Bugtraq: by author
402 messages
starting Nov 13 04 and
ending Nov 19 04
Date index |
Thread index |
Author index
3APA3A
Re: Security flaw in ALCATEL/THOMSON Speed Touch Pro ADSL modems 3APA3A (Nov 13)
Adam Zabrocki
Atari800 - local root. Adam Zabrocki (Nov 25)
advisories
Corsaire Security Advisory - Netopia Timbuktu remote buffer overflow issue advisories (Nov 19)
Corsaire Security Advisory - Danware NetOp Host multiple information disclosure issues advisories (Nov 19)
advisory
STG Security Advisory: [SSA-20041122-10] KorWeblog directory traversal vulnerability advisory (Nov 24)
STG Security Advisory: [SSA-20041122-11] JSPWiki XSS vulnerability advisory (Nov 24)
STG Security Advisory: [SSA-20041122-09] cscope insecure temp file creation vulnerability advisory (Nov 24)
STG Security Advisory: [SSA-20041122-12] Zwiki XSS vulnerability advisory (Nov 25)
Alexander Anisimov
[MaxPatrol] SQL-injection in Invision Power Board 2.x Alexander Anisimov (Nov 18)
alex cottle
RE: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched] alex cottle (Nov 27)
Alex Lanstein
Multiple XSS holes in TheFaceBook Alex Lanstein (Nov 13)
XSS in TheFaceBook round 2 Alex Lanstein (Nov 15)
Alla Bezroutchko
Re: Sun Java Plugin arbitrary package access vulnerability Alla Bezroutchko (Nov 25)
Anton R Ivanov
Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33? Anton R Ivanov (Nov 01)
Atom 'Smasher'
Re: Evidence Mounts that the Vote Was Hacked Atom 'Smasher' (Nov 10)
Evidence Mounts that the Vote Was Hacked Atom 'Smasher' (Nov 09)
auto333584
Java version downgrading proof-of-concept auto333584 (Nov 27)
axl daivy
IpbProArace 2.5.x SQL injection. axl daivy (Nov 20)
Benjamin Tobias Franz
URL spoofing bug (with iframes) in Microsoft Internet Explorer (11/02/2004) Benjamin Tobias Franz (Nov 02)
Microsoft Internet Explorer permits to examine the existence of local files Benjamin Tobias Franz (Nov 08)
Berend-Jan Wever
MSIE src&name property disclosure Berend-Jan Wever (Nov 08)
Skype callto:// BoF technical details Berend-Jan Wever (Nov 16)
Re: Skype callto:// BoF technical details Berend-Jan Wever (Nov 16)
FIREFOX flaws: nested array sort() loop Stack overflow exception Berend-Jan Wever (Nov 25)
MSIE flaws: nested array sort() loop Stack overflow exception Berend-Jan Wever (Nov 25)
Re: BoF in Windows 2000: ddeshare.exe Berend-Jan Wever (Nov 09)
bkfsec
Re: Evidence Mounts that the Vote Was Hacked bkfsec (Nov 10)
Brett Moore
Winamp - Buffer Overflow In IN_CDDA.dll Brett Moore (Nov 23)
SecureCRT - Remote Command Execution Brett Moore (Nov 24)
Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched] Brett Moore (Nov 26)
Brian Gallagher
Re: Critical Vulnerability in Altiris Deployment Server architecture Brian Gallagher (Nov 01)
Bryan Burns
A Brief Analysis of Bofra/MyDoom.AG/AH Bryan Burns (Nov 18)
Carlos Ulver
XSS in Brazilian Insite products Carlos Ulver (Nov 25)
Casper . Dik
Re: Changes to the filesystem while find is running - comments? Casper . Dik (Nov 24)
Re: Changes to the filesystem while find is running - comments? Casper . Dik (Nov 24)
chewkeong
Re: 04WebServer Three Vulnerabilities chewkeong (Nov 15)
[SIG^2 G-TEC] CMailServer WebMail v5.2 Multiple Vulnerabilities chewkeong (Nov 25)
[SIG^2 G-TEC] Prevx Home v1.0 Instrusion Prevention Features Can Be Disabled by Direct Service Table Restoration chewkeong (Nov 22)
Chris Withers
Re: STG Security Advisory: [SSA-20041122-12] Zwiki XSS vulnerability Chris Withers (Nov 27)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Vulnerability in Cisco Secure Access Control Server EAP-TLS Authentication Cisco Systems Product Security Incident Response Team (Nov 02)
Cisco Security Advisory: Cisco IOS DHCP Blocked Interface Denial-of-Service Cisco Systems Product Security Incident Response Team (Nov 10)
Cisco Security Advisory: Crafted Timed Attack Evades Cisco Security Agent Protections Cisco Systems Product Security Incident Response Team (Nov 11)
Conectiva Updates
[CLA-2004:882] Conectiva Security Announcement - squid Conectiva Updates (Nov 03)
[CLA-2004:886] Conectiva Security Announcement - xpdf Conectiva Updates (Nov 09)
[CLA-2004:896] Conectiva Security Announcement - bugzilla Conectiva Updates (Nov 24)
[CLA-2004:899] Conectiva Security Announcement - samba Conectiva Updates (Nov 26)
[CLA-2004:900] Conectiva Security Announcement - sun-jre Conectiva Updates (Nov 27)
[CLA-2004:884] Conectiva Security Announcement - gaim Conectiva Updates (Nov 04)
[CLA-2004:888] Conectiva Security Announcement - libtiff3 Conectiva Updates (Nov 08)
[CLA-2004:885] Conectiva Security Announcement - apache Conectiva Updates (Nov 04)
[CLA-2004:892] Conectiva Security Announcement - MySQL Conectiva Updates (Nov 18)
[CLA-2004:894] Conectiva Security Announcement - shadow-utils Conectiva Updates (Nov 23)
[CLA-2004:889] Conectiva Security Announcement - sasl2 Conectiva Updates (Nov 11)
[CLA-2004:890] Conectiva Security Announcement - libxml2 Conectiva Updates (Nov 18)
[CLA-2004:881] Conectiva Security Announcement - rsync Conectiva Updates (Nov 02)
[CLA-2004:883] Conectiva Security Announcement - subversion Conectiva Updates (Nov 04)
Crispin Cowan
Re: New Whitepaper - "Second-order Code Injection Attacks" Crispin Cowan (Nov 02)
customer service mailbox
iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrary Package Access Vulnerability customer service mailbox (Nov 22)
iDEFENSE Security Advisory 11.15.04: Multiple Security Vulnerabilities in Fcron customer service mailbox (Nov 15)
Cyrille Barthelemy
phpCMS <= 1.2.1 Xss Vulnerability, Information disclosure Cyrille Barthelemy (Nov 27)
Daniel Fabian
Password Disclosure for SMB Shares in KDE's Konqueror Daniel Fabian (Nov 29)
Daniel Guido
Apache 2.0.52 DoS Exploit v2 Daniel Guido (Nov 19)
Daniel Milisic
RE: Norton AntiVirus Script Blocking Exploit -- Symantec's response Daniel Milisic (Nov 11)
Dave Aitel
Re: [Full-Disclosure] MSIE src&name property disclosure Dave Aitel (Nov 08)
David Hayden
RE: Evidence Mounts that the Vote Was Hacked David Hayden (Nov 11)
devnull
Re: Changes to the filesystem while find is running - comments? devnull (Nov 24)
Dmitry V. Levin
Re: Changes to the filesystem while find is running - comments? Dmitry V. Levin (Nov 22)
Donato Ferrante
Buffer Overflow in Open Dc Hub 0.7.14 Donato Ferrante (Nov 26)
Dr. Death
SQL injection in vBulletin forums (last10.php) Dr. Death (Nov 11)
dullien
Re: [SIG^2 G-TEC] Prevx Home v1.0 Instrusion Prevention Features Can Be Disabled by Direct Service Table Restoration dullien (Nov 24)
ECL team
[ECL] WCI TC-IDE embedded linux vulnerabilities ECL team (Nov 20)
Elia Florio
Rv: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) Elia Florio (Nov 02)
Elliott Bäck
Google Desktop Search ignores Preferences Elliott Bäck (Nov 15)
Exchange
Re: [Full-Disclosure] Re: Sun Java Plugin arbitrary package access vulnerability Exchange (Nov 25)
Fabian Becker
Re: Skype callto:// BoF technical details Fabian Becker (Nov 16)
Florian Laws
Re: Incorrect reporting of the Bofra/The Register exploit Florian Laws (Nov 24)
Florian Weimer
Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution Florian Weimer (Nov 16)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-04:16.fetch FreeBSD Security Advisories (Nov 18)
Gerald (Jerry) Carter
[SECURITY] CAN-2004-0930: Potential Remote Denial of Service Vulnerability in Samba 3.0.x <= 3.0.7 Gerald (Jerry) Carter (Nov 08)
[SAMBA] CAN-2004-0882: Possiebl Buffer Overrun in smbd Gerald (Jerry) Carter (Nov 15)
Gilbert Verdian
Safari vulnerable to URL spoofing Gilbert Verdian (Nov 01)
Graham, Brian
FW: Hacker Group back again, this time claiming to have source code to Cisco PIX firewall Graham, Brian (Nov 05)
Gregory Duchemin
Re: Security flaw in ALCATEL/THOMSON Speed Touch Pro ADSL modems Gregory Duchemin (Nov 13)
Security flaw in ALCATEL/THOMSON Speed Touch Pro ADSL modems Gregory Duchemin (Nov 12)
GuidoZ
Re: New URL spoofing bug in Microsoft Internet Explorer GuidoZ (Nov 17)
Gunter Ollmann
New Whitepaper - "Second-order Code Injection Attacks" Gunter Ollmann (Nov 01)
Gunter Ollmann (NGS)
RE: New Whitepaper - "Second-order Code Injection Attacks" Gunter Ollmann (NGS) (Nov 02)
RE: New Whitepaper - "Second-order Code Injection Attacks" Gunter Ollmann (NGS) (Nov 05)
Gyan chawdhary
php 4.3.7 memory limit POC exploit Gyan chawdhary (Nov 27)
Hans-Bernhard Broeker
Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch. Hans-Bernhard Broeker (Nov 18)
Hans Ulrich Niedermann
