Buqtraq Archiv August 2005

Date Index

[ GLSA 200508-01 ] Compress::Zlib: Buffer overflow, Sune Kloppenborg Jeppesen
[SVadvisory] - SQL injection in OpenBook 1.2.2, svt
The Java applet sandbox and stateful firewalls, Florian Weimer
- Re: [VulnWatch] The Java applet sandbox and stateful firewalls, Dinis Cruz
  - Re: [VulnWatch] The Java applet sandbox and stateful firewalls, Florian Weimer
PHPList Vunerability, ziot
Buffer overflow in BusinessMail email server system 4.60.00, Reed Arvin
[SECURITY] [DSA 771-1] New pdns packages fix denial of service, Martin Schulze
ChurchInfo Multiple Vulnerabilities, thegreatone2176
TSLSA-2005-0038 - multi, Trustix Security Advisor
Vulnerability in Trendmicro Officescan, sylvain . roger
Re: Peter Gutmann data deletion theaory?, Michael Sierchio
ICMP attacks against TCP: Conclusions, Fernando Gont
- Re: ICMP attacks against TCP: Conclusions, Dan Yefimov
  - Re: ICMP attacks against TCP: Conclusions, Damien Miller
RE: uguestbook exploit, Earnhart, Benjamin J
- <Possible follow-ups>
- Re: uguestbook exploit, security curmudgeon
Re: [BugTraq] Peter Gutmann data deletion theaory?, Richard Clayton
[USN-157-1] Mozilla Thunderbird vulnerabilities, Martin Pitt
MySQL Eventum Multiple Vulnerabilities, GulfTech Security Research
[USN-158-1] gzip utility vulnerability, Martin Pitt
[ GLSA 200507-28 ] AMD64 x86 emulation base libraries: Buffer overflow, Thierry Carrez
RE: On classifying attacks, Forte Systems - Iosif Peterfi
- RE: On classifying attacks, Tim Nelson
  - RE: On classifying attacks, Forte Systems - Iosif Peterfi
- Re: On classifying attacks, Thierry Carrez
- <Possible follow-ups>
- Re: On classifying attacks, Daniel Weber
  - Re: On classifying attacks, Shwaine
  - Re: On classifying attacks, Duncan Simpson
- Re: On classifying attacks, Crispin Cowan
[USN-159-1] unzip vulnerability, Martin Pitt
Re: LSS Security Advisory: Winamp remote buffer overflow vulnerability, ljuranic
[security bulletin] SSRT5931 rev.1 Apache on HP-UX Remote Denial of Service and client restriction bypass, security-alert
[ GLSA 200508-02 ] ProFTPD: Format string vulnerabilities, Sune Kloppenborg Jeppesen
unzip TOCTOU file-permissions vulnerability, Imran Ghory
Re: Trillian Ver 3.1 saves password's in plain Text, security curmudgeon
- RE: Trillian Ver 3.1 saves password's in plain Text, Darren Pilgrim
- Re: Trillian Ver 3.1 saves password's in plain Text, Technica Forensis
  - Re: Trillian Ver 3.1 saves password's in plain Text, Technica Forensis
- <Possible follow-ups>
- Re: Trillian Ver 3.1 saves password's in plain Text, Suramya Tomar
- RE: Trillian Ver 3.1 saves password's in plain Text, Keith Phillips
  - Re: Trillian Ver 3.1 saves password's in plain Text, patrick
Arab Portal, ABDUCTER_MINDS
HACK IN THE BOX SECURITY CONFERENCE 2005, alphademon
Quick 'n Easy FTP Server 3.0 pro / lite (buffer overflow vulnerabilities), [at]
- <Possible follow-ups>
- Re: Quick 'n Easy FTP Server 3.0 pro / lite (buffer overflow vulnerabilities), brom0815
VBZoom Cross Site Scripting Vulnerabilities, almaster
Re: Re : [Firefox Bug 302187] New: Shared section vulnerability when opening microsoft office document resulting in DoS, Cesar
[ GLSA 200508-03 ] nbSMTP: Format string vulnerability, Thierry Carrez
CAID 33239 - Computer Associates BrightStor ARCserve/Enterprise Backup Agents buffer overflow vulnerability, Williams, James K
- <Possible follow-ups>
- RE: CAID 33239 - Computer Associates BrightStor ARCserve/Enterprise Backup Agents buffer overflow vulnerability, Williams, James K
[NOBYTES.COM: #8] Naxtor Shopping Cart 1.0 - Information Disclosure & Possible SQL Injection, John Cobb
- Re: [NOBYTES.COM: #8] Naxtor Shopping Cart 1.0 - Information Disclosure & Possible SQL Injection, Patrick Morris
  - Re: [NOBYTES.COM: #8] Naxtor Shopping Cart 1.0 - Information Disclosure & Possible SQL Injection, ICool
- <Possible follow-ups>
- Re: [NOBYTES.COM: #8] Naxtor Shopping Cart 1.0 - Information Disclosure & Possible SQL Injection, devfreedom
[security bulletin] SSRT5998 Rev.0 HP System Management Homepage (v2.0.x) Denial of Service (DoS) & XSS, security-alert
Zip 2,31 bad default file-permissions vulnerability, Imran Ghory
- Re: Zip 2,31 bad default file-permissions vulnerability, Lupe Christoph
  - Re: Zip 2,31 bad default file-permissions vulnerability, Imran Ghory
    - Re: Zip 2,31 bad default file-permissions vulnerability, Lupe Christoph
    - Re: Zip 2,31 bad default file-permissions vulnerability, Stephen C Woods
    - Re: Zip 2,31 bad default file-permissions vulnerability, Lupe Christoph
iDEFENSE Security Advisory 08.02.05: CA BrightStor ARCserve Backup Agent for MS SQL Server Buffer Overflow, iDEFENSE Labs
[SECURITY] [DSA 772-1] New apt-cacher package fixes arbitrary command execution, Martin Schulze
MDKSA-2005:128 - Updated mozilla packages fix multiple vulnerabilities, Mandriva Security Team
Coldfusion Fusebox V4.1.0 Vulnerability, N.N.P
- <Possible follow-ups>
- Re: Coldfusion Fusebox V4.1.0 Vulnerability, Ian Mitchell
- Re: Coldfusion Fusebox V4.1.0 Vulnerability, steven
Re: CAID 33239 - Computer Associates BrightStor ARCserve/Enterprise Backup Agents buffer overflow vulnerability, cybertronic
Silvernews 2.0.3 (possibly previous versions ) SQL Injection / Login Bypass / Remote commands execution / cross site scripting, retrogod
[security bulletin] SSRT4682 rev.0 - Oracle for Openview (OfO) Critical Patch Update July 2005, security-alert
Re: ClamAV Multiple Rem0te Buffer Overflows, Steven M. Christey
- <Possible follow-ups>
- Re: ClamAV Multiple Rem0te Buffer Overflows, list
Zone Alarm Security Contact, David Cross
- Message not available
  - Cisco IOS Shellcode - McAfee IPS Protection, planz 235
- Re: Zone Alarm Security Contact, security curmudgeon
Microsoft ActiveSync information leak and spoofing, 3APA3A
SUSE Security Announcement: several kernel security problems (SUSE-SA:2005:044), Ludwig Nussel
[USN-160-1] Apache 2 vulnerabilities, Martin Pitt
Scanning Software Bugs, Dan . Creed
- Re: Scanning Software Bugs, KF (lists)
[ GLSA 200507-29 ] pstotext: Remote execution of arbitrary code, Stefan Cornelius
FINAL Phrack Magazine release #63 is OUT, phrackstaff
SQL IN PortailPHP, ABDUCTER_MINDS
- <Possible follow-ups>
- Re: SQL IN PortailPHP, Steven M. Christey
[USN-161-1] bzip2 utility vulnerability, Martin Pitt
