Bugtraq: by author

366 messages starting Oct 28 04 and ending Oct 12 04
Date index | Thread index | Author index

0-1-2-3

New URL spoofing bug in Microsoft Internet Explorer 0-1-2-3 (Oct 28)
Re: New URL spoofing bug in Microsoft Internet Explorer 0-1-2-3 (Oct 30)

3APA3A

Presentation: Bypassing client application protection techniques with notepad 3APA3A (Oct 28)
Re: [Full-Disclosure] iDEFENSE Security Advisory 10.05.04b: Symantec Norton AntiVirus Reserved Device Name Handling Vulnerability 3APA3A (Oct 06)

Abe Usