynski
[ GLSA 200503-03 ] Gaim: Multiple Denial of Service issues, Sune Kloppenborg Jeppesen
[ GLSA 200503-04 ] phpWebSite: Arbitrary PHP execution and path disclosure, Thierry Carrez
[ GLSA 200503-02 ] phpBB: Multiple vulnerabilities, Thierry Carrez
[ GLSA 200502-33 ] MediaWiki: Multiple vulnerabilities, Thierry Carrez
[USN-89-1] XML library vulnerabilities, Martin Pitt
[USN-88-1] reportbug information disclosure, Martin Pitt
[USN-86-1] cURL vulnerability, Martin Pitt
[USN-87-1] Cyrus IMAP server vulnerability, Martin Pitt
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client/Server GCR Checksum Buffer Overflow, iDEFENSE Labs
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client/Server GCR Network Buffer Overflow, iDEFENSE Labs
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client/Server GETCONFIG Buffer Overflow, iDEFENSE Labs
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client PUTOLF Directory Traversal, iDEFENSE Labs
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client PUTOLF Buffer Overflow, iDEFENSE Labs
iDEFENSE Security Advisory 03.02.05: Computer Associates License Client and Server Invalid Command Buffer Overflow, iDEFENSE Labs
License Patches Are Now Available To Address Buffer Overflows, Williams, James K
[CLA-2005:926] Conectiva Security Announcement - mod_python, Conectiva Updates
RealOne Player / Real .WAV Heap Overflow File Format Vulnerability, Mark Litchfield
Foxmail server "USER" command Multiple remote buffer overflow, Xin Ouyang
[FLSA-2005:2314] Updated XFree86 packages fix security flaws, Dominic Hargreaves
[ GLSA 200503-05 ] xli, xloadimage: Multiple vulnerabilities, Thierry Carrez
Vulnerabilities in Aura CMS, echo staff
iDEFENSE Labs Releases IDA Sync, iDEFENSE Labs
Golden Ftp server 1.29 Username remote Buffer Overflow, Carlos Ulver
Security Advisory: Computalynx CProxy Server Multiple Remote Vulnerabilities, Kristof Philipsen
EEYE: Computer Associates License Manager Remote Vulnerabilities, Karl Lynn
[SECURITY BULLETIN] SSRT4866 rev.0 MUP HP OpenVMS V6.x and V7.x privileged file access, Boren, Rich (SSRT)
[XSS] paBox 1.6, Rift
Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php, Paisterist
- Re: Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php, vzmule
- <Possible follow-ups>
- Re: Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php, Some one
[USN-90-1] Imagemagick vulnerability, Martin Pitt
Re: SHA-1 broken, Pavel Machek
Microsoft AntiSpyware Beta and Windows Scripting Host, Joe Stocker
- RE: Microsoft AntiSpyware Beta and Windows Scripting Host, alex cottle
[CLA-2005:928] Conectiva Security Announcement - clamav, Conectiva Updates
TYPO3 SQL Injection vunerabilitie, Fabian Becker
- Re: TYPO3 SQL Injection vunerabilitie, Sebastian Wolfgarten
  - RE: TYPO3 SQL Injection vunerabilitie, GulfTech Security Research
  - Re: TYPO3 SQL Injection vunerabilitie, Michael Shigorin
- Re: TYPO3 3rd party extension (cmw_linklist) SQL Injection vunerability, Michael Shigorin
- <Possible follow-ups>
- Re: TYPO3 SQL Injection vunerabilitie, Dennis Shewmaker
- Re: TYPO3 SQL Injection vunerabilitie, Michael Stucki
- Re: TYPO3 SQL Injection vunerabilitie, Karsten Dambekalns
Microsoft Antispyware Beta window docking issue, Jeroen van Rijn
- Re: Microsoft Antispyware Beta window docking issue, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
My-forum.org cookies vulnerability - data bug, Black Angel
[ GLSA 200503-06 ] BidWatcher: Format string vulnerability, Sune Kloppenborg Jeppesen
[ GLSA 200503-07 ] phpMyAdmin: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
PHP News <= 1.2.4 - Remote File Inclusion Exploit, mozako
GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability, Hongzhen Zhou
- Re: GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability, Frank Denis (Jedi/Sector One)
- <Possible follow-ups>
- Re: GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability, Hongzhen Zhou
Download Center Lite (DCL) - Arbitrary File Inclusion (VXSfx), Filip Groszynski
PHP Form Mail Script (2.3) - Arbitrary File Inclusion (VXSfx), Filip Groszynski
-==phpBB 2.0.13 Full path disclosure==-, HaCkZaTaN
[ GLSA 200503-08 ] OpenMotif, LessTif: New libXpm buffer overflows, Thierry Carrez
[ GLSA 200503-09 ] xv: Filename handling vulnerability, Thierry Carrez
[ GLSA 200503-10 ] Mozilla Firefox: Various vulnerabilities, Thierry Carrez
Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2, Andrey Bayora
- Re: [Full-Disclosure] Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2, Trog
  - Re: [Full-Disclosure] Bypass of 22 Antivirus software with GDI+ bug exploit Mutations - part 2, Andrey Bayora
phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-, Wesley aka PPC
- Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-, Matthias
LOOKNMEET HTML INJECT EXPLOIT, Wesley aka PPC
PaX privilege elevation security bug, pageexec
MDKSA-2005:048 - Updated curl packages fix vulnerability, Mandrakelinux Security Team
MDKSA-2005:049 - Updated gaim packages fix multiple vulnerabilities, Mandrakelinux Security Team
MDKSA-2005:051 - Updated cyrus-imapd packages fix vulnerabilities, Mandrakelinux Security Team
MDKSA-2005:052 - Updated kdegraphics packages fix vulnerabilities, Mandrakelinux Security Team
MDKSA-2005:050 - Updated gftp packages fix vulnerability, Mandrakelinux Security Team
Windows Server 2003 and XP SP2 LAND attack vulnerability, Dejan Levaja
- Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, Jon O.
  - Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, Patrick Chipman
  - Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, Miroslav Kubik
  - Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, killer_loop@xxxxxxxx
  - Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, exon
- <Possible follow-ups>
- Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, paul14075
- Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, Grndahl
- Re: Windows Server 2003 and XP SP2 LAND attack vulnerability, caldcv
- RE: Windows Server 2003 and XP SP2 LAND attack vulnerability, Detection Services - IS Security
  - RE: Windows Server 2003 and XP SP2 LAND attack vulnerability, Miguel Angel Rodríguez Jódar
- RE: Windows Server 2003 and XP SP2 LAND attack vulnerability, Evans, Arian
- RE: Windows Server 2003 and XP SP2 LAND attack vulnerability, Daniel Cross
[ GLSA 200503-13 ] mlterm: Integer overflow vulnerability, Luke Macken
[SECURITY] [DSA 691-1] New abuse packages fix local root exploit, Martin Schulze
Remote Command Execution, Francisco Alisson
- Re: Remote Command Execution, BoI base
- Re: Remote Command Execution, BoI base
[ GLSA 200503-11 ] ImageMagick: Filename handling vulnerability, Thierry Carrez
[ GLSA 200503-12 ] Hashcash: Format string vulnerability, Thierry Carrez
- <Possible follow-ups>
- Re: [ GLSA 200503-12 ] Hashcash: Format string vulnerability, Hubert Chan
[Hat-Squad] Computer-Associates, License Manager POC Exploit, Hat-Squad Security Team
[FLSA-2005:1748] Updated subversion packages fix security issues, Marc Deslauriers
CIRT.DK Advisory - SafeNet Inc Sentinel License Manager 7.2.0.2 Buffer Overflow, CIRT Advisory
[FLSA-2005:2344] Updated php packages fix security issues, Marc Deslauriers
Real Realplayer 10 .smil local buffer overflow POC, nolimit bugtraq
[USN-91-1] EXIF library vulnerability, Martin Pitt
phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit, thephuket
- Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit, comsatcat
- Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit, comsatcat
thoughts and a possible solution on homograph attacks, Michael Roitzsch
- Re: thoughts and a possible solution on homograph attacks, Michael Silk
- Re: thoughts and a possible solution on homograph attacks, Kevin Day
  - Re: thoughts and a possible solution on homograph attacks, Dmitry Yu. Bolkhovityanov
    - Re: thoughts and a possible solution on homograph attacks, Michael Roitzsch
  - Re: thoughts and a possible solution on homograph attacks, Denis Jedig
- Re: thoughts and a possible solution on homograph attacks, James Youngman
- Re: thoughts and a possible solution on homograph attacks, Thomas Wana
- Re: thoughts and a possible solution on homograph attacks, Benjamin Franz
- Re: thoughts and a possible solution on homograph attacks, Dmitry Yu. Bolkhovityanov
- <Possible follow-ups>
- RE: thoughts and a possible solution on homograph attacks, Scovetta, Michael V
  - Re: thoughts and a possible solution on homograph attacks, Mike Nice
  - Re: houghts and a possible solution on homograph attacks, Sven Putteneers
    - Re: houghts and a possible solution on homograph attacks, Nick FitzGerald
    - Re: Thoughts and a possible solution on homograph attacks, Paul Smith
    - Re: Thoughts and a possible solution on homograph attacks, Riccardo Murri
    - Re: Thoughts and a possible solution on homograph attacks, Valdis . Kletnieks
    - Re: Thoughts and a possible solution on homograph attacks, khockenb
    - Re: Thoughts and a possible solution on homograph attacks, Riccardo Murri
- Re: Thoughts and a possible solution on homograph attacks, Duncan Simpson
  - Re: Thoughts and a possible solution on homograph attacks, Nick FitzGerald
Gene6 FTP Server Local Privilege Escalation Vulnerability, Sowhat
- <Possible follow-ups>
- Re: Gene6 FTP Server Local Privilege Escalation Vulnerability, Matthieu
Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability, Atom Smasher
- Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability, Atom Smasher
- Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability, Atom Smasher
  - Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability, Ryan Cummings
    - Re: Lingo VoIP ATA / UTStarcom iAN-02EX remote access vulnerability, Atom Smasher
Remote Testing SocialMPN Remote File Inclusion by y3dips, echo staff
PHP Form Mail Script <= 2.3 arbitrary file inclusion exploit exploit, mozako
vBulletin Worm - perl.Santy variant, The Prohacker
phpBB 2.0.13 - user level exploit, Some one
PHP-FUSION 5.* XSS VULNERABILITY, FireSt0rm
drone armies C&C report - Feb/2005, Gadi Evron
Re: phpGiftReq SQL Injection, Ryan Walberg
See-security advisory: Trillian Basic 3.0 PNG Processing Buffer overflow, tal zeltzer
- Argeniss - Oracle Database Server Directory transversal, Cesar
[CLA-2005:930] Conectiva Security Announcement - kernel, Conectiva Updates
PHP mcNews <= 1.3 arbitrary file inclusion (VXSfx), Filip Groszynski
phpWebLog <= 0.5.3 arbitrary file inclusion (VXSfx), Filip Groszynski
[USN-92-1] LessTif vulnerabilities, Martin Pitt
[ GLSA 200503-14 ] KDE dcopidlng: Insecure temporary file creation, Sune Kloppenborg Jeppesen
UnixWare 7.1.4 : Samba multiple security issues, please_reply_to_security
Hosting Controller Multiple Unauthenticated information disclose, small mouse
UnixWare 7.1.4 : squid updated package fixes several security issues, please_reply_to_security
iDEFENSE Labs Releases IDA RPC Enumerator, iDEFENSE Labs
Multiples Vulnerabilities, Francisco Alisson
PE Multiple Remote Access Validation Vulnerabilities (Participate Systems Inc. / Outstart Inc.), Altrus Wollesen
RE: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability, Walton, John Michael (John)
[SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file extension validation, pokley
[CLA-2005:931] Conectiva Security Announcement - squid, Conectiva Updates
Multiple vulnerabilities in paFileDB, sp3x
ArGoSoft FTP Server 1.4.2.8 Buffer Overflow, CorryL
failles dans ProjectBB v0.4.5.1, benji
[SECURITY] [DSA 692-1] New kppp packages fix privileged file descriptor leak, Martin Schulze
Ethereal remote buffer overflow, LSS Security
- Re: Ethereal remote buffer overflow, Gerald Combs
- Re: Ethereal remote buffer overflow, Diego Giagio
[FLSA-2005:2404] Updated less package fixes security issue, Marc Deslauriers
[USN-93-1] Squid vulnerability, Martin Pitt
RE: Ethereal remote buffer overflow - addon, LSS Security
[USN-94-1] Perl vulnerability, Martin Pitt
[Security Bulletin] SSRT4891 rev.0 HP Tru64 UNIX message queue local denial of service (DoS), Boren, Rich (SSRT)
Update: MS05-011 EEYE: Windows SMB Client Transaction Response Handling Vulnerability, Marc Maiffret
[Updated][FLSA-2005:2344] Updated php packages fix security issues, Marc Deslauriers
Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability., Bipin Gautam
- <Possible follow-ups>
- Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability., secure
XCode 1.5 and distcc 2.x Exploit, Ray Slakinski
iDEFENSE Security Advisory 03.10.05: Ipswitch Collaboration Suite IMAP EXAMINE Buffer Overflow Vulnerability, iDEFENSE Labs
Wfsection 1.07 vulnerabilities, kreon
iDownload/iSearch responds to Spyware Critics, Paul Laudanski
- Re: iDownload/iSearch responds to Spyware Critics, bkfsec
UBB.threads 6 SQL Injection, kre0n
Security Masters Dojo, Dragos Ruiu
[SECURITYREASON.COM][phpBB 2.0.13 SQL error in session cXIb8O3.8], Maksymilian Arciemowicz
[ GLSA 200503-16 ] Ethereal: Multiple vulnerabilities, Luke Macken
Re: [SECURITYREASON.COM] PostNuke Critical SQL Injection 0.760-RC2=>x cXIb8O3.1, Linux php
[SECURITYREASON.COM] SQL injection and XSS in paFileDB, SecurityReason
[badroot.org] The Includer remote commands execution exploit, Federico Ozak
- <Possible follow-ups>
- [badroot.org] The Includer remote commands execution exploit, mozako
PhotoPost PHP 5.0 RC3, and later, multiple vulnerabilities, Igor Franchuk
Mysql CREATE FUNCTION mysql.func table arbitrary library injection, Stefano Di Paola
summercon looking for speakers, louis
Mysql CREATE FUNCTION libc arbitrary code execution., Stefano Di Paola
[ GLSA 200503-15 ] X.org: libXpm vulnerability, Matthias Geerdsen
PlatinumFTP 1.0.18 remote DoS, ports
[SECURITYREASON.COM] Mass Full Path Disclosure in paFileDB, SecurityReason
Virginity Security Advisory 2005-001 : Hola CMS - File destruction and System access, Virginity Security
aeNovo Database Content Disclosure Vulnerability, farhad koosha
KnowledgeBase, Francisco Alisson
Av issues, Bipin Gautam
- <Possible follow-ups>
- RE: Av issues, David Webster
  - Re: Av issues, Thierry Zoller
    - Re: Av issues, Yves Belle-Isle
- Re: Av issues, bipin gautam
Ethereal remote buffer overflow #2, LSS Security
[ GLSA 200503-17 ] libexif: Buffer overflow vulnerability, Luke Macken
[SECURITY] [DSA 662-2] New squirrelmail package fixes regression, Martin Schulze
[CLA-2005:933] Conectiva Security Announcement - gaim, Conectiva Updates
SUSE Security Announcement: openslp (SUSE-SA:2005:015), Sebastian Krahmer