Re: Re: Quick 'n Easy FTP Server 3.0 pro / lite (buffer overflow vulnerabilities), asierillo
MDKSA-2005:129 - Updated apache2 packages fix vulnerabilities, Mandriva Security Team
MDKSA-2005:130 - Updated apache packages fix vulnerabilities, Mandriva Security Team
Remote Password Compromise of Microsoft Active Sync 3.7.1, nospam
MDKSA-2005:131 - Updated ethereal packages fix multiple vulnerabilities, Mandriva Security Team
Silvernews 2.0.3 remote command execution exploit, proxy server support!, [at]
[HSC Security Group] Multiple XSS in phpopenchat 3.0.2, zinho
FlatNuke 2.5.5 (possibly prior versions) remote commands execution / cross site scripting / path disclosure (by rgod), retrogod
TSLSA-2005-0040 - multi, Trustix Security Advisor
Comdev eCommerce config.php Vulnerability, none
tar preserves setuid bit, Imran Ghory
ipb Css bug(now public), virusishacker
- <Possible follow-ups>
- Re: ipb Css bug(now public), mattmecham
  - Re: ipb Css bug(now public), Nicolas Gregoire
Defeating Citi-Bank Virtual Keyboard Protection, Debasis Mohanty
Comdev eCommerce wce.download.php Download Vulnerability, none
Root exploits in Lantonix Secure Console Server, c0ntex
Vulnerability in ePing and eTrace plugins of e107, os2a . bto
[ GLSA 200508-04 ] Netpbm: Arbitrary code execution in pstopnm, Thierry Carrez
[ GLSA 200508-05 ] Heartbeat: Insecure temporary file creation, Sune Kloppenborg Jeppesen
Gravity Board X v1.1 multiple vulnerabilities, retrogod
SQL IN Open Bulletin Board, ABDUCTER_MINDS
E107 + IPB XSS Exploit, edward11
Advisory 13/2005: Remote code execution in SysCP, Christopher Kunz
iDEFENSE Security Advisory 08.05.05: EMC Navisphere Manager Directory Traversal Vulnerability, iDEFENSE Labs
XSS in forums CFBB v1.1.0, stormhacker
[SVadvisory#13] - SQL injection in MYFAQ 1.0, svt
[AppSecInc Advisory MYSQL05-V0002] Buffer Overflow in MySQL User Defined Functions, Team SHATTER
[DRUPAL-SA-2005-004] Drupal 4.6.3 / 4.5.5 fixes critical XML-RPC issue, Uwe Hermann
Advisory 15/2005: PHPXMLRPC Remote PHP Code Injection Vulnerability, Stefan Esser
Advisory 14/2005: PEAR XML_RPC Remote PHP Code Injection Vulnerability, Stefan Esser
Vulnerability found in CPAINT Ajax Toolkit, wiley14
- <Possible follow-ups>
- RE: Vulnerability found in CPAINT Ajax Toolkit, Thor Larholm
[SECURITY] [DSA 761-2] New heartbeat packages fix insecure temporary files, Martin Schulze
drone armies C&C report - July/2005, Gadi Evron
[SECURITY] [DSA 775-1] New Mozilla packages fix frame injection spoofing vulnerability, Martin Schulze
[ GLSA 200508-06 ] Gaim: Remote execution of arbitrary code, Sune Kloppenborg Jeppesen
Technical Note by Amit Klein: Detecting and Preventing HTTP Response Splitting and HTTP Request Smuggling Attacks at the TCP Le, Amit Klein (AKsecurity)
Serious flaw in Linksys wireless AP password security, Steve Scherf
- <Possible follow-ups>
- Serious flaw in Linksys wireless AP password security, Steve Scherf
- RE: Serious flaw in Linksys wireless AP password security, Robert Thompson Jr.
  - Re: Serious flaw in Linksys wireless AP password security, Steve Scherf
- RE: Serious flaw in Linksys wireless AP password security, Robert Thompson Jr.