TWiki search function allows arbitrary shell command execution Hans Ulrich Niedermann (Nov 13)
Haroon Meer
Setiri + Invisible browsers != browsers Haroon Meer (Nov 27)
Hat-Squad Security Team
[Hat-Squad] SQL injection and XSS Vulnerabilities in HELM Hat-Squad Security Team (Nov 02)
Heikki Kortti
Re: Update: Web browsers - a mini-farce (MSIE gives in) Heikki Kortti (Nov 09)
Heikki Toivonen
Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception Heikki Toivonen (Nov 25)
Henning Brauer
Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33? Henning Brauer (Nov 02)
Hernan Racciatti
IPFront - Release Hernan Racciatti (Nov 23)
Hongzhen Zhou
CuteFTP 6.0 Professional Remote Buffer Overflow Vulnerability Hongzhen Zhou (Nov 30)
http-equiv () excite com
Re: New URL spoofing bug in Microsoft Internet Explorer http-equiv () excite com (Nov 11)
p h i s h i n g p h o r p h u n p h o r p h u q u e s a k e http-equiv () excite com (Nov 01)
Hugo van der Kooij
Re: Router ZyXEL Prestige 650 HW http remote admin. Hugo van der Kooij (Nov 23)
icbm
Jabberd2.x remote BuffJabberd2.x remote Buffer Overflowser Overflows icbm (Nov 26)
isno
Re: MSIE flaws: nested array sort() loop Stack overflow exception isno (Nov 27)
Jack C
BoF in Windows 2000: ddeshare.exe Jack C (Nov 09)
Jake Appelbaum
Security Contact for T-Mobile? Jake Appelbaum (Nov 09)
Re: Evidence Mounts that the Vote Was Hacked Jake Appelbaum (Nov 11)
James Youngman
Changes to the filesystem while find is running - comments? James Youngman (Nov 22)
Re: Changes to the filesystem while find is running - comments? James Youngman (Nov 23)
Re: Changes to the filesystem while find is running - comments? James Youngman (Nov 23)
Re: Changes to the filesystem while find is running - comments? James Youngman (Nov 23)
Re: Changes to the filesystem while find is running - comments? James Youngman (Nov 23)
Re: Changes to the filesystem while find is running - comments? James Youngman (Nov 25)
Janek Vind
[waraxe-2004-SA#038 - Multiple vulnerabilities in Event Calendar module for PhpNuke] Janek Vind (Nov 16)
[waraxe-2004-SA#037 - Sql injection bug in Phorum 5.0.12 and older versions] Janek Vind (Nov 11)
Jason Coombs
Airport x-ray software creating images of phantom weapons? Jason Coombs (Nov 16)
Javier Fernandez-Sanguino
Re: debian dhcpd, old format string bug Javier Fernandez-Sanguino (Nov 02)
Jay D. Dyson
Re: Evidence Mounts that the Vote Was Hacked Jay D. Dyson (Nov 09)
Re: Evidence Mounts that the Vote Was Hacked Jay D. Dyson (Nov 10)
je
Sudo version 1.6.8p2 now available (fwd) je (Nov 12)
Jeff Williams
Re: New Whitepaper - "Second-order Code Injection Attacks" Jeff Williams (Nov 02)
Jei
Re: Evidence Mounts that the Vote Was Hacked Jei (Nov 10)
Jerome ATHIAS
GFHost PHP GMail remote command execution exploit that achieves webserver id privileges Jerome ATHIAS (Nov 22)
Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.) Jerome ATHIAS (Nov 17)
Fotolog.net cross-site scripting vulnerabilities [RLSA_05-2004] Jerome ATHIAS (Nov 23)
Remote buffer overflow in MailEnable IMAP service [Hat-Squad Advisory] Jerome ATHIAS (Nov 25)
Re: SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit Jerome ATHIAS (Nov 20)
Jérôme ATHIAS
SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit Jérôme ATHIAS (Nov 19)
jessica soules
phpBB Code EXEC (v2.0.10) jessica soules (Nov 12)
SQL Injection in phpBT (bug.php) add project jessica soules (Nov 13)
SQL Injection in phpBT (bug.php) jessica soules (Nov 12)
Jirka Kosina
Re: [Full-Disclosure] Re: Linux ELF loader vulnerabilities Jirka Kosina (Nov 11)
Re: Linux ELF loader vulnerabilities Jirka Kosina (Nov 12)
John Cobb
PnTresMailer code browser 6.03 Vulnerabilities John Cobb (Nov 27)
Jonathan Angliss
[SquirrelMail Security Advisory] Cross Site Scripting in encoded text Jonathan Angliss (Nov 10)
José
Router ZyXEL Prestige 650 HW http remote admin. José (Nov 22)
Josh Bressers
Re: [Full-Disclosure] [HV-MED] Zip/Linux long path buffer overflow Josh Bressers (Nov 05)
Joshua Wright
Offline WPA-PSK auditing tool (coWPAtty) Joshua Wright (Nov 08)
Jouko Pynnonen
Sun Java Plugin arbitrary package access vulnerability Jouko Pynnonen (Nov 23)
Joxean Koret
Multiple Vulnerabilities in WebCalendar Joxean Koret (Nov 10)
Jérôme
SQL Injection in phpBT (bug.php - Add) Jérôme (Nov 13)