[HAT-SQUAD] SafeNet Sentinel LM, UDP License Manager Exploit, class 101
[SECURITY] [DSA 693-1] New luxman packages fix local root exploit, Martin Schulze
LimeWire Gnutella client two vulnerabilities, Kevin Walsh
New Version of WinBlox is Available, Liu Die Yu
[ZH2005-02SA] Insecure tmp file creation in Wine, Giovanni Delvecchio
Master RPC program number data base (/etc/rpc), Eilon Gishri
SimpGB SQL Injection Vulnerability, Alexander Müller
[XSS] paBox 2.0, Rift
...::: hotforum.nl XSS exploit :::..., Rebyte Security
Ethereal 0.10.9 and below remote root exploit, Diego Giagio
3 XSS Vulnerabilities in Phorum <= 5.0.14, Jon Oberheide
[SECURITYREASON.COM] phpAdsNew 2.0.4-pr1 Multiple vulnerabilities cXIb8O3.9, Maksymilian Arciemowicz
YaBB2 rc1 XSS, alireza hassani
"Drop to STARTUP Folder II" published on 2005/02/08, Liu Die Yu
DMA[2005-0310a] - 'Frank McIngvale LuxMan buffer overflow', Kevin Finisterre
iDEFENSE Security Advisory 03.14.05: MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities, iDEFENSE Labs
Not SQL injection and XSS in paFileDB?, saudi linux
html code include in phpnuke news crash IE 6, WoRmZ Web
- Re: html code include in phpnuke news crash IE 6, Berend-Jan Wever
Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Dr. Peter Bieringer
- Message not available
  - [Full-disclosure] Re: Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Dr. Peter Bieringer
- <Possible follow-ups>
- Re: Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Thierry Zoller
PlantinumFTP server <= 1.0.18 Remote DOS exploit, Exoduks
- Re: PlantinumFTP server <= 1.0.18 Remote DOS exploit, Gary H. Jones II
phpbb cookie admin access, pureone
phpbb <= 2.0.12 uid vuln + admin_styles.php php code injection exploit, bad boy
SAV9 Functionality Hole - misses virus files, me3
- Re: SAV9 Functionality Hole - misses virus files, Harry Hoffman
- Re: SAV9 Functionality Hole - misses virus files, Ben Blakely
- RE: SAV9 Functionality Hole - misses virus files, batchelornpe
- <Possible follow-ups>
- RE: SAV9 Functionality Hole - misses virus files, Polazzo Justin
- RE: SAV9 Functionality Hole - misses virus files, Dewyngaert Brian Contr ANG/C4
- SAV9 Functionality Hole - misses virus files, secure
- Re: SAV9 Functionality Hole - misses virus files, patrickwm71
- Re: SAV9 Functionality Hole - misses virus files, secure
Few remote bugs in zPanel, Mik-
- <Possible follow-ups>
- Re: Few remote bugs in zPanel, Kris Anderson
Virginity Security Advisory 2005-002 : Hola CMS - Another File destruction and System access, Virginity Security
[ISR] - Novell iChain Mini FTP Server Valid User Disclosure Vulnerability, Francisco Amato
[ISR] - Novell iChain Mini FTP Server Unauthorized Remote Path Disclosure Vulnerability, Francisco Amato
[ISR] Insecure communication and Reproduce the Session authentication, Francisco Amato
Denial of Service Vulnerability in MySQL Server for Windows, Luca Ercoli
- <Possible follow-ups>
- RE: Denial of Service Vulnerability in MySQL Server for Windows, BugTrap
[ GLSA 200503-18 ] Ringtone Tools: Buffer overflow vulnerability, Luke Macken
[USN-95-1] Linux kernel vulnerabilities, Martin Pitt
UPDATE: [ GLSA 200501-38 ] Perl: rmtree and DBI tmpfile vulnerabilities, Thierry Carrez
[ISR] - Novell iChain Mini FTP Server Bruteforce Problem, Francisco Amato
Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Dr. Peter Bieringer
- Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Rodrigo Barbosa
  - Message not available
    - Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Rodrigo Barbosa
    - Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, Tomasz Papszun
- <Possible follow-ups>
- Re: [Full-disclosure] Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning, bipin gautam
GoodTech Telnet Server Buffer Overflow Vulnerability, Komrade
MDKSA-2005:053 - Updated ethereal packages fix multiple vulnerabilities, Mandrakelinux Security Team
MDKSA-2005:054 - Updated cyrus-sasl packages fix vulnerability, Mandrakelinux Security Team
MDKSA-2005:055 - Updated openslp packages fix multiple vulnerabilities, Mandrakelinux Security Team
ADVISORY: DataRescue Interactive Disassembler Pro Debugger Format String Vulnerability, Piotr Bania
Multiple KDE Security Advisories (2005-03-16), Waldo Bastian
PlatinumFTPserver format string vulnerability ( IHSTeam ), c0d3r
- Re: PlatinumFTPserver format string vulnerability ( IHSTeam ), Gary H. Jones II
SUSE Security Announcement: multiple Mozilla Firefox vulnerabilities (SUSE-SA:2005:016), Marcus Meissner