Re: FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover,possible remote code execution, colin
MDKSA-2005:139 - Updated gaim packages fix yet more vulnerabilities, Mandriva Security Team
Corsaire Security Advisory: HP Ignite-UX passwd file disclosure issue, advisories
MDKSA-2005:140 - Updated proftpd packages fix format string vulnerabilities, Mandriva Security Team
249bytes reverse shellcode with "nooil tricks methods", msuiche
Corsaire Security Advisory: HP Ignite-UX filesystem permissions issue, advisories
[SECURITY] [DSA 776-1] New clamav packages fix several problems, Martin Schulze
SUSE Security Announcement: apache, apache2 request smuggling problem (SUSE-SA:2005:046), Marcus Meissner
[NOBYTES.COM: #9] ECW Shop 6.0.2 - Multiple Vulnerabilities, John Cobb
[ GLSA 200508-07 ] AWStats: Arbitrary code execution using malicious Referrer information, Sune Kloppenborg Jeppesen
[ GLSA 200508-08 ] Xpdf, Kpdf, GPdf: Denial of Service vulnerability, Sune Kloppenborg Jeppesen
SQL injection in Persianblog, alireza hassani
- Re: SQL injection in Persianblog, nummish
Hummingbird FTP Weak Password Encryption, nnposter
Re: [Full-disclosure] Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3), NoBrain NoPain
- Re: [Full-disclosure] Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3), Reed Arvin
  - Re: [Full-disclosure] Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3), sec-list
Win32 Port of Nessusd, Tom Stracener
- Re: Win32 Port of Nessusd, Michael Boman
[security bulletin] SSRT4874 rev.0 - HP-UX Ignite-UX Remote Unauthorized Access, Boren, Rich (HP SSRT)
Cisco Security Advisory: Cisco Clean Access Unauthenticated API Access, Cisco Systems Product Security Incident Response Team
NOVL-2005010098073 GroupWise Password Caching, Ed Reed
[SECURITYREASON.COM] phpAdsNew/phpPgAds 2.0.5 Local file inclusion cXIb8O3.16, max
Buffer-overflow in Chris Moneymaker's World Poker Championship 1.0, Luigi Auriemma
SQL injection in mediabox404 v1.2, cedric
[SECURITY] [DSA 777-1] New Mozilla packages fix frame injection spoofing vulnerability, Martin Schulze
- Re: [SECURITY] [DSA 777-1] New Mozilla packages fix frame injection spoofing vulnerability, Douglas Duckworth
PHPTB Topic Board <= 20: Multiple PHP injection vulnerabilities, goszynskif
Unicode Buffer Overflow in WinFtp Server 1.6.8, Donato Ferrante
- Bypassing the new /GS protection in VC++ 7.1, D K
[PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple vulnerabilities, Matteo Beccati
[ GLSA 200508-09 ] bluez-utils: Bluetooth device name validation vulnerability, Sune Kloppenborg Jeppesen
MSN Messenger Password Decrypter for WinXP/2003, ViPeR
Internet Explorer 6 Meta Refresh Parsing Weakness, Moritz Naumann
Juniper Netscreen VPN Username Enumeration Vulnerability, Roy Hills
Bluez hcid popen() explained., KF (lists)
mutt buffer overflow, Peter Valchev
- Re: [Full-disclosure] mutt buffer overflow, Frank Denis (Jedi/Sector One)
Zorum 3.5 remote code execution poc exploit, retrogod
Password Disclosure in Whisper32, Alexey Agapov
Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product, Jason Coombs
- Re: Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product, Jay D. Dyson
  - Re: Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product, Zow
BBCaffe 2.0 cross site scripting poc, retrogod
MDKSA-2005:143 - Updated kdegraphics packages fix kfax vulnerability, Mandriva Security Team
MDKSA-2005:142 - Updated libtiff packages fixes vulnerability, Mandriva Security Team
MDKSA-2005:141 - Updated evolution packages fixes format string vulnerabilities, Mandriva Security Team
runcms highlight.php hole, Security Lists
PHPFreeNews V1.40 and prior Multiple Vulnerabilities, h4cky0u
DevC++ V.4.9.9.2 NULL BYTE INSERTION / OBFUSCATION FLAW (by rgod), retrogod
MDKSA-2005:144 - Updated wxPythonGTK packages several vulnerabilities, Mandriva Security Team
UnixWare 7.1.4 UnixWare 7.1.3 : cpio race condition and directory traversal issues fixed., please_reply_to_security
ATutor 1.5.1 and prior multiple XSS Vulnerabilities, h4cky0u
w-agora 4.2.0 and prior Remote Directory Travel Vulnerability, h4cky0u
Fwd: Tor security advisory: DH handshake flaw, Chris Palmer
WinAce Temporary File Parsing Buffer Overflow Vulnerability, atmaca
[SECURITY] [DSA 778-1] New mantis packages fix several vulnerabilities, Martin Schulze
