Bugtraq: by thread
402 messages
starting Nov 01 04 and
ending Nov 30 04
Date index |
Thread index |
Author index
- New Whitepaper - "Second-order Code Injection Attacks" Gunter Ollmann (Nov 01)
- Re: New Whitepaper - "Second-order Code Injection Attacks" Crispin Cowan (Nov 02)
- Re: New Whitepaper - "Second-order Code Injection Attacks" Jeff Williams (Nov 02)
- Re: New Whitepaper - "Second-order Code Injection Attacks" Nicolas Gregoire (Nov 03)
- <Possible follow-ups>
- RE: New Whitepaper - "Second-order Code Injection Attacks" Gunter Ollmann (NGS) (Nov 02)
- RE: New Whitepaper - "Second-order Code Injection Attacks" Gunter Ollmann (NGS) (Nov 05)
- Re: New Whitepaper - "Second-order Code Injection Attacks" Crispin Cowan (Nov 02)
- [SECURITY] [DSA 578-1] New mpg123 packages fix arbitrary code execution Martin Schulze (Nov 01)
- Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33? Anton R Ivanov (Nov 01)
- <Possible follow-ups>
- Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33? Henning Brauer (Nov 02)
- XDICT Buffer OverRun Vulnerability,funny :-) Sowhat . (Nov 01)
- [SECURITY] [DSA 579-1] New abiword packages fix arbitrary code execution Martin Schulze (Nov 01)
- Re: Critical Vulnerability in Altiris Deployment Server architecture Brian Gallagher (Nov 01)
- p h i s h i n g p h o r p h u n p h o r p h u q u e s a k e http-equiv () excite com (Nov 01)
- [ GLSA 200411-01 ] ppp: Remote denial of service vulnerability Luke Macken (Nov 01)
- Re: [ GLSA 200411-01 ] ppp: Remote denial of service vulnerability Paul Mackerras (Nov 02)
- [USN-13-1] groff utility vulnerability Martin Pitt (Nov 01)
- [USN-10-1] XML library vulnerabilities Martin Pitt (Nov 01)
- [USN-14-1] xpdf vulnerabilities Martin Pitt (Nov 01)
- [SECURITY] [DSA 580-1] New iptables packages fix modprobe failure Martin Schulze (Nov 01)
- [OpenPKG-SA-2004.045] OpenPKG Security Advisory (mysql) OpenPKG (Nov 01)
- TSLSA-2004-0055 - multi Trustix Security Advisor (Nov 01)
- [OpenPKG-SA-2004.050] OpenPKG Security Advisory (libxml) OpenPKG (Nov 01)
- [OpenPKG-SA-2004.049] OpenPKG Security Advisory (gd) OpenPKG (Nov 01)
- Internet Explorer HTML Help Control ActiveX Cross Domain/Zone Scripting Vulnerabilities roozbeh afrasiabi (Nov 01)
- Safari vulnerable to URL spoofing Gilbert Verdian (Nov 01)
- [ GLSA 200411-02 ] Cherokee: Format string vulnerability Sune Kloppenborg Jeppesen (Nov 01)
- [CLA-2004:881] Conectiva Security Announcement - rsync Conectiva Updates (Nov 02)
- [USN-15-1] lvm10 vulnerability Martin Pitt (Nov 02)
- [ GLSA 200411-03 ] Apache 1.3: Buffer overflow vulnerability in mod_include Matthias Geerdsen (Nov 02)
- Medium Risk Vulnerability in WinRAR NGSSoftware Insight Security Research (Nov 02)
- [SECURITY] [DSA 581-1] New xpdf packages fix arbitrary code execution Martin Schulze (Nov 02)
- [ GLSA 200411-04 ] Speedtouch USB driver: Privilege escalation vulnerability Luke Macken (Nov 02)
- Exploiting default exception handler to increase exploit stability on win32 tal zeltzer (Nov 02)
- Cisco Security Advisory: Vulnerability in Cisco Secure Access Control Server EAP-TLS Authentication Cisco Systems Product Security Incident Response Team (Nov 02)
- zlib 1.2.2 released Mark Adler (Nov 02)
- zlib 1.2.2 released Mark Adler (Nov 02)
- MDKSA-2004:117 - Updated gaim packages fix vulnerability Mandrake Linux Security Team (Nov 02)
- MDKSA-2004:118 - Updated perl-Archive-Zip packages fix vulnerability Mandrake Linux Security Team (Nov 02)
- MDKSA-2004:119 - Updated MySQL packages fix multiple vulnerabilities Mandrake Linux Security Team (Nov 02)
- MDKSA-2004:120 - Updated mpg123 packages fix vulnerability Mandrake Linux Security Team (Nov 02)
- MDKSA-2004:121 - Updated netatalk packages fix temporary file vulnerability Mandrake Linux Security Team (Nov 02)
- MDKSA-2004:122 - Updated mod_ssl packages fix information disclosure vulnerability Mandrake Linux Security Team (Nov 02)
- MDKSA-2004:123 - Updated perl-MIME-tools packages fix vulnerability Mandrake Linux Security Team (Nov 02)
- MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) (fwd) Michal Zalewski (Nov 02)
- Re: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) morning_wood (Nov 02)
- Rv: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) Elia Florio (Nov 02)
- [SECURITY] [DSA 582-1] New libxml packages fix arbitrary code execution Martin Schulze (Nov 02)
- Re: debian dhcpd, old format string bug Javier Fernandez-Sanguino (Nov 02)
- <Possible follow-ups>
- Re: debian dhcpd, old format string bug Martin Schulze (Nov 05)
- Multiple Vulnerabilities in Web Forums Server R00tCr4ck (Nov 02)
- Microsoft ISA Server Authentication Bypassing Jérôme (Nov 02)
- URL spoofing bug (with iframes) in Microsoft Internet Explorer (11/02/2004) Benjamin Tobias Franz (Nov 02)
- [Hat-Squad] SQL injection and XSS Vulnerabilities in HELM Hat-Squad Security Team (Nov 02)
- [CLA-2004:882] Conectiva Security Announcement - squid Conectiva Updates (Nov 03)
- [USN-16-1] perl vulnerabilities Martin Pitt (Nov 03)
- [SECURITY] [DSA 583-1] New lvm10 packages fix insecure temporary directory Martin Schulze (Nov 03)
- [ GLSA 200411-06 ] MIME-tools: Virus detection evasion Thierry Carrez (Nov 03)
- [ GLSA 200411-05 ] libxml2: Remotely exploitable buffer overflow Thierry Carrez (Nov 03)
- [ GLSA 200411-07 ] Proxytunnel: Format string vulnerability Thierry Carrez (Nov 03)
- ERRATA: [ GLSA 200411-01 ] ppp: No denial of service vulnerability Luke Macken (Nov 03)
- [CLA-2004:885] Conectiva Security Announcement - apache Conectiva Updates (Nov 04)
- [CLA-2004:884] Conectiva Security Announcement - gaim Conectiva Updates (Nov 04)
- [HV-MED] Zip/Linux long path buffer overflow vuln (Nov 04)
- Re: [Full-Disclosure] [HV-MED] Zip/Linux long path buffer overflow Martin Pitt (Nov 05)
- Re: [Full-Disclosure] [HV-MED] Zip/Linux long path buffer overflow Josh Bressers (Nov 05)
- Re: [Full-Disclosure] [HV-MED] Zip/Linux long path buffer overflow Martin Pitt (Nov 05)
- [CLA-2004:883] Conectiva Security Announcement - subversion Conectiva Updates (Nov 04)
- [SECURITY] [DSA 584-1] New dhcp packages fix format string vulnerability Martin Schulze (Nov 04)
- SSC Advisory TSA-052 (Callwave.com) Secure Science Corporation Advisory Notice (Nov 04)
- <Possible follow-ups>
- SSC Advisory TSA-052 (Callwave.com) Secure Science Corporation Advisory Notice (Nov 04)
- [ GLSA 200411-09 ] shadow: Unauthorized modification of account information Matthias Geerdsen (Nov 04)
- Re: [ GLSA 200411-09 ] shadow: Unauthorized modification of account information Solar Designer (Nov 04)
- [ GLSA 200411-08 ] GD: Integer overflow Thierry Carrez (Nov 04)
- MDKSA-2004:124 - Updated xorg-x11 packages fix libXpm overflow vulnerabilities Mandrake Linux Security Team (Nov 04)
- MDKSA-2004:125 - Updated iptables packages fix vulnerability Mandrake Linux Security Team (Nov 05)
- MDKSA-2004:126 - Updated shadow-utils packages fix security bypass vulnerability Mandrake Linux Security Team (Nov 05)
- MDKSA-2004:127 - Updated libxml and libxml2 packages fix multiple vulnerabilities Mandrake Linux Security Team (Nov 05)
- Multiple vulnerabilities in Icewarp Web Mail 5.2.8 : New face of old problems. ShineShadow (Nov 05)
- [USN-18-1] zip vulnerability Martin Pitt (Nov 05)
- FW: Hacker Group back again, this time claiming to have source code to Cisco PIX firewall Graham, Brian (Nov 05)
- TSLSA-2004-0056 - apache Trustix Security Advisor (Nov 05)
- [FLSA-2004:2076] Updated foomatic package fixes security vulnerability Marc Deslauriers (Nov 05)
- [USN-17-1] passwd vulnerability Martin Pitt (Nov 05)
- SSC Advisory TSA-053 (Ureach.com) Secure Science Corporation Advisory Notice (Nov 05)
- In-game format string bug in the Lithtech engine Luigi Auriemma (Nov 05)
- Making distinctions between similar-looking vulnerabilities Steven M. Christey (Nov 05)
- [SECURITY] [DSA 585-1] New shadow packages fix unintended behaviour Martin Schulze (Nov 05)
- UPDATE: [ GLSA 200410-20 ] Xpdf, CUPS: Multiple integer overflows Thierry Carrez (Nov 06)
- UPDATE: [ GLSA 200410-30 ] GPdf, KPDF, KOffice: Vulnerabilities in included xpdf Thierry Carrez (Nov 06)
- [ GLSA 200411-10 ] Gallery: Cross-site scripting vulnerability Luke Macken (Nov 06)
- Resources consumption in 602 Lan Suite 2004.0.04.0909 Luigi Auriemma (Nov 06)
- [ GLSA 200411-11 ] ImageMagick: EXIF buffer overflow Sune Kloppenborg Jeppesen (Nov 06)
- [USN-19-1] squid vulnerabilities Martin Pitt (Nov 06)
- [SECURITY] [DSA 587-1] New freeam packages fix arbitrary code execution Martin Schulze (Nov 08)
- [ GLSA 200411-13 ] Portage, Gentoolkit: Temporary file vulnerabilities Sune Kloppenborg Jeppesen (Nov 08)