MDKSA-2005:056 - Updated koffice packages fix vulnerabilities on 64 bit platforms, Mandrakelinux Security Team
MDKSA-2005:057 - Updated gnupg packages fix vulnerability, Mandrakelinux Security Team
[CLA-2005:934] Conectiva Security Announcement - kdenetwork, Conectiva Updates
[USN-97-1] libxpm vulnerability, Martin Pitt
ASPjar Tell-a-Friend, farhad koosha
Servers Alive: Local Privilege Escalation, Michael Starks
[ GLSA 200503-20 ] curl: NTLM response buffer overflow, Sune Kloppenborg Jeppesen
[ GLSA 200503-19 ] MySQL: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
[USN-96-1] mySQL vulnerabilities, Martin Pitt
Re: GoodTech Telnet Server Buffer Overflow Vulnerability [EXPLOIT], cybertronic
LLSSRV Clarifications <Immunity>, Dave Aitel
MDKSA-2005:059 - Updated evolution packages fix crasher, Mandrakelinux Security Team
[ GLSA 200503-21 ] Grip: CDDB response overflow, Luke Macken
See-security Advisory: Format string vulnerability in MailEnable 1.8, a a
[CLA-2005:937] Conectiva Security Announcement - cyrus-imapd, Conectiva Updates
Windows 2000 GDI32.DLL GetEnhMetaFilePaletteEntries() API specially crafted EMF file DOS vulnerability, Hongzhen Zhou
XSS in ACS blog, farhad koosha
PHP mcNews arbitrary file inclusion, Jonathan Whiteley
MDKSA-2005:058 - Updated kdelibs packages fix multiple vulnerabilities, Mandrakelinux Security Team
Another includer.cgi problem?, cout
[USN-98-1] OpenSLP vulnerabilities, Martin Pitt
LLSSRV Redux, Dave Aitel
Kevin Walsh: LimeWire Gnutella client two vulnerabilities, Ill will
Linux ISO9660 handling flaws, Michal Zalewski
- Re: Linux ISO9660 handling flaws, Dan Yefimov
Cain & Abel PSK Sniffer Heap overflow, Gary O'leary-Steele
Social Engineering: You Have Been A Victim, Paul Laudanski
- Re: [Full-disclosure] Social Engineering: You Have Been A Victim, Ron DuFresne
Re: Windows Security Checklists - 10 Parts, Paul Laudanski
Security Contact at RSA?, Gary O'leary-Steele
[PersianHacker.NET 200503-09]PHPOpenChat v3.x XSS Multiple Vulnerability, PersianHacker Team
myPHP Forum v1, 2 & 3, Terencentanio Enache
possible SQL injection in Subdreamer, GHC team
[USN-99-1] PHP4 vulnerabilities, Martin Pitt
runcms installation path, Majid NT
runcms highlight.php hole, Majid NT
PHP-Post Exploit, Terencentanio Enache
Java Web Start argument injection vulnerability, Jouko Pynnonen
- RE: Java Web Start argument injection vulnerability, James C Slora Jr
[phpbb <= 2.0.13 full path disclosure & directory listing], JoCaNoR SeCuRiTy TeaM
- RE: [phpbb <= 2.0.13 full path disclosure & directory listing], Paul S. Owen
IceCast up to v2.20 multiple vulnerabilities, Patrick
[ GLSA 200503-22 ] KDE: Local Denial of Service, Sune Kloppenborg Jeppesen
Ciamos Installation path(IHS), Majid NT
Ciamos Highlight.php Security Hole(IHS), Majid NT
[PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability, PersianHacker Team
- <Possible follow-ups>
- Fw: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability, Sheldon King
- Fw: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability, Sheldon King
- Re: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability, Sheldon King
OllyDbg long process Module debug Vulnerability, ATmaCA ATmaCA
[ GLSA 200503-23 ] rxvt-unicode: Buffer overflow, Sune Kloppenborg Jeppesen
[ GLSA 200503-24 ] LTris: Buffer overflow, Sune Kloppenborg Jeppesen
Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off, Eitan Caspi
- <Possible follow-ups>
- Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off, BoneMachine
- Re: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off, Eitan Caspi
- RE: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off, Scrimsher, John P
- RE: Re: Symantec Antivirus client locally created scheduled scan is not running if the local console is logged off, Eitan Caspi
[ GLSA 200503-26 ] Sylpheed, Sylpheed-claws: Message reply overflow, Luke Macken
-==CoolForum Path Disclosure & Possible SQL Injection==-, HaCkZaTaN
[CLA-2005:940] Conectiva Security Announcement - curl, Conectiva Updates
2 vulnerabilities in BetaParticle, farhad koosha
TSL-2005-0009 - multi, Trustix Security Advisor
[SECURITY] [DSA 695-1] New xli packages fix several vulnerabilities, Martin Schulze
-==PVDasm Long Name Debug Vulnerability==-, HaCkZaTaN
phpMyFamily 1.4.0 SQL vulnerabilities, kreon
- <Possible follow-ups>
- phpMyFamily 1.4.0 SQL vulnerabilities, kre0n
[ GLSA 200503-27 ] Xzabite dyndnsupdate: Multiple vulnerabilities, Thierry Carrez