Cisco Clean Access Agent (Perfigo) bypass, llhansen-bugtraq
- <Possible follow-ups>
- RE: Cisco Clean Access Agent (Perfigo) bypass, Dario Ciccarone (dciccaro)
- RE: Cisco Clean Access Agent (Perfigo) bypass, Dario Ciccarone (dciccaro)
- Re: RE: Cisco Clean Access Agent (Perfigo) bypass, cdmiller-bugtraq
[USN-170-1] gnupg vulnerability, Martin Pitt
[ GLSA 200508-10 ] Kismet: Multiple vulnerabilities, Sune Kloppenborg Jeppesen
Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal, Secunia Research
[USN-169-1] Linux kernel vulnerabilities, Martin Pitt
[ GLSA 200508-11 ] Adobe Reader: Buffer Overflow, Thierry Carrez
Vul in MyBB, s2b
IBM Lotus Notes multiple disclosures of password hashes, Shalom Carmel
Woltlab Burning Board <= 2.2.2/2.3.3 modcp.php SQL injection, admin
[USN-171-1] PHP4 vulnerabilities, Martin Pitt
[SECURITY] [DSA 779-1] New Mozilla Firefox packages fix several vulnerabilities, Martin Schulze
Bugs Land Down Under v800, bl2k
ToorCon 7 Lineup Finalized & Pre-Registration Ending, h1kari@xxxxxxxxxxx
Nephp Publisher Enterprise 3.04 Cross Site Scripting, bl2k
SUSE Security Announcement: Adobe Reader Plugin buffer overflow (SUSE-SA:2005:047), Marcus Meissner
ELM < 2.5.8 Remote Exploit POC, c0ntexb
- <Possible follow-ups>
- Re: ELM < 2.5.8 Remote Exploit POC, skulls_phantoms_1
Cisco Security Advisory: SSL Certificate Validation Vulnerability in IDS Management Software, Cisco Systems Product Security Incident Response Team
DMA[2005-0818a] - 'Apple OSX dsidentity privilege abuse', KF (lists)
Cisco Security Advisory: Cisco Intrusion Prevention System Vulnerable to Privilege Escalation, Cisco Systems Product Security Incident Response Team
SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1, phuket
[SECURITYREASON.COM] Multiple vulnerabilities in PostNuke 0.760-RC4b=>x cXIb8O3.15, max
Remote IIS 5.x and IIS 6.0 Server Name Spoof, inge_eivind . henriksen
- Re: Remote IIS 5.x and IIS 6.0 Server Name Spoof, 3APA3A
- <Possible follow-ups>
- RE: Remote IIS 5.x and IIS 6.0 Server Name Spoof, Sacha Faust
[ Suresec Advisories ] - Several MacOS X vulnerabilities, Suresec Advisories
32919 - Computer Associates Message Queuing (CAM/CAFT) multiple vulnerabilities, Williams, James K
[SECURITY] [DSA 781-1] New Mozilla Thunderbird packages fix several vulnerabilities, Martin Schulze
[SECURITY] [DSA 782-1] New bluez-utils packages fix arbitrary command execution, Martin Schulze
MDKSA-2005:145 - Updated openvpn packages fix several vulnerabilities, Mandriva Security Team
MDKSA-2005:146 - Updated php-pear packages fix more PEAR XML-RPC vulnerabilities, Mandriva Security Team
MDKSA-2005:148 - Updated vim packages fix vulnerability, Mandriva Security Team
Oracle Password Checker, ak
[ GLSA 200508-12 ] Evolution: Format string vulnerabilities, Stefan Cornelius
Server crash in Ventrilo 2.3.0, Luigi Auriemma
Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users, kozan
- Re: Mercora IMRadio 4.0.0.0 Discloses Passwords to Local Users, 3APA3A
[USN-172-1] lm-sensors vulnerability, Martin Pitt
[USN-173-1] PCRE vulnerability, Martin Pitt
ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users, kozan
- Re: ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users, Allen Parker
  - Re: ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users, Nick Boyce
    - Re: ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users, Nicholas Knight
Re: Interspire ArticleLive 2005 (php version) is vulnerable to XSS, eddie
MDKSA-2005:147 - Updated slocate packages fix vulnerability, Mandriva Security Team
[RLSA_01-2005] QNX inputtrap arbitrary file read vulnerability, julio
New Whitepaper - The Pharming Guide, NGSSoftware Insight Security Research
Multiple Vulnerabilities in Home Ftp Server 1.0.7, Donato Ferrante
Cross-site scripting vulnerability in BEA WebLogic administration console, GomoR
Secunia Research: SqWebMail Attached File Script Insertion Vulnerability, Secunia Research
PaFileDB 3.1 - SQL-Injection, astovidatu
Secunia Research: HAURI Anti-Virus ACE Archive Handling Buffer Overflow, Secunia Research
Re: Beehive Forum Multiple Vulnerabilities, wibble
[SECURITY] [DSA 783-1] New mysql packages fix insecure temporary file, Martin Schulze
LeapFTP .lsq Buffer Overflow Vulnerability, Sowhat .
- Re: LeapFTP .lsq Buffer Overflow Vulnerability, Kaveh Razavi
  - Re: LeapFTP .lsq Buffer Overflow Vulnerability, Damien Palmer
    - Re: LeapFTP .lsq Buffer Overflow Vulnerability, Kaveh Razavi
Foojan PHP Weblog Information Disclosure - Refferer Html Injection, ali202
unload event in ie/mozilla/opera, Tobias Boonstoppel
- RE: unload event in ie/mozilla/opera, David Gillett
  - Re: unload event in ie/mozilla/opera, Drew Haven
    - Re: unload event in ie/mozilla/opera, Tobias Boonstoppel
  - Re: unload event in ie/mozilla/opera, Niels Bakker
    - Re: unload event in ie/mozilla/opera, Godwin Stewart
    - Re: unload event in ie/mozilla/opera, Michael Shigorin
- Re: unload event in ie/mozilla/opera, Stefan Kelm
- <Possible follow-ups>
- RE: unload event in ie/mozilla/opera, Early, Clint
- Re: unload event in ie/mozilla/opera, gegegz
[ GLSA 200508-13 ] PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability, Thierry Carrez
[USN-173-2] PCRE vulnerability, Martin Pitt
[ GLSA 200508-14 ] TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC, Thierry Carrez
- Re: [ GLSA 200508-14 ] TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC, Cangrejito Playero
Advisory: iTAN not as secure as claimed, release
[ GLSA 200508-15 ] Apache 2.0: Denial of Service vulnerability, Sune Kloppenborg Jeppesen
[SECURITY] [DSA 784-1] New courier packages fix denial of service, Martin Schulze
Portcullis Security Advisory 05-014 HP Openview Remote Command Execution Vulnerability, Paul J Docherty
- Re: Portcullis Security Advisory 05-014 HP Openview Remote Command Execution Vulnerability, David Litchfield
[SECURITY] [DSA 785-1] New libpam-ldap packages fix authentication bypass, Martin Schulze
MS05_039 Exploitation (different languages), Roman Medina-Heigl Hernandez
- Re: [Full-disclosure] MS05_039 Exploitation (different languages), ad
- Re: MS05_039 Exploitation (different languages), Fabrice MOURRON
[ GLSA 200508-17 ] libpcre: Heap integer overflow, Stefan Cornelius
[security bulletin] SSRT4702 rev.0 - HP-UX running Veritas 3.3/3.5 unauthorized data access, Boren, Rich (HP SSRT)
Tool for Identifying Rogue Linksys Routers, Martin Mkrtchian
- Re: Tool for Identifying Rogue Linksys Routers, Joshua Wright
- Re: Tool for Identifying Rogue Linksys Routers, Mike Frantzen
- Re: Tool for Identifying Rogue Linksys Routers, Graham Wilson
  - Re: Tool for Identifying Rogue Linksys Routers, Volker Tanger
  - Re: Tool for Identifying Rogue Linksys Routers, Mike Kershaw
- Re: Tool for Identifying Rogue Linksys Routers, Dave Hull
- Re: Tool for Identifying Rogue Linksys Routers, Tony Rall
- <Possible follow-ups>
- RE: Tool for Identifying Rogue Linksys Routers, Thomas Guyot-Sionnest
- RE: Tool for Identifying Rogue Linksys Routers, Matt Mercer
  - Re: Tool for Identifying Rogue Linksys Routers, Paul Halliday
Quake 2 Lithium Mod V 1.24 Macro Expansion Vuln?, nukemmeister
CORRECTION: Remote IIS 5.x and IIS 6.0 Server Name Spoof, Mark Burnett
An Illustrated Guide to IPSec, Steve Friedl
[ GLSA 200508-16 ] Tor: Information disclosure, Sune Kloppenborg Jeppesen
ssl-login-checkbox faked in Lycos webmail-frontend, Fischer, Andreas
Tool Announcement: AIRT -- the Advanced Incident Response Tool 0.4.2 released, madsys
Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness, oliver karow