- MSIE src&name property disclosure Berend-Jan Wever (Nov 08)
- Re: [Full-Disclosure] MSIE src&name property disclosure Michal Zalewski (Nov 08)
- Re: [Full-Disclosure] MSIE src&name property disclosure Dave Aitel (Nov 08)
- Re: [Full-Disclosure] MSIE src&name property disclosure Paul Schmehl (Nov 08)
- Re: [Full-Disclosure] MSIE src&name property disclosure Michal Zalewski (Nov 08)
- Re: [Full-Disclosure] MSIE src&name property disclosure Michal Zalewski (Nov 08)
- [SECURITY] CAN-2004-0930: Potential Remote Denial of Service Vulnerability in Samba 3.0.x <= 3.0.7 Gerald (Jerry) Carter (Nov 08)
- DOS against Java JNDI/DNS Kurt Huwig (Nov 08)
- Microsoft Internet Explorer permits to examine the existence of local files Benjamin Tobias Franz (Nov 08)
- [SECURITY] [DSA 588-1] New gzip packages fix insecure temporary files Martin Schulze (Nov 08)
- Offline WPA-PSK auditing tool (coWPAtty) Joshua Wright (Nov 08)
- [ GLSA 200411-15 ] OpenSSL, Groff: Insecure tempfile handling Thierry Carrez (Nov 08)
- up-imapproxy DoS vulnerabilities Timo Sirainen (Nov 08)
- [ GLSA 200411-12 ] zgv: Multiple buffer overflows Luke Macken (Nov 08)
- [ GLSA 200411-14 ] Kaffeine, gxine: Remotely exploitable buffer overflow Luke Macken (Nov 08)
- [HV-LOW] Symantec LiveUpdate issues may cause DoS vuln (Nov 08)
- <Possible follow-ups>
- Re: [HV-LOW] Symantec LiveUpdate issues may cause DoS secure (Nov 09)
- [SECURITY] [DSA 586-1] New ruby packages fix denial of service Martin Schulze (Nov 08)
- Re: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) Menashe Eliezer (Nov 08)
- [CLA-2004:888] Conectiva Security Announcement - libtiff3 Conectiva Updates (Nov 08)
- [CLA-2004:886] Conectiva Security Announcement - xpdf Conectiva Updates (Nov 09)
- MDKSA-2004:128 - Updated ruby packages fix remote DoS vulnerability Mandrake Linux Security Team (Nov 09)
- Evidence Mounts that the Vote Was Hacked Atom 'Smasher' (Nov 09)
- Re: Evidence Mounts that the Vote Was Hacked Jay D. Dyson (Nov 09)
- Re: Evidence Mounts that the Vote Was Hacked Jei (Nov 10)
- Re: Evidence Mounts that the Vote Was Hacked bkfsec (Nov 10)
- Re: Evidence Mounts that the Vote Was Hacked Jake Appelbaum (Nov 11)
- Re: Evidence Mounts that the Vote Was Hacked Atom 'Smasher' (Nov 10)
- Re: Evidence Mounts that the Vote Was Hacked Rick Crelia (Nov 10)
- Re: Evidence Mounts that the Vote Was Hacked Peter Conrad (Nov 10)
- Re: Evidence Mounts that the Vote Was Hacked Jay D. Dyson (Nov 10)
- <Possible follow-ups>
- RE: Evidence Mounts that the Vote Was Hacked David Hayden (Nov 11)
- Re: Evidence Mounts that the Vote Was Hacked Jay D. Dyson (Nov 09)
- BoF in Windows 2000: ddeshare.exe Jack C (Nov 09)
- Re: BoF in Windows 2000: ddeshare.exe Berend-Jan Wever (Nov 09)
- Re: BoF in Windows 2000: ddeshare.exe Valdis . Kletnieks (Nov 09)
- Re: BoF in Windows 2000: ddeshare.exe J. S. Connell (Nov 10)
- Vulnerabilities in JAF CMS y3dips (Nov 09)
- [SECURITY] [DSA 590-1] New gnats packages fix arbitrary code execution Martin Schulze (Nov 09)
- Re: New URL spoofing bug in Microsoft Internet Explorer roozbeh afrasiabi (Nov 09)
- Re: New URL spoofing bug in Microsoft Internet Explorer q q (Nov 16)
- Re: New URL spoofing bug in Microsoft Internet Explorer GuidoZ (Nov 17)
- <Possible follow-ups>
- Re: New URL spoofing bug in Microsoft Internet Explorer http-equiv () excite com (Nov 11)
- RE: New URL spoofing bug in Microsoft Internet Explorer Michael Silk (Nov 17)
- Re: New URL spoofing bug in Microsoft Internet Explorer q q (Nov 16)
- [USN-20-1] Ruby CGI module vulnerability Martin Pitt (Nov 09)
- Security Contact for T-Mobile? Jake Appelbaum (Nov 09)
- [SECURITY] [DSA 589-1] New libgd1 packages fix arbitrary code execution Martin Schulze (Nov 09)
- Re: Update: Web browsers - a mini-farce (MSIE gives in) Heikki Kortti (Nov 09)
- [SECURITY] [DSA 591-1] New libgd2 packages fix arbitrary code execution Martin Schulze (Nov 09)
- EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service Marc Maiffret (Nov 09)
- [ GLSA 200411-17 ] mtink: Insecure tempfile handling Sune Kloppenborg Jeppesen (Nov 09)
- [ GLSA 200411-16 ] zip: Path name buffer overflow Sune Kloppenborg Jeppesen (Nov 09)
- Linux ELF loader vulnerabilities Paul Starzetz (Nov 10)
- Re: Linux ELF loader vulnerabilities Ted Percival (Nov 11)