04WebServer Three Vulnerabilities Jérôme (Nov 10)
Microsoft ISA Server Authentication Bypassing Jérôme (Nov 02)
[SNS Advisory No.79] A Possibility of Cookie Overwrite in Microsoft Internet Explorer Jérôme (Nov 15)
IPSwitch-IMail-8.13 Stack Overflow in the DELETE Command Jérôme (Nov 13)
J. S. Connell
Re: BoF in Windows 2000: ddeshare.exe J. S. Connell (Nov 10)
Juergen Schmidt
Flaws in SP2 security features, part II Juergen Schmidt (Nov 16)
Justin Rush
Unsecure Ftpd on HP PSC 2510 Printer Justin Rush (Nov 10)
Karol Więsek
ncpfs buffer overflow Karol Więsek (Nov 29)
Ken S
Re: Sun Java Plugin arbitrary package access vulnerability Ken S (Nov 23)
Re: Sun Java Plugin arbitrary package access vulnerability Ken S (Nov 25)
kers0r
Windows Mobile Pocket PC Security kers0r (Nov 23)
kevin anonymous
echalk vuln kevin anonymous (Nov 23)
KF_lists
Re: Unsecure Ftpd on HP PSC 2510 Printer KF_lists (Nov 12)
Re: Privilege escalation flaw in MDaemon 7.2. kf_lists (Nov 30)
Re: Unsecure Ftpd on HP PSC 2510 Printer KF_lists (Nov 12)
Kier Darby
Vulnerability not with vBulletin Kier Darby (Nov 12)
Komrade
WeOnlyDo! COM Ftp DELUXE ActiveX Control Buffer Overflow Vulnerability Komrade (Nov 22)
CoffeeCup FTP Clients Buffer Overflow Vulnerability Komrade (Nov 22)
K-OTiK Security
Re: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched] K-OTiK Security (Nov 27)
Microsoft Internet Explorer 6 SP2 Vulnerabilities / Full disclosure Vs. Security by Obscurity... K-OTiK Security (Nov 19)
Kurczaba Associates advisories
Zone Labs IMsecure Active Link Filter Bypass Kurczaba Associates advisories (Nov 11)
Kurt Huwig
DOS against Java JNDI/DNS Kurt Huwig (Nov 08)
Laurent Papier
Re: Router ZyXEL Prestige 650 HW http remote admin. Laurent Papier (Nov 25)
Lawrence MacIntyre
Re: Unsecure Ftpd on HP PSC 2510 Printer Lawrence MacIntyre (Nov 12)
Re: Unsecure Ftpd on HP PSC 2510 Printer Lawrence MacIntyre (Nov 12)
Re: Unsecure Ftpd on HP PSC 2510 Printer Lawrence MacIntyre (Nov 12)
Liu Die Yu
Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038 Liu Die Yu (Nov 29)
Macromedia provided wrong "Solution" in mpsb02-08 Liu Die Yu (Nov 29)
loni
SecurityForest - Public Release #1 loni (Nov 19)
LSS Security
BNC 2.8.9 remote buffer overflow LSS Security (Nov 10)
Luigi Auriemma
Broadcast memory corruption in Soldier of Fortune II 1.03 Luigi Auriemma (Nov 23)
In-game format string bug in the Lithtech engine Luigi Auriemma (Nov 05)
Crash in Secure Network Messenger 1.4.2 Luigi Auriemma (Nov 12)
Limited buffer-overflow and arbitrary memory access in Star Wars Battlefront 1.11 Luigi Auriemma (Nov 24)
Broadcast client crash in Halo 1.05 Luigi Auriemma (Nov 22)
Resources consumption in 602 Lan Suite 2004.0.04.0909 Luigi Auriemma (Nov 06)
Players overflow in Serious engine UDP (was Alpha Black Zero, 29 Sep 2004) Luigi Auriemma (Nov 30)
Buffer-overflow in Orbz 2.10 Luigi Auriemma (Nov 29)
Multiple vulnerabilities in Hired Team: Trial (Shine engine) Luigi Auriemma (Nov 15)
Endless loops in the http-server and pna-proxy modules of Jana server 2.4.4 Luigi Auriemma (Nov 30)
Format string bug in Army Men RTS Luigi Auriemma (Nov 15)
Luke Macken
[ GLSA 200411-14 ] Kaffeine, gxine: Remotely exploitable buffer overflow Luke Macken (Nov 08)
[ GLSA 200411-12 ] zgv: Multiple buffer overflows Luke Macken (Nov 08)
[ GLSA 200411-27 ] Fcron: Multiple vulnerabilities Luke Macken (Nov 18)
[ GLSA 200411-04 ] Speedtouch USB driver: Privilege escalation vulnerability Luke Macken (Nov 02)
ERRATA: [ GLSA 200411-01 ] ppp: No denial of service vulnerability Luke Macken (Nov 03)
[ GLSA 200411-36 ] phpMyAdmin: Multiple XSS vulnerabilities Luke Macken (Nov 27)
[ GLSA 200411-10 ] Gallery: Cross-site scripting vulnerability Luke Macken (Nov 06)
[ GLSA 200411-19 ] Pavuk: Multiple buffer overflows Luke Macken (Nov 11)
[ GLSA 200411-01 ] ppp: Remote denial of service vulnerability Luke Macken (Nov 01)
Maestro De-Seguridad
security hole (http response splitting) in phpwebsite Maestro De-Seguridad (Nov 11)
Mandrake Linux Security Team
MDKSA-2004:121 - Updated netatalk packages fix temporary file vulnerability Mandrake Linux Security Team (Nov 02)
MDKSA-2004:124 - Updated xorg-x11 packages fix libXpm overflow vulnerabilities Mandrake Linux Security Team (Nov 04)
MDKSA-2004:127 - Updated libxml and libxml2 packages fix multiple vulnerabilities Mandrake Linux Security Team (Nov 05)
MDKSA-2004:128 - Updated ruby packages fix remote DoS vulnerability Mandrake Linux Security Team (Nov 09)
MDKSA-2004:137 - Updated libxpm4 packages fix libXpm vulnerabilities Mandrake Linux Security Team (Nov 23)
MDKSA-2004:126 - Updated shadow-utils packages fix security bypass vulnerability Mandrake Linux Security Team (Nov 05)
MDKSA-2004:140 - Updated a2ps packages fix vulnerability Mandrake Linux Security Team (Nov 27)
MDKSA-2004:136 - Updated samba packages fix remote vulnerability Mandrake Linux Security Team (Nov 19)
MDKSA-2004:138 - Updated XFree86 packages fix libXpm vulnerabilities Mandrake Linux Security Team (Nov 23)
MDKSA-2004:141 - Updated zip packages fix vulnerability Mandrake Linux Security Team (Nov 27)
MDKSA-2004:125 - Updated iptables packages fix vulnerability Mandrake Linux Security Team (Nov 05)
MDKSA-2004:133 - Updated sudo packages fix vulnerability Mandrake Linux Security Team (Nov 17)
MDKSA-2004:139 - Updated cyrus-imapd packages fix multiple vulnerabilities Mandrake Linux Security Team (Nov 27)
MDKSA-2004:123 - Updated perl-MIME-tools packages fix vulnerability Mandrake Linux Security Team (Nov 02)
MDKSA-2004:122 - Updated mod_ssl packages fix information disclosure vulnerability Mandrake Linux Security Team (Nov 02)
MDKSA-2004:137 - Updated libxpm4 packages fix libXpm vulnerabilities Mandrake Linux Security Team (Nov 23)
MDKSA-2004:120 - Updated mpg123 packages fix vulnerability Mandrake Linux Security Team (Nov 02)
MDKSA-2004:119 - Updated MySQL packages fix multiple vulnerabilities Mandrake Linux Security Team (Nov 02)
MDKSA-2004:138 - Updated XFree86 packages fix libXpm vulnerabilities Mandrake Linux Security Team (Nov 24)
MDKSA-2004:137-1 - Updated libxpm4 packages correct issues with previous update Mandrake Linux Security Team (Nov 30)
MDKSA-2004:117 - Updated gaim packages fix vulnerability Mandrake Linux Security Team (Nov 02)
MDKSA-2004:118 - Updated perl-Archive-Zip packages fix vulnerability Mandrake Linux Security Team (Nov 02)
MDKSA-2004:132 - Updated gd packages fix integer overflows Mandrake Linux Security Team (Nov 17)
MDKSA-2004:134 - Updated apache packages fix buffer overflow in mod_include Mandrake Linux Security Team (Nov 17)
MDKSA-2004:135 - Updated apache2 packages fix request DoS Mandrake Linux Security Team (Nov 17)
Marc Deslauriers
[FLSA-2004:2076] Updated foomatic package fixes security vulnerability Marc Deslauriers (Nov 05)
Marc Maiffret
EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service Marc Maiffret (Nov 09)
Marc Schoenefeld
Rumours about Opera Marc Schoenefeld (Nov 25)
Java Vulnerabilities in Opera 7.54 Marc Schoenefeld (Nov 19)
Marcus Meissner
SUSE Security Announcement: samba (SUSE-SA:2004:040) Marcus Meissner (Nov 15)
Mark Adler
zlib 1.2.2 released Mark Adler (Nov 02)
zlib 1.2.2 released Mark Adler (Nov 02)
Martin Buchholz
Re: Changes to the filesystem while find is running - comments? Martin Buchholz (Nov 22)
Re: Changes to the filesystem while find is running - comments? Martin Buchholz (Nov 23)
Re: Changes to the filesystem while find is running - comments? Martin Buchholz (Nov 23)
Re: Changes to the filesystem while find is running - comments? Martin Buchholz (Nov 24)
Re: Changes to the filesystem while find is running - comments? Martin Buchholz (Nov 23)
Martin Pitt
[USN-20-1] Ruby CGI module vulnerability Martin Pitt (Nov 09)
[USN-23-1] apache2 vulnerability Martin Pitt (Nov 12)
[USN-31-1] cyrus21-imapd vulnerabilities Martin Pitt (Nov 24)
[USN-25-1] libgd2 vulnerability Martin Pitt (Nov 15)
[USN-30-1] Linux kernel vulnerabilities Martin Pitt (Nov 18)
[USN-13-1] groff utility vulnerability Martin Pitt (Nov 01)
[USN-17-1] passwd vulnerability Martin Pitt (Nov 05)
[USN-19-1] squid vulnerabilities Martin Pitt (Nov 06)
Re: [Full-Disclosure] [HV-MED] Zip/Linux long path buffer overflow Martin Pitt (Nov 05)
[USN-15-1] lvm10 vulnerability Martin Pitt (Nov 02)
[USN-18-1] zip vulnerability Martin Pitt (Nov 05)
[USN-28-1] sudo vulnerability Martin Pitt (Nov 17)
[USN-22-1] samba vulnerability Martin Pitt (Nov 11)
[USN-26-1] bogofilter vulnerability Martin Pitt (Nov 17)