[ GLSA 200503-25 ] OpenSLP: Multiple buffer overflows, Thierry Carrez
Details of Sybase ASE bugs withheld, NGSSoftware Insight Security Research
- Re: [VulnWatch] Details of Sybase ASE bugs withheld, Halvar Flake
  - Re: [VulnWatch] Details of Sybase ASE bugs withheld, David Litchfield
    - Re: [VulnWatch] Details of Sybase ASE bugs withheld, sean
- <Possible follow-ups>
- RE: Details of Sybase ASE bugs withheld, Evans, Arian
New Whitepaper: Anti Brute Force Resource Metering, Gunter Ollmann (NGS)
- Re: New Whitepaper: Anti Brute Force Resource Metering, Amit Klein (AKsecurity)
  - Re: New Whitepaper: Anti Brute Force Resource Metering, Gunter Ollmann
    - Re: New Whitepaper: Anti Brute Force Resource Metering, Amit Klein (AKsecurity)
- Re: New Whitepaper: Anti Brute Force Resource Metering, Peter J. Holzer
- <Possible follow-ups>
- Re: New Whitepaper: Anti Brute Force Resource Metering, Jason W
  - Re: New Whitepaper: Anti Brute Force Resource Metering, Joachim Schipper
  - Re: New Whitepaper: Anti Brute Force Resource Metering, Luca Berra
iDEFENSE Security Advisory 03.21.05: Mac OS X CF_CHARSET_PATH Buffer Overflow Vulnerability, iDefense Customer Service
Re: [ISN] How To Save The Internet, Jason Coombs
- RE: [ISN] How To Save The Internet, David Gillett
- <Possible follow-ups>
- Re: [ISN] How To Save The Internet, Jason Coombs
  - Re: [ISN] How To Save The Internet, Thor (Hammer of God)
- RE: [ISN] How To Save The Internet, Arndt . WA
  - Re: [ISN] How To Save The Internet, Derek Martin
SecurityForest Exploitation Framework Beta has been released!, Alon Swartz
MDKSA-2005:060 - Updated MySQL packages fix multiple vulnerabilities, Mandrakelinux Security Team
Kayako eSupport Cross Site Scripting, GulfTech Security Research
Mac OSX[CF_CHARSET_PATH]: local root exploit., Vade 79
Nortel VPN Client Issue: Clear-text password stored in memory, Roy Hills
RUXCON 2005 Call for Papers, RUXCON Call for Papers
[SECURITY] [DSA 696-1] New perl packages fix privilege escalation, Martin Schulze
Possible windows+python bug, liquid
- Re: Possible windows+python bug, Neil Schemenauer
- <Possible follow-ups>
- Re: Possible windows+python bug, azurIt
  - Re: Possible windows+python bug, Kinnell
  - RE: Possible windows+python bug, Peter Oswald
- Re: Possible windows+python bug, liquid
[ Positive Technologies #SA] Phorum "location" HTTP Response Splitting Vulnerability, Alexander Anisimov
Black Hat Briefings & Trainings: Registration now open!, Jeff Moss
- <Possible follow-ups>
- Black Hat Briefings & Trainings: Registration now open!, Jeff Moss
osCommerce File Manager Directory Traversal Vulnerability, Megasky
- Re: osCommerce File Manager Directory Traversal Vulnerability, Aikanáro Calaelen
RE: [VulnWatch] Details of Sybase ASE bugs withheld, Marchand, Tom
- Re: [VulnWatch] Details of Sybase ASE bugs withheld, sean
  - Re: [VulnWatch] Details of Sybase ASE bugs withheld, Peter J. Holzer
- RE: [VulnWatch] Details of Sybase ASE bugs withheld, Chris Wysopal
- <Possible follow-ups>
- RE: [VulnWatch] Details of Sybase ASE bugs withheld, Marchand, Tom
  - Re: [VulnWatch] Details of Sybase ASE bugs withheld, Simple Nomad
    - Re: Details of Sybase ASE bugs withheld, Jay Libove
- RE: [VulnWatch] Details of Sybase ASE bugs withheld, http-equiv@xxxxxxxxxx
root-equivalent groups, psz
Security Development Lifecycle Whitepaper Available, Michael Howard
[SIG^2 G-TEC] SurgeMail Webmail Attachment Upload and XSS Vulnerabilities, chewkeong
Backdoors in AS/400 emulations allow the server to attack connected PC workstations, Shalom Carmel
SUSE Security Announcement: ImageMagick problems (SUSE-SA:2005:017), Marcus Meissner
Notacon: Apr. 8-10, 2005 in Cleveland, OH, Froggy
Interspire ArticleLive 2005 (php version) is vulnerable to XSS, mircia mircia
Vortex Portal, Francisco Alisson
[SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities cXIb8O3.11, Maksymilian Arciemowicz
Multiple vulnerabilities in Topic Calendar 1.0.1 for phpBB, Alberto Trivero
SUSE Security Announcement: several kernel security problems (SUSE-SA:2005:018), Marcus Meissner
Oracle Reports Server 10g Vulnerable to XSS, Paolo Paolo
Hashcash in mail (was: New Whitepaper: Anti Brute Force Resource Metering), Peter J. Holzer
Firescrolling 2 [Firefox 1.0.1], mikx
- Re: Firescrolling 2 [Firefox 1.0.1], John Madden
SUSE Security Announcement: MySQL vulnerabilities (SUSE-SA:2005:019), Marcus Meissner
[USN-100-1] cdrecord vulnerability, Martin Pitt
[USN-99-2] Fixed php4 packages for USN-99-1, Martin Pitt