- Re: [Full-Disclosure] Re: Linux ELF loader vulnerabilities Jirka Kosina (Nov 11)
- Re: Linux ELF loader vulnerabilities Pavel Kankovsky (Nov 11)
- Re: Linux ELF loader vulnerabilities Jirka Kosina (Nov 12)
- Re: Linux ELF loader vulnerabilities Ted Percival (Nov 11)
- Multiple Vulnerabilities in WebCalendar Joxean Koret (Nov 10)
- [SquirrelMail Security Advisory] Cross Site Scripting in encoded text Jonathan Angliss (Nov 10)
- Nortel Networks Contivity VPN Client information leakage vulnerability Network Intelligence (I) Pvt. Ltd. (Nov 10)
- <Possible follow-ups>
- Re: Nortel Networks Contivity VPN Client information leakage vulnerability Quincy Jackson (Nov 10)
- BNC 2.8.9 remote buffer overflow LSS Security (Nov 10)
- Cisco Security Advisory: Cisco IOS DHCP Blocked Interface Denial-of-Service Cisco Systems Product Security Incident Response Team (Nov 10)
- Security Contact Info for IPSWITCH Tom (Nov 10)
- Unsecure Ftpd on HP PSC 2510 Printer Justin Rush (Nov 10)
- Re: Unsecure Ftpd on HP PSC 2510 Printer Lawrence MacIntyre (Nov 12)
- Re: Unsecure Ftpd on HP PSC 2510 Printer KF_lists (Nov 12)
- Re: Unsecure Ftpd on HP PSC 2510 Printer Lawrence MacIntyre (Nov 12)
- Re: Unsecure Ftpd on HP PSC 2510 Printer KF_lists (Nov 12)
- Re: Unsecure Ftpd on HP PSC 2510 Printer Lawrence MacIntyre (Nov 12)
- Re: Unsecure Ftpd on HP PSC 2510 Printer KF_lists (Nov 12)
- Re: Unsecure Ftpd on HP PSC 2510 Printer Lawrence MacIntyre (Nov 12)
- 04WebServer Three Vulnerabilities Jérôme (Nov 10)
- <Possible follow-ups>
- Re: 04WebServer Three Vulnerabilities chewkeong (Nov 15)
- Hotfoon Ver 4.0 Highv Risk saudi linux (Nov 10)
- SQL injection in vBulletin forums (last10.php) Dr. Death (Nov 11)
- Cisco Security Advisory: Crafted Timed Attack Evades Cisco Security Agent Protections Cisco Systems Product Security Incident Response Team (Nov 11)
- [CLA-2004:889] Conectiva Security Announcement - sasl2 Conectiva Updates (Nov 11)
- [ GLSA 200411-20 ] ez-ipupdate: Format string vulnerability Sune Kloppenborg Jeppesen (Nov 11)
- Zone Labs IMsecure Active Link Filter Bypass Kurczaba Associates advisories (Nov 11)
- [ GLSA 200411-19 ] Pavuk: Multiple buffer overflows Luke Macken (Nov 11)
- [waraxe-2004-SA#037 - Sql injection bug in Phorum 5.0.12 and older versions] Janek Vind (Nov 11)
- [ GLSA 200411-18 ] Apache 2.0: Denial of Service by memory consumption Matthias Geerdsen (Nov 11)
- [ GLSA 200411-22 ] Davfs2, lvm-user: Insecure tempfile handling Sune Kloppenborg Jeppesen (Nov 11)
- [USN-21-1] libgd vulnerabilities Martin Pitt (Nov 11)
- security hole (http response splitting) in phpwebsite Maestro De-Seguridad (Nov 11)
- [USN-22-1] samba vulnerability Martin Pitt (Nov 11)
- RE: Norton AntiVirus Script Blocking Exploit -- Symantec's response Daniel Milisic (Nov 11)
- Contact in HP related to OpenView / Coda Noam Rathaus (Nov 11)
- Unofficial Internet Explorer FRAME/IFRAME fix Thomas Rogg (Nov 12)
- [ GLSA 200411-21 ] Samba: Remote Denial of Service Matthias Geerdsen (Nov 12)
- [USN-23-1] apache2 vulnerability Martin Pitt (Nov 12)
- [USN-24-1] openssl script vulnerability Martin Pitt (Nov 12)
- Security flaw in ALCATEL/THOMSON Speed Touch Pro ADSL modems Gregory Duchemin (Nov 12)
- Re: Security flaw in ALCATEL/THOMSON Speed Touch Pro ADSL modems 3APA3A (Nov 13)
- Re: Security flaw in ALCATEL/THOMSON Speed Touch Pro ADSL modems Gregory Duchemin (Nov 13)
- Re: Security flaw in ALCATEL/THOMSON Speed Touch Pro ADSL modems 3APA3A (Nov 13)
- [SECURITY] [DSA 592-1] New ez-ipupdate packages fix format string vulnerability Martin Schulze (Nov 12)
- Vulnerability not with vBulletin Kier Darby (Nov 12)
- Sudo version 1.6.8p2 now available (fwd) je (Nov 12)
- Crash in Secure Network Messenger 1.4.2 Luigi Auriemma (Nov 12)
- Re: Crash in Secure Network Messenger 1.4.2 r`Futile (Nov 15)
- SQL Injection in phpBT (bug.php) jessica soules (Nov 12)
- phpBB Code EXEC (v2.0.10) jessica soules (Nov 12)
- Eudora 6.2 attachment spoof Paul Szabo (Nov 13)
- TWiki search function allows arbitrary shell command execution Hans Ulrich Niedermann (Nov 13)
- Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution Florian Weimer (Nov 16)
- IPSwitch-IMail-8.13 Stack Overflow in the DELETE Command Jérôme (Nov 13)
- SQL Injection in phpBT (bug.php - Add) Jérôme (Nov 13)