[USN-32-1] mysql vulnerabilities Martin Pitt (Nov 25)
[USN-29-1] samba vulnerability Martin Pitt (Nov 18)
[USN-27-1] libxpm4 vulnerability Martin Pitt (Nov 17)
[USN-14-1] xpdf vulnerabilities Martin Pitt (Nov 01)
[USN-16-1] perl vulnerabilities Martin Pitt (Nov 03)
[USN-24-1] openssl script vulnerability Martin Pitt (Nov 12)
[USN-10-1] XML library vulnerabilities Martin Pitt (Nov 01)
[USN-21-1] libgd vulnerabilities Martin Pitt (Nov 11)
Martin Schulze
[SECURITY] [DSA 587-1] New freeam packages fix arbitrary code execution Martin Schulze (Nov 08)
[SECURITY] [DSA 589-1] New libgd1 packages fix arbitrary code execution Martin Schulze (Nov 09)
[SECURITY] [DSA 596-1] New sudo packages fix privilege escalation Martin Schulze (Nov 24)
[SECURITY] [DSA 596-2] New sudo packages removes debug output Martin Schulze (Nov 24)
[SECURITY] [DSA 583-1] New lvm10 packages fix insecure temporary directory Martin Schulze (Nov 03)
[SECURITY] [DSA 595-1] New bnc packages arbitrary code execution Martin Schulze (Nov 24)
[SECURITY] [DSA 578-1] New mpg123 packages fix arbitrary code execution Martin Schulze (Nov 01)
[SECURITY] [DSA 599-1] New tetex-bin packages fix arbitrary code execution Martin Schulze (Nov 26)
[SECURITY] [DSA 598-1] New yardradius packages fix arbitrary code execution Martin Schulze (Nov 25)
[SECURITY] [DSA 592-1] New ez-ipupdate packages fix format string vulnerability Martin Schulze (Nov 12)
[SECURITY] [DSA 590-1] New gnats packages fix arbitrary code execution Martin Schulze (Nov 09)
[SECURITY] [DSA 588-1] New gzip packages fix insecure temporary files Martin Schulze (Nov 08)
[SECURITY] [DSA 581-1] New xpdf packages fix arbitrary code execution Martin Schulze (Nov 02)
[SECURITY] [DSA 593-1] New imagemagick packages fix arbitrary code execution Martin Schulze (Nov 16)
[SECURITY] [DSA 597-1] New cyrus-imapd packages fix arbitrary code execution Martin Schulze (Nov 26)
Re: debian dhcpd, old format string bug Martin Schulze (Nov 05)
[SECURITY] [DSA 582-1] New libxml packages fix arbitrary code execution Martin Schulze (Nov 02)
[SECURITY] [DSA 602-1] New libgd2 packages fix arbitrary code execution Martin Schulze (Nov 29)
[SECURITY] [DSA 585-1] New shadow packages fix unintended behaviour Martin Schulze (Nov 05)
[SECURITY] [DSA 601-1] New libgd1 packages fix arbitrary code execution Martin Schulze (Nov 29)
[SECURITY] [DSA 580-1] New iptables packages fix modprobe failure Martin Schulze (Nov 01)
[SECURITY] [DSA 584-1] New dhcp packages fix format string vulnerability Martin Schulze (Nov 04)
[SECURITY] [DSA 591-1] New libgd2 packages fix arbitrary code execution Martin Schulze (Nov 09)
[SECURITY] [DSA 579-1] New abiword packages fix arbitrary code execution Martin Schulze (Nov 01)
[SECURITY] [DSA 586-1] New ruby packages fix denial of service Martin Schulze (Nov 08)
[SECURITY] [DSA 594-1] New Apache packages fix arbitrary code execution Martin Schulze (Nov 17)
matt
Incorrect reporting of the Bofra/The Register exploit matt (Nov 23)
Matthias Geerdsen
[ GLSA 200411-18 ] Apache 2.0: Denial of Service by memory consumption Matthias Geerdsen (Nov 11)
[ GLSA 200411-35 ] phpWebSite: HTTP response splitting vulnerability Matthias Geerdsen (Nov 27)
[ GLSA 200411-09 ] shadow: Unauthorized modification of account information Matthias Geerdsen (Nov 04)
[ GLSA 200411-21 ] Samba: Remote Denial of Service Matthias Geerdsen (Nov 12)
[ GLSA 200411-03 ] Apache 1.3: Buffer overflow vulnerability in mod_include Matthias Geerdsen (Nov 02)
Menashe Eliezer
Re: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) Menashe Eliezer (Nov 08)
Michael Silk
RE: New URL spoofing bug in Microsoft Internet Explorer Michael Silk (Nov 17)
michael young
Re: Liferay Cross Site Scripting Flaw michael young (Nov 25)
Michal Zalewski
Re: [Full-Disclosure] MSIE src&name property disclosure Michal Zalewski (Nov 08)
Re: [Full-Disclosure] MSIE src&name property disclosure Michal Zalewski (Nov 08)
MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) (fwd) Michal Zalewski (Nov 02)
morning_wood
Re: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) morning_wood (Nov 02)
M. Shirk
[SHK-001]Payflow Link Default Config may lead to Hidden Field Modification M. Shirk (Nov 30)
Network Intelligence (I) Pvt. Ltd.