Secure Science issues preview of their upcoming block cipher, BugTraq
- Re: Secure Science issues preview of their upcoming block cipher, Adam Shostack
  - Re: Secure Science issues preview of their upcoming block cipher, Jerrold Leichter
    - Re: Secure Science issues preview of their upcoming block cipher, Ralf-Philipp Weinmann
  - Re: Secure Science issues preview of their upcoming block cipher, David Covin
  - Re: Secure Science issues preview of their upcoming block cipher, devnull
[ GLSA 200503-29 ] GnuPG: OpenPGP protocol attack, Thierry Carrez
[ GLSA 200503-28 ] Sun Java: Web Start argument injection vulnerability, Thierry Carrez
LogicLibrary BugScan VSR,Trillian 2.0, 3.0 and 3.1, Matt Hargett
Which anti-spyware cleaner is the best?, Paul Laudanski
Security Flaw with Digital signatures in Microsoft Outlook, Roberto Franceschetti
- RE: Security Flaw with Digital signatures in Microsoft Outlook, Adrian Floarea
- Re: [bugtraq] Security Flaw with Digital signatures in Microsoft Outlook, Erwann ABALEA
  - RE: [bugtraq] Security Flaw with Digital signatures in Microsoft Outlook, Lyal Collins
- Re: Security Flaw with Digital signatures in Microsoft Outlook, Anthony G. Atkielski
- <Possible follow-ups>
- Re: Security Flaw with Digital signatures in Microsoft Outlook, dori
RX250305 - OpenMosixView : Multiple Race conditions - advisory and exploit, rexolab
phpMyDirectory 10.1.3-rel Cross site scripting, mircia mircia
smail remote and local root holes, sean
Netcomm 1300NB DSL Modem Denial of Service, Chris Rock
[FLSA-2005:2155] Updated sharutils package fixes security issues, Marc Deslauriers
[FLSA-2005:2129] Updated mysql packages fix security issues, Marc Deslauriers
- Re: [FLSA-2005:2129] Updated mysql packages fix security issues, Ventsislav Genchev
- Re: [FLSA-2005:2129] Updated mysql packages fix security issues, Ventsislav Genchev
[FLSA-2005:2268] Updated spamassassin package fixes security issues, Marc Deslauriers
[ GLSA 200503-30 ] Mozilla Suite: Multiple vulnerabilities, Thierry Carrez
[ GLSA 200503-33 ] IPsec-Tools: racoon Denial of Service, Matthias Geerdsen
TCP timestamp & advanced fingerprinting, Erwan Arzur
- <Possible follow-ups>
- RE: TCP timestamp & advanced fingerprinting, Bruce Klein
  - Re: TCP timestamp & advanced fingerprinting, Erwan Arzur
phpbb 2.0.13 Exploit (bug), tOnk3r
ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6, Gerardo Astharot Di Giacomo
- Re: ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6, Paul Laudanski
AS/400 LDAP user accounts disclosure, Shalom Carmel
QuickTime malformed JPEG buffer overflow, liquid
File inclusion and XSS vulnerability in E-Store Kit-2 PayPal Edition, dcrab
Re: smail remote and local root holes (no, not really ;-), Greg A. Woods
- Re: smail remote and local root holes (no, really ;-), sean
- Re: smail remote and local root holes (really, it is exploitable), sean
Brute-Force scanning the entire 32-bit IP space using Javascript., cyber_flash
FreeBSD Security Advisory FreeBSD-SA-05:01.telnet, FreeBSD Security Advisories
iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client env_opt_add() Buffer Overflow Vulnerability, iDEFENSE Labs
iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability, iDEFENSE Labs
- Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability, Solar Designer
  - Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability, Tavis Ormandy
  - Re: iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability, Ga=EBl?= Delalleau
[CLA-2005:942] Conectiva Security Announcement - ethereal, Conectiva Updates
[ GLSA 200503-34 ] mpg321: Format string vulnerability, Sune Kloppenborg Jeppesen
Buffer-overflow in Tincat 2 minor than 2.0.28 (Sacred, Settlers 5 and others), Luigi Auriemma
Multiple sql injection, and xss vulnerabilities in Vladersoft Shopping Cart v.3.0, dcrab
Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software., dcrab
- RE: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software., GulfTech Security Research
- <Possible follow-ups>
- Re: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software., dcrab
local root security bug in linux >= 2.4.6 <= 2.4.30-rc1 and 2.6.x.y <= 2.6.11.5, advisories
Multiple Sql injection, and multiple XSS vulnerabilities in Easy Community Management System Forum (E-XOOPS), dcrab
- <Possible follow-ups>
- Multiple Sql injection, and multiple XSS vulnerabilities in Easy Community Management System Forum (E-XOOPS), dcrab
[USN-101-1] telnet vulnerabilities, Martin Pitt
Multiple XSS vulnerabilities in ACS Blog, Dan Crowley
- <Possible follow-ups>
- Multiple XSS vulnerabilities in ACS Blog, Dan Crowley
Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software, dcrab
Multiple XSS issues in Sun AnswerBook2, B00B00
phishing sites report - March/2005, Gadi Evron
- Re: phishing sites report - March/2005, Paul Laudanski
  - Re: phishing sites report - March/2005, Gadi Evron
MITKRB5-SA-2005-001: buffer overflows in telnet client, Tom Yu
DoS of LAN via D-Link switches, Frank Bures
- RE: DoS of LAN via D-Link switches, David Gillett
  - Re: DoS of LAN via D-Link switches, Tarmo Mamers
    - Re: DoS of LAN via D-Link switches, Neil Watson
    - Re: DoS of LAN via D-Link switches, Joel Maslak
    - Re: DoS of LAN via D-Link switches, Scott Nelson
[SECURITY] [DSA 698-1] New mc packages fix buffer overflow, Martin Schulze
THai's Shoutbox XSS (Spoofing URL) BUG, CorryL
[SECURITY] [DSA 699-1] New netkit-telnet-ssl packages fix arbitrary code execution, Martin Schulze
[USN-102-1] shar vulnerabilities, Martin Pitt
Multiple sql injection, and xss vulnerabilities in AspApp, dcrab
directory traversal in FastStone 4in1 Browser 1.2, Donato Ferrante
Invision Power Board v2.0.3 XSS vulnerabilities, hoang yen
- RE: Invision Power Board v2.0.3 XSS vulnerabilities, alex
Multiple sql injection, and xss vulnerabilities in PortalApp, dcrab
Code insertion in Blogger comments, Antone Roundy
- <Possible follow-ups>
- Code insertion in Blogger comments, Antone Roundy
[SECURITY] [DSA 697-1] New netkit-telnet packages fix arbitrary code execution, Martin Schulze
[PersianHacker.NET 200503-12]Chatness 2.5.1 and prior XSS Vulnerabilities, PersianHacker Team
abuse & security issues > Israel, Gadi Evron
Multiple phpCoin Vulnerabilities, GulfTech Security Research
[PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior Multiple Vulnerbilities, PersianHacker Team
Portcullis Security Advisory 05-011 ACPI 1.6 BIOS, Paul J Docherty
- Re: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS, Kurt Seifried
- Re: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS, Chris Paget
- <Possible follow-ups>
- RE: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS, Paul J Docherty
- RE: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS, Paul J Docherty
MDKSA-2005:061 - Updated krb5 packages fix telnet client vulnerability, Mandrakelinux Security Team
Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL Attack, Cisco Systems Product Security Incident Response Team
[ GLSA 200503-35 ] Smarty: Template vulnerability, Thierry Carrez
[SECURITY] [DSA 700-1] New mailreader packages fix cross-site scripting vulnerability, Martin Schulze
PaFileDB Version 3.1 and below are exploitable via a XSS and a SQL injection vulnerability, dcrab
Multiple sql injection, and xss vulnerabilities in Pay pal Storefront, Diabolic Crab
[CLA-2005:945] Conectiva Security Announcement - kernel, Conectiva Updates
[SECURITY] [DSA 701-1] New samba packages fix arbitrary code execution, Martin Schulze
bzip2 TOCTOU file-permissions vulnerability, Imran Ghory
cPanel/WHM demo account problems, Richard Stanway
- <Possible follow-ups>
- Re: cPanel/WHM demo account problems, Darren
Vendor Response to Portculis Advisory 05-002: Spectrum Cash Receipting System, Paul J Docherty
[ GLSA 200503-36 ] netkit-telnetd: Buffer overflow, Thierry Carrez
MDKSA-2005:064 - Updated libexif packages fix vulnerability, Mandrakelinux Security Team
[ GLSA 200503-37 ] LimeWire: Disclosure of sensitive information, Thierry Carrez
MX Shop 1.1.1 and MX Kart 1.1.2 are vulnerable to multiple SQL injection vulnerabilities, dcrab
MDKSA-2005:062 - Updated ipsec-tools packages fix vulnerability, Mandrakelinux Security Team
MDKSA-2005:063 - Updated htdig packages fix vulnerability, Mandrakelinux Security Team
Bay Technical Associates telnet server logon bypass, nolimit bugtraq
- Re: Bay Technical Associates telnet server logon bypass, Michael Brennen
RE: eBay Account Phishing with eBay Redirect - Ebay fixed this + related XSS hole, Rager, Anton (Anton)
WindowsXP malformed .wmf files DoS, liquid
(PAPER) "Vision of danger: The Firefox Greasemonkey", Piotr Bania
[HV-HIGH] Microsoft Jet DB engine vulnerabilities, vuln
- Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities, Thor (Hammer of God)
Security holes in the iTunes Music Store, Charles M. Hannum
iDEFENSE Security Advisory 03.31.05: PHP getimagesize() Multiple Denial of Service Vulnerabilities, iDEFENSE Labs

Mail converted by MHonArc