- SQL Injection in phpBT (bug.php) add project jessica soules (Nov 13)
- Multiple XSS holes in TheFaceBook Alex Lanstein (Nov 13)
- Format string bug in Army Men RTS Luigi Auriemma (Nov 15)
- [SNS Advisory No.79] A Possibility of Cookie Overwrite in Microsoft Internet Explorer Jérôme (Nov 15)
- Multiple vulnerabilities in Hired Team: Trial (Shine engine) Luigi Auriemma (Nov 15)
- Advisory 13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow Stefan Esser (Nov 15)
- XSS in TheFaceBook round 2 Alex Lanstein (Nov 15)
- iDEFENSE Security Advisory 11.15.04: Multiple Security Vulnerabilities in Fcron customer service mailbox (Nov 15)
- SUSE Security Announcement: samba (SUSE-SA:2004:040) Marcus Meissner (Nov 15)
- [SAMBA] CAN-2004-0882: Possiebl Buffer Overrun in smbd Gerald (Jerry) Carter (Nov 15)
- [USN-25-1] libgd2 vulnerability Martin Pitt (Nov 15)
- Google Desktop Search ignores Preferences Elliott Bäck (Nov 15)
- Skype callto:// BoF technical details Berend-Jan Wever (Nov 16)
- Re: Skype callto:// BoF technical details Fabian Becker (Nov 16)
- Re: Skype callto:// BoF technical details Berend-Jan Wever (Nov 16)
- Re: Skype callto:// BoF technical details Fabian Becker (Nov 16)
- [SECURITY] [DSA 593-1] New imagemagick packages fix arbitrary code execution Martin Schulze (Nov 16)
- [ GLSA 200411-24 ] BNC: Buffer overflow vulnerability Sune Kloppenborg Jeppesen (Nov 16)
- Flaws in SP2 security features, part II Juergen Schmidt (Nov 16)
- TSLSA-2004-0058 - multi Trustix Security Advisor (Nov 16)
- [waraxe-2004-SA#038 - Multiple vulnerabilities in Event Calendar module for PhpNuke] Janek Vind (Nov 16)
- Airport x-ray software creating images of phantom weapons? Jason Coombs (Nov 16)
- [ GLSA 200411-23 ] Ruby: Denial of Service issue Thierry Carrez (Nov 16)
- [SECURITY] [DSA 594-1] New Apache packages fix arbitrary code execution Martin Schulze (Nov 17)
- [ GLSA 200411-25 ] SquirrelMail: Encoded text XSS vulnerability Sune Kloppenborg Jeppesen (Nov 17)
- SUSE Security Announcement: xshared, XFree86-libs, xorg-x11-libs (SUSE-SA:2004:041) Thomas Biege (Nov 17)
- MDKSA-2004:135 - Updated apache2 packages fix request DoS Mandrake Linux Security Team (Nov 17)
- Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities Stefan Esser (Nov 17)
- [USN-26-1] bogofilter vulnerability Martin Pitt (Nov 17)
- [USN-27-1] libxpm4 vulnerability Martin Pitt (Nov 17)
- MDKSA-2004:132 - Updated gd packages fix integer overflows Mandrake Linux Security Team (Nov 17)
- [USN-28-1] sudo vulnerability Martin Pitt (Nov 17)
- MDKSA-2004:134 - Updated apache packages fix buffer overflow in mod_include Mandrake Linux Security Team (Nov 17)
- RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch. rexolab (Nov 17)
- Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch. Hans-Bernhard Broeker (Nov 18)
- [ GLSA 200411-26 ] GIMPS, SETI@home, ChessBrain: Insecure installation Sune Kloppenborg Jeppesen (Nov 17)
- MDKSA-2004:133 - Updated sudo packages fix vulnerability Mandrake Linux Security Team (Nov 17)
- Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.) Jerome ATHIAS (Nov 17)
- Re: Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.) Rafael San Miguel Carrasco (Nov 18)
- <Possible follow-ups>
- Re: Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.) Robert Hetzler (Nov 18)
- FreeBSD Security Advisory FreeBSD-SA-04:16.fetch FreeBSD Security Advisories (Nov 18)
- <Possible follow-ups>
- FreeBSD Security Advisory FreeBSD-SA-04:16.fetch security-advisories (Nov 19)
- [CLA-2004:890] Conectiva Security Announcement - libxml2 Conectiva Updates (Nov 18)
- EXEC exploit in phpBB - fix Paul S. Owen (Nov 18)
- RE: EXEC exploit in phpBB - fix Ron Brinker (Nov 18)
- [CLA-2004:892] Conectiva Security Announcement - MySQL Conectiva Updates (Nov 18)
- [MaxPatrol] SQL-injection in Invision Power Board 2.x Alexander Anisimov (Nov 18)
- AppServ 2.5.x and Prior Exploit saudi linux (Nov 18)
- Buffer overlow in DMS POP3 Server for Windows 2000/XP 1.5.3 build 37 and prior versions. Reed Arvin (Nov 18)
- [USN-29-1] samba vulnerability Martin Pitt (Nov 18)
- [ GLSA 200411-27 ] Fcron: Multiple vulnerabilities Luke Macken (Nov 18)
- [USN-30-1] Linux kernel vulnerabilities Martin Pitt (Nov 18)
- A Brief Analysis of Bofra/MyDoom.AG/AH Bryan Burns (Nov 18)
- Apache 2.0.52 DoS Exploit v2 Daniel Guido (Nov 19)
- Inofficial updates to 758884/NISCC/DNS Roy Arends (Nov 19)
- Privilege escalation in Mailtraq Version 2.6.1.1677. Reed Arvin (Nov 19)
- SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit Jérôme ATHIAS (Nov 19)
- Re: SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit security curmudgeon (Nov 20)
- <Possible follow-ups>
- Re: SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit Jerome ATHIAS (Nov 20)
- Corsaire Security Advisory - Danware NetOp Host multiple information disclosure issues advisories (Nov 19)
- Zone Labs Ad-Blocking Instability Nicolas Robillard (Nov 19)
- Zone Labs Security Advisory: Ad-Blocking Instability Zone Labs Product Security (Nov 19)
- Java Vulnerabilities in Opera 7.54 Marc Schoenefeld (Nov 19)
- EXEC exploit in phpBB - new release Paul S. Owen (Nov 19)
- Privilege escalation flaw in AClient Service for Windows (Version 5.6.181). Reed Arvin (Nov 19)
- MDKSA-2004:136 - Updated samba packages fix remote vulnerability Mandrake Linux Security Team (Nov 19)
- SecurityForest - Public Release #1 loni (Nov 19)
- Corsaire Security Advisory - Netopia Timbuktu remote buffer overflow issue advisories (Nov 19)
- Addendum, recent Linux <= 2.4.27 vulnerabilities Paul Starzetz (Nov 19)
- [ GLSA 200411-28 ] X.Org, XFree86: libXpm vulnerabilities Thierry Carrez (Nov 19)
- Microsoft Internet Explorer 6 SP2 Vulnerabilities / Full disclosure Vs. Security by Obscurity... K-OTiK Security (Nov 19)
- [ GLSA 200411-29 ] unarj: Long filenames buffer overflow and a path traversal vulnerability Thierry Carrez (Nov 19)
- TWiki exploit (search.pm / CAN-2004-1037) Roman Medina-Heigl Hernandez (Nov 19)
- IpbProArace 2.5.x SQL injection. axl daivy (Nov 20)
- [ECL] WCI TC-IDE embedded linux vulnerabilities ECL team (Nov 20)
- CoffeeCup FTP Clients Buffer Overflow Vulnerability Komrade (Nov 22)
- TSLSA-2004-0061 - multi Trustix Security Advisor (Nov 22)
- WeOnlyDo! COM Ftp DELUXE ActiveX Control Buffer Overflow Vulnerability Komrade (Nov 22)
- Changes to the filesystem while find is running - comments? James Youngman (Nov 22)
- Re: Changes to the filesystem while find is running - comments? Martin Buchholz (Nov 22)
- Re: Changes to the filesystem while find is running - comments? Dmitry V. Levin (Nov 22)
- Re: Changes to the filesystem while find is running - comments? James Youngman (Nov 23)
- Re: Changes to the filesystem while find is running - comments? Martin Buchholz (Nov 23)
- Re: Changes to the filesystem while find is running - comments? James Youngman (Nov 23)
- Re: Changes to the filesystem while find is running - comments? Martin Buchholz (Nov 23)
- Re: Changes to the filesystem while find is running - comments? devnull (Nov 24)
- Re: Changes to the filesystem while find is running - comments? Casper . Dik (Nov 24)
- Re: Changes to the filesystem while find is running - comments? Martin Buchholz (Nov 24)
- Re: Changes to the filesystem while find is running - comments? Casper . Dik (Nov 24)
- Re: Changes to the filesystem while find is running - comments? James Youngman (Nov 25)
- <Possible follow-ups>
- Re: Changes to the filesystem while find is running - comments? Paul Szabo (Nov 23)
- Re: Changes to the filesystem while find is running - comments? James Youngman (Nov 23)
- Re: Changes to the filesystem while find is running - comments? Paul Szabo (Nov 23)
- Re: Changes to the filesystem while find is running - comments? Martin Buchholz (Nov 23)
- Re: Changes to the filesystem while find is running - comments? Paul Szabo (Nov 23)
- Re: Changes to the filesystem while find is running - comments? James Youngman (Nov 23)
- Re: Changes to the filesystem while find is running - comments? Martin Buchholz (Nov 22)
- Broadcast client crash in Halo 1.05 Luigi Auriemma (Nov 22)
- GFHost PHP GMail remote command execution exploit that achieves webserver id privileges Jerome ATHIAS (Nov 22)
- Router ZyXEL Prestige 650 HW http remote admin. José (Nov 22)
- Re: Router ZyXEL Prestige 650 HW http remote admin. Hugo van der Kooij (Nov 23)
- Re: Router ZyXEL Prestige 650 HW http remote admin. Laurent Papier (Nov 25)
- Re: Router ZyXEL Prestige 650 HW http remote admin. Steve Clement (Nov 24)
- Re: Router ZyXEL Prestige 650 HW http remote admin. Hugo van der Kooij (Nov 23)
- PHPKIT SQL Injection, XSS Steve (Nov 22)
- iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrary Package Access Vulnerability customer service mailbox (Nov 22)
- [SIG^2 G-TEC] Prevx Home v1.0 Instrusion Prevention Features Can Be Disabled by Direct Service Table Restoration chewkeong (Nov 22)
- Hardware support for XP SP2 DEP not enabled by default ? Nicolas RUFF (Nov 23)
- Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities Stefan Esser (Nov 23)
- Winamp - Buffer Overflow In IN_CDDA.dll Brett Moore (Nov 23)
- MDKSA-2004:137 - Updated libxpm4 packages fix libXpm vulnerabilities Mandrake Linux Security Team (Nov 23)
- <Possible follow-ups>
- MDKSA-2004:137 - Updated libxpm4 packages fix libXpm vulnerabilities Mandrake Linux Security Team (Nov 23)
- [ GLSA 200411-30 ] pdftohtml: Vulnerabilities in included Xpdf Thierry Carrez (Nov 23)
- Fotolog.net cross-site scripting vulnerabilities [RLSA_05-2004] Jerome ATHIAS (Nov 23)
- [ GLSA 200411-31 ] ProZilla: Multiple vulnerabilities Thierry Carrez (Nov 23)
- echalk vuln kevin anonymous (Nov 23)
- IPFront - Release Hernan Racciatti (Nov 23)
- RE: iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrar y Package Access Vulnerability Sherlock, Nathan (Nov 23)
- <Possible follow-ups>
- RE: iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrar y Package Access Vulnerability Randal, Phil (Nov 23)
- Broadcast memory corruption in Soldier of Fortune II 1.03 Luigi Auriemma (Nov 23)
- Sun Java Plugin arbitrary package access vulnerability Jouko Pynnonen (Nov 23)
- Re: Sun Java Plugin arbitrary package access vulnerability Ken S (Nov 23)
- Re: Sun Java Plugin arbitrary package access vulnerability Alla Bezroutchko (Nov 25)
- Re: [Full-Disclosure] Re: Sun Java Plugin arbitrary package access vulnerability Exchange (Nov 25)
- Rumours about Opera Marc Schoenefeld (Nov 25)
- <Possible follow-ups>
- Re: Sun Java Plugin arbitrary package access vulnerability Ken S (Nov 25)
- Re: Sun Java Plugin arbitrary package access vulnerability Peter Greenwood (Nov 25)
- [CLA-2004:894] Conectiva Security Announcement - shadow-utils Conectiva Updates (Nov 23)
- Windows Mobile Pocket PC Security kers0r (Nov 23)
- Incorrect reporting of the Bofra/The Register exploit matt (Nov 23)
- Re: Incorrect reporting of the Bofra/The Register exploit Florian Laws (Nov 24)
- MDKSA-2004:138 - Updated XFree86 packages fix libXpm vulnerabilities Mandrake Linux Security Team (Nov 23)
- <Possible follow-ups>
- MDKSA-2004:138 - Updated XFree86 packages fix libXpm vulnerabilities Mandrake Linux Security Team (Nov 24)
- SecureCRT - Remote Command Execution Brett Moore (Nov 24)
- [CLA-2004:896] Conectiva Security Announcement - bugzilla Conectiva Updates (Nov 24)
- STG Security Advisory: [SSA-20041122-10] KorWeblog directory traversal vulnerability advisory (Nov 24)
- [SECURITY] [DSA 596-1] New sudo packages fix privilege escalation Martin Schulze (Nov 24)
- [SECURITY] [DSA 596-2] New sudo packages removes debug output Martin Schulze (Nov 24)
- Limited buffer-overflow and arbitrary memory access in Star Wars Battlefront 1.11 Luigi Auriemma (Nov 24)
- [SECURITY] [DSA 595-1] New bnc packages arbitrary code execution Martin Schulze (Nov 24)
- STG Security Advisory: [SSA-20041122-09] cscope insecure temp file creation vulnerability advisory (Nov 24)
- [USN-31-1] cyrus21-imapd vulnerabilities Martin Pitt (Nov 24)
- STG Security Advisory: [SSA-20041122-11] JSPWiki XSS vulnerability advisory (Nov 24)
- Prozilla Remote Exploit Serkan Akpolat (Nov 24)
- [ GLSA 200411-33 ] TWiki: Arbitrary command execution Sune Kloppenborg Jeppesen (Nov 24)
- [SIG^2 G-TEC] CMailServer WebMail v5.2 Multiple Vulnerabilities chewkeong (Nov 25)
- Re: [SIG^2 G-TEC] Prevx Home v1.0 Instrusion Prevention Features Can Be Disabled by Direct Service Table Restoration Ralph Harvey (Nov 25)
- STG Security Advisory: [SSA-20041122-12] Zwiki XSS vulnerability advisory (Nov 25)
- Re: STG Security Advisory: [SSA-20041122-12] Zwiki XSS vulnerability Chris Withers (Nov 27)
- XSS in Brazilian Insite products Carlos Ulver (Nov 25)
- MSIE flaws: nested array sort() loop Stack overflow exception Berend-Jan Wever (Nov 25)
- <Possible follow-ups>
- Re: MSIE flaws: nested array sort() loop Stack overflow exception isno (Nov 27)