Nortel Networks Contivity VPN Client information leakage vulnerability Network Intelligence (I) Pvt. Ltd. (Nov 10)
NGSSoftware Insight Security Research
Medium Risk Vulnerability in WinRAR NGSSoftware Insight Security Research (Nov 02)
Nicolas Gregoire
Re: New Whitepaper - "Second-order Code Injection Attacks" Nicolas Gregoire (Nov 03)
Nicolas Robillard
Zone Labs Ad-Blocking Instability Nicolas Robillard (Nov 19)
Nicolas RUFF
Hardware support for XP SP2 DEP not enabled by default ? Nicolas RUFF (Nov 23)
Nicolas Waisman
Immunity, Inc Advisor Nicolas Waisman (Nov 27)
Noam Rathaus
Contact in HP related to OpenView / Coda Noam Rathaus (Nov 11)
OpenPKG
[OpenPKG-SA-2004.049] OpenPKG Security Advisory (gd) OpenPKG (Nov 01)
[OpenPKG-SA-2004.045] OpenPKG Security Advisory (mysql) OpenPKG (Nov 01)
[OpenPKG-SA-2004.051] OpenPKG Security Advisory (imapd) OpenPKG (Nov 29)
[OpenPKG-SA-2004.050] OpenPKG Security Advisory (libxml) OpenPKG (Nov 01)
Paul
Microsoft Help ActiveX Control Related Topics Local Content Accessing Vulnerability Paul (Nov 28)
Paul Mackerras
Re: [ GLSA 200411-01 ] ppp: Remote denial of service vulnerability Paul Mackerras (Nov 02)
Paul Schmehl
Re: [Full-Disclosure] MSIE src&name property disclosure Paul Schmehl (Nov 08)
Paul S. Owen
EXEC exploit in phpBB - fix Paul S. Owen (Nov 18)
EXEC exploit in phpBB - new release Paul S. Owen (Nov 19)
Paul Starzetz
Addendum, recent Linux <= 2.4.27 vulnerabilities Paul Starzetz (Nov 19)
Linux ELF loader vulnerabilities Paul Starzetz (Nov 10)
Paul Szabo
Eudora 6.2 attachment spoof Paul Szabo (Nov 13)
Re: Changes to the filesystem while find is running - comments? Paul Szabo (Nov 23)
Re: Changes to the filesystem while find is running - comments? Paul Szabo (Nov 23)
Re: Changes to the filesystem while find is running - comments? Paul Szabo (Nov 23)
Pavel Kankovsky
Re: Linux ELF loader vulnerabilities Pavel Kankovsky (Nov 11)
Peter Conrad
Re: Evidence Mounts that the Vote Was Hacked Peter Conrad (Nov 10)
Peter Greenwood
Re: Sun Java Plugin arbitrary package access vulnerability Peter Greenwood (Nov 25)
Petr Stehlik
Re: Atari800 - local root. (fwd) Petr Stehlik (Nov 27)
q q
Re: New URL spoofing bug in Microsoft Internet Explorer q q (Nov 16)
Quincy Jackson
Re: Nortel Networks Contivity VPN Client information leakage vulnerability Quincy Jackson (Nov 10)
Quith
FluxBox crash vulnerability Quith (Nov 27)
R00tCr4ck
Multiple Vulnerabilities in Web Forums Server R00tCr4ck (Nov 02)
Rafael San Miguel Carrasco
Re: Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.) Rafael San Miguel Carrasco (Nov 18)
Ralph Harvey
Re: [SIG^2 G-TEC] Prevx Home v1.0 Instrusion Prevention Features Can Be Disabled by Direct Service Table Restoration Ralph Harvey (Nov 25)
Randal, Phil
RE: iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrar y Package Access Vulnerability Randal, Phil (Nov 23)
Reed Arvin
Multiple buffer overlows in WS_FTP Server Version 5.03, 2004.10.14. Reed Arvin (Nov 29)
Buffer overlow in DMS POP3 Server for Windows 2000/XP 1.5.3 build 37 and prior versions. Reed Arvin (Nov 18)
Privilege escalation flaw in MDaemon 7.2. Reed Arvin (Nov 29)
Privilege escalation in Mailtraq Version 2.6.1.1677. Reed Arvin (Nov 19)
Privilege escalation flaw in AClient Service for Windows (Version 5.6.181). Reed Arvin (Nov 19)
rexolab
RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch. rexolab (Nov 17)
Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch. rexolab (Nov 19)
r`Futile
Re: Crash in Secure Network Messenger 1.4.2 r`Futile (Nov 15)
Rick Crelia
Re: Evidence Mounts that the Vote Was Hacked Rick Crelia (Nov 10)
Robert Hetzler
Re: Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.) Robert Hetzler (Nov 18)
Roman Medina-Heigl Hernandez
TWiki exploit (search.pm / CAN-2004-1037) Roman Medina-Heigl Hernandez (Nov 19)
Ron Brinker
RE: EXEC exploit in phpBB - fix Ron Brinker (Nov 18)
roozbeh afrasiabi
Re: New URL spoofing bug in Microsoft Internet Explorer roozbeh afrasiabi (Nov 09)
Internet Explorer HTML Help Control ActiveX Cross Domain/Zone Scripting Vulnerabilities roozbeh afrasiabi (Nov 01)
Roy Arends
Inofficial updates to 758884/NISCC/DNS Roy Arends (Nov 19)
saudi linux
AppServ 2.5.x and Prior Exploit saudi linux (Nov 18)
Hotfoon Ver 4.0 Highv Risk saudi linux (Nov 10)
secure
Re: [HV-LOW] Symantec LiveUpdate issues may cause DoS secure (Nov 09)
Secure Science Corporation Advisory Notice
SSC Advisory TSA-052 (Callwave.com) Secure Science Corporation Advisory Notice (Nov 04)
SSC Advisory TSA-052 (Callwave.com) Secure Science Corporation Advisory Notice (Nov 04)
SSC Advisory TSA-053 (Ureach.com) Secure Science Corporation Advisory Notice (Nov 05)
security-advisories
FreeBSD Security Advisory FreeBSD-SA-04:16.fetch security-advisories (Nov 19)
security curmudgeon
Re: SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit security curmudgeon (Nov 20)
Serkan Akpolat
Prozilla Remote Exploit Serkan Akpolat (Nov 24)
Sherlock, Nathan
RE: iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrar y Package Access Vulnerability Sherlock, Nathan (Nov 23)
ShineShadow
Multiple vulnerabilities in Icewarp Web Mail 5.2.8 : New face of old problems. ShineShadow (Nov 05)
Solar Designer
Re: [ GLSA 200411-09 ] shadow: Unauthorized modification of account information Solar Designer (Nov 04)
Sowhat .