[USN-174-1] courier vulnerability, Martin Pitt
22nd Chaos Communication Congress 2005: Call for Papers, fukami
[SECURITY] [DSA 787-1] New backup-manager package fixes several vulnerabilities, Martin Schulze
MDKSA-2005:152 - Updated php packages fix integer overflow vulnerability, Mandriva Security Team
AWstats Path Disclosure Vulnerability, fournaux
[security bulletin] SSRT051023 rev.0 - HP Openview Network Node Manager (OV NNM) Remote Unauthorized Access, Boren, Rich (HP SSRT)
MDKSA-2005:150 - Updated bluez-utils packages fix vulnerability, Mandriva Security Team
[ GLSA 200508-18 ] PhpWiki: Arbitrary command execution through XML-RPC, Thierry Carrez
MDKSA-2005:151 - Updated pcre packages fix integer overflow vulnerability, Mandriva Security Team
Multiple PHP Images Galleries EXIF Metadata XSS Vulnerabilities, Cedric Cochin
Simple PHP Blog File Upload and User Credentials Exposure Vulnerabilities, Scott Dewey
[SECURITY] [DSA 786-1] New simpleproxy packages fix arbitrary code execution, Martin Schulze
DMA[2005-0826a] - 'Nokia Affix Bluetooth btsrv poor use of popen()', KF (lists)
MDKSA-2005:149 - Updated lm_sensors packages fix temporary file vulnerability, Mandriva Security Team
Sophos Antivirus Library Remote Heap Overflow, list
- <Possible follow-ups>
- RE: Sophos Antivirus Library Remote Heap Overflow, Dowling, Gabrielle
- Re: Sophos Antivirus Library Remote Heap Overflow, list
Looking Glass v20040427 arbitrary commands execution / cross site scripting, retrogod
MDKSA-2005:154 - Updated python packages fix integer overflow vulnerability, Mandriva Security Team
MDKSA-2005:153 - Updated gnumeric packages fix integer overflow vulnerability, Mandriva Security Team
XSS security hole in phpwebnotes., nf2
Multiple CMS/Forum Vulnablilties, pacifico\", 0] //--></script>a
Xcon2005 papers released, alert7
PHP-Fusion <= v6.00.107 XSS exploit, slacker4ever_1
FUD Forum < 2.7.1 PHP code injection vurnelability, riklaunim
Land Down Under, bendeniz_avci
Secunia Research: SqWebMail HTML Emails Script Insertion Vulnerability, Secunia Research
Multiple vulnerabilities in BFCommand & Control for Battlefield 1942 and Vietnam, Luigi Auriemma
[cosmoshop <= 8.10.78] be the shopadmin in one step, innate
SimplePHPBlog Arbitrary File Deletion and Sample Exploit, 'ken'@FTU
- <Possible follow-ups>
- SimplePHPBlog Arbitrary File Deletion and Sample Exploit, 'ken'@FTU
[SECURITY] [DSA 788-1] New kismet packages fix arbitrary code execution, Martin Schulze
Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities, h4cky0u . org
Vulnerability in Helpdesk software Hesk 0.92, s2b
- Re: Vulnerability in Helpdesk software Hesk 0.92, Thomas Krüger
- <Possible follow-ups>
- Re: Vulnerability in Helpdesk software Hesk 0.92, not
WASC-Articles: 'Preventing Log Evasion in IIS', contact
PunBB BBCode IMG Tag Script Injection Vulnerability, y3dips
- Re: PunBB BBCode IMG Tag Script Injection Vulnerability, Aaron Horst
Member.php SQL Injection in MyBB, W7ED
[SECURITY] [DSA 789-1] New PHP 4 packages fix several vulnerabilities, Martin Schulze
AutoLinks Pro 2.1, none
SUSE Security Announcement: php4/php5 Pear::XML_RPC code injection and PCRE integer overflow problems (SUSE-SA:2005:049), Marcus Meissner
BNBT EasyTracker Remote Denial of Service Vulnerability, Sowhat .
SUSE Security Announcement: pcre integer overflows (SUSE-SA:2005:048), Marcus Meissner
iDEFENSE Security Advisory 08.29.05: Adobe Version Cue VCNative Arbitrary Library Loading Vulnerability, iDEFENSE Labs
iDEFENSE Security Advisory 08.29.05: Adobe Version Cue VCNative Arbitrary File Overwrite Vulnerability, iDEFENSE Labs
iDEFENSE Security Advisory 08.29.05: Symantec AntiVirus 9 Corporate Edition Local Privilege Escalation Vulnerability, iDEFENSE Labs
phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions) system disclosure,, retrogod
[USN-173-3] Fixed apache2 packages for USN-173-2, Martin Pitt
[ GLSA 200508-19 ] lm_sensors: Insecure temporary file creation, Thierry Carrez
[ GLSA 200508-20 ] phpGroupWare: Multiple vulnerabilities, Thierry Carrez
e107 0.6 forum_post.php create new topics in non-existing forums, Marc Ruef
[UNTRUE] Gadu-Gadu supposedly fixed the invisible detection vulnerability?, Maciej Soltysiak
[SECURITY] [DSA 790-1] New phpldapadmin packages fix unauthorised access, Martin Schulze
Fetchmail 6.2.5 exploit for Bugtraq ID: 14349, bannedit
[SECURITY] [DSA 791-1] New maildrop packages fix arbitrary group mail command execution, Martin Schulze
MS05-042 Security Update Problems, Andrew McCullough
Call for new mailing lists @ SecurityFocus, Alfred Huger
secure client-side platform, liudieyu
- <Possible follow-ups>
- RE: secure client-side platform, Beauford, Jason
[security bulletin] SSRT051004 rev.0 - HP-UX Java Runtime Environment (JRE) Untrusted Applet Elevates Privilege, security-alert
[ GLSA 200508-22 ] pam_ldap: Authentication bypass vulnerability, Sune Kloppenborg Jeppesen
Indiatimes Messenger 6.0 Buffer Overflow (Remote), ViPeR
[ GLSA 200508-21 ] phpWebSite: Arbitrary command execution through XML-RPC and SQL injection, Sune Kloppenborg Jeppesen
[SECURITY] [DSA 792-1] New pstotext packages fix arbitrary command execution, Martin Schulze
[security bulletin] SSRT051003 rev.0 - HP-UX Java Web Start remote unauthorized privileged access, security-alert
XSS in GreyMatter blog, poizon
Obsidis #1 Call for Papers, angelo
Simple Machine Forum 1-0-5 (possibly prior versions) user IP address / information disclosure, retrogod
Flatnuke 2.5.6 (possibly prior versions) Underlying system information disclosure / Administrative & users credentials disclosure, retrogod
CMS Made Simple <= 0.10 - PHP injection, groszynskif
Vulnerability in Symantec Anti Virus Corporate Edition v9.x, golovast
- RE: Vulnerability in Symantec Anti Virus Corporate Edition v9.x, James C Slora Jr
Ariba password exposure vulnerability, gerald626
- <Possible follow-ups>
- RE: Ariba password exposure vulnerability, Craig Kennedy
Re: Vulnerability in Symantec Anti Virus Corporate Edition v9.x], secure
[USN-173-4] PCRE vulnerabilities, Martin Pitt
Adobe Version Cue exploits., v9
UMN gopher[v3.0.9+] multiple(2) client buffer overflows., v9
[SecuriWeb.2005.1] - Barracuda SPAM firewall advisory, Francois Harvey

Mail converted by MHonArc