- [SECURITY] [DSA 598-1] New yardradius packages fix arbitrary code execution Martin Schulze (Nov 25)
- FIREFOX flaws: nested array sort() loop Stack overflow exception Berend-Jan Wever (Nov 25)
- Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception Heikki Toivonen (Nov 25)
- Atari800 - local root. Adam Zabrocki (Nov 25)
- [ GLSA 200411-34 ] Cyrus IMAP Server: Multiple remote vulnerabilities Thierry Carrez (Nov 25)
- [USN-32-1] mysql vulnerabilities Martin Pitt (Nov 25)
- EZshopper is still vulnerable against Directory Traversal. Zero_X www . lobnan . de Team (Nov 25)
- Re: Liferay Cross Site Scripting Flaw michael young (Nov 25)
- Remote buffer overflow in MailEnable IMAP service [Hat-Squad Advisory] Jerome ATHIAS (Nov 25)
- [SECURITY] [DSA 599-1] New tetex-bin packages fix arbitrary code execution Martin Schulze (Nov 26)
- [ GLSA 200411-32 ] phpBB: Remote command execution Sune Kloppenborg Jeppesen (Nov 26)
- Jabberd2.x remote BuffJabberd2.x remote Buffer Overflowser Overflows icbm (Nov 26)
- Buffer Overflow in Open Dc Hub 0.7.14 Donato Ferrante (Nov 26)
- [CLA-2004:899] Conectiva Security Announcement - samba Conectiva Updates (Nov 26)
- [SECURITY] [DSA 597-1] New cyrus-imapd packages fix arbitrary code execution Martin Schulze (Nov 26)
- Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched] Brett Moore (Nov 26)
- <Possible follow-ups>
- RE: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched] alex cottle (Nov 27)
- Re: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched] K-OTiK Security (Nov 27)
- MDKSA-2004:139 - Updated cyrus-imapd packages fix multiple vulnerabilities Mandrake Linux Security Team (Nov 27)
- MDKSA-2004:140 - Updated a2ps packages fix vulnerability Mandrake Linux Security Team (Nov 27)
- MDKSA-2004:141 - Updated zip packages fix vulnerability Mandrake Linux Security Team (Nov 27)
- Re: Atari800 - local root. (fwd) Petr Stehlik (Nov 27)
- phpCMS <= 1.2.1 Xss Vulnerability, Information disclosure Cyrille Barthelemy (Nov 27)
- php 4.3.7 memory limit POC exploit Gyan chawdhary (Nov 27)
- FluxBox crash vulnerability Quith (Nov 27)
- PnTresMailer code browser 6.03 Vulnerabilities John Cobb (Nov 27)
- Phpbb id: 10701 update and Attachmodule add-on Directory Traversal zee (Nov 27)
- Java version downgrading proof-of-concept auto333584 (Nov 27)
- Immunity, Inc Advisor Nicolas Waisman (Nov 27)
- [ GLSA 200411-35 ] phpWebSite: HTTP response splitting vulnerability Matthias Geerdsen (Nov 27)
- [CLA-2004:900] Conectiva Security Announcement - sun-jre Conectiva Updates (Nov 27)
- [ GLSA 200411-36 ] phpMyAdmin: Multiple XSS vulnerabilities Luke Macken (Nov 27)
- Setiri + Invisible browsers != browsers Haroon Meer (Nov 27)
- Microsoft Help ActiveX Control Related Topics Local Content Accessing Vulnerability Paul (Nov 28)
- [OpenPKG-SA-2004.051] OpenPKG Security Advisory (imapd) OpenPKG (Nov 29)
- Macromedia provided wrong "Solution" in mpsb02-08 Liu Die Yu (Nov 29)
- ncpfs buffer overflow Karol Więsek (Nov 29)
- [SECURITY] [DSA 601-1] New libgd1 packages fix arbitrary code execution Martin Schulze (Nov 29)
- Buffer-overflow in Orbz 2.10 Luigi Auriemma (Nov 29)
- Multiple buffer overlows in WS_FTP Server Version 5.03, 2004.10.14. Reed Arvin (Nov 29)
- [ GLSA 200411-38 ] Sun and Blackdown Java: Applet privilege escalation Sune Kloppenborg Jeppesen (Nov 29)
- Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038 Liu Die Yu (Nov 29)
- [SECURITY] [DSA 602-1] New libgd2 packages fix arbitrary code execution Martin Schulze (Nov 29)
- Privilege escalation flaw in MDaemon 7.2. Reed Arvin (Nov 29)
- Re: Privilege escalation flaw in MDaemon 7.2. kf_lists (Nov 30)
- Password Disclosure for SMB Shares in KDE's Konqueror Daniel Fabian (Nov 29)
- TSL-2004-0063 - multi Trustix Security Advisor (Nov 29)
- Players overflow in Serious engine UDP (was Alpha Black Zero, 29 Sep 2004) Luigi Auriemma (Nov 30)
- Linux Netwosix NEPOTE Updated! Vincenzo Ciaglia (Nov 30)
- [SHK-001]Payflow Link Default Config may lead to Hidden Field Modification M. Shirk (Nov 30)
- MDKSA-2004:137-1 - Updated libxpm4 packages correct issues with previous update Mandrake Linux Security Team (Nov 30)
- CuteFTP 6.0 Professional Remote Buffer Overflow Vulnerability Hongzhen Zhou (Nov 30)
- Endless loops in the http-server and pna-proxy modules of Jana server 2.4.4 Luigi Auriemma (Nov 30)