XDICT Buffer OverRun Vulnerability,funny :-) Sowhat . (Nov 01)
Stefan Esser
Advisory 13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow Stefan Esser (Nov 15)
Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities Stefan Esser (Nov 23)
Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities Stefan Esser (Nov 17)
Steve
PHPKIT SQL Injection, XSS Steve (Nov 22)
Steve Clement
Re: Router ZyXEL Prestige 650 HW http remote admin. Steve Clement (Nov 24)
Steven M. Christey
Making distinctions between similar-looking vulnerabilities Steven M. Christey (Nov 05)
Sune Kloppenborg Jeppesen
[ GLSA 200411-26 ] GIMPS, SETI@home, ChessBrain: Insecure installation Sune Kloppenborg Jeppesen (Nov 17)
[ GLSA 200411-22 ] Davfs2, lvm-user: Insecure tempfile handling Sune Kloppenborg Jeppesen (Nov 11)
[ GLSA 200411-16 ] zip: Path name buffer overflow Sune Kloppenborg Jeppesen (Nov 09)
[ GLSA 200411-13 ] Portage, Gentoolkit: Temporary file vulnerabilities Sune Kloppenborg Jeppesen (Nov 08)
[ GLSA 200411-20 ] ez-ipupdate: Format string vulnerability Sune Kloppenborg Jeppesen (Nov 11)
[ GLSA 200411-32 ] phpBB: Remote command execution Sune Kloppenborg Jeppesen (Nov 26)
[ GLSA 200411-33 ] TWiki: Arbitrary command execution Sune Kloppenborg Jeppesen (Nov 24)
[ GLSA 200411-25 ] SquirrelMail: Encoded text XSS vulnerability Sune Kloppenborg Jeppesen (Nov 17)
[ GLSA 200411-02 ] Cherokee: Format string vulnerability Sune Kloppenborg Jeppesen (Nov 01)
[ GLSA 200411-17 ] mtink: Insecure tempfile handling Sune Kloppenborg Jeppesen (Nov 09)
[ GLSA 200411-11 ] ImageMagick: EXIF buffer overflow Sune Kloppenborg Jeppesen (Nov 06)
[ GLSA 200411-24 ] BNC: Buffer overflow vulnerability Sune Kloppenborg Jeppesen (Nov 16)
[ GLSA 200411-38 ] Sun and Blackdown Java: Applet privilege escalation Sune Kloppenborg Jeppesen (Nov 29)
tal zeltzer
Exploiting default exception handler to increase exploit stability on win32 tal zeltzer (Nov 02)
Ted Percival
Re: Linux ELF loader vulnerabilities Ted Percival (Nov 11)
Thierry Carrez
[ GLSA 200411-34 ] Cyrus IMAP Server: Multiple remote vulnerabilities Thierry Carrez (Nov 25)
[ GLSA 200411-31 ] ProZilla: Multiple vulnerabilities Thierry Carrez (Nov 23)
UPDATE: [ GLSA 200410-30 ] GPdf, KPDF, KOffice: Vulnerabilities in included xpdf Thierry Carrez (Nov 06)
[ GLSA 200411-06 ] MIME-tools: Virus detection evasion Thierry Carrez (Nov 03)
[ GLSA 200411-28 ] X.Org, XFree86: libXpm vulnerabilities Thierry Carrez (Nov 19)
[ GLSA 200411-07 ] Proxytunnel: Format string vulnerability Thierry Carrez (Nov 03)
UPDATE: [ GLSA 200410-20 ] Xpdf, CUPS: Multiple integer overflows Thierry Carrez (Nov 06)
[ GLSA 200411-08 ] GD: Integer overflow Thierry Carrez (Nov 04)
[ GLSA 200411-29 ] unarj: Long filenames buffer overflow and a path traversal vulnerability Thierry Carrez (Nov 19)
[ GLSA 200411-23 ] Ruby: Denial of Service issue Thierry Carrez (Nov 16)
[ GLSA 200411-15 ] OpenSSL, Groff: Insecure tempfile handling Thierry Carrez (Nov 08)
[ GLSA 200411-30 ] pdftohtml: Vulnerabilities in included Xpdf Thierry Carrez (Nov 23)
[ GLSA 200411-05 ] libxml2: Remotely exploitable buffer overflow Thierry Carrez (Nov 03)
Thomas Biege
SUSE Security Announcement: xshared, XFree86-libs, xorg-x11-libs (SUSE-SA:2004:041) Thomas Biege (Nov 17)
Thomas Rogg
Unofficial Internet Explorer FRAME/IFRAME fix Thomas Rogg (Nov 12)
Timo Sirainen
up-imapproxy DoS vulnerabilities Timo Sirainen (Nov 08)
Tom
Security Contact Info for IPSWITCH Tom (Nov 10)
Trustix Security Advisor
TSLSA-2004-0058 - multi Trustix Security Advisor (Nov 16)
TSL-2004-0063 - multi Trustix Security Advisor (Nov 29)
TSLSA-2004-0055 - multi Trustix Security Advisor (Nov 01)
TSLSA-2004-0061 - multi Trustix Security Advisor (Nov 22)
TSLSA-2004-0056 - apache Trustix Security Advisor (Nov 05)
Valdis . Kletnieks
Re: BoF in Windows 2000: ddeshare.exe Valdis . Kletnieks (Nov 09)
Vincenzo Ciaglia
Linux Netwosix NEPOTE Updated! Vincenzo Ciaglia (Nov 30)
vuln
[HV-LOW] Symantec LiveUpdate issues may cause DoS vuln (Nov 08)
[HV-MED] Zip/Linux long path buffer overflow vuln (Nov 04)
y3dips
Vulnerabilities in JAF CMS y3dips (Nov 09)
zee
Phpbb id: 10701 update and Attachmodule add-on Directory Traversal zee (Nov 27)
Zero_X www . lobnan . de Team
EZshopper is still vulnerable against Directory Traversal. Zero_X www . lobnan . de Team (Nov 25)
Zone Labs Product Security
Zone Labs Security Advisory: Ad-Blocking Instability Zone Labs Product Security (Nov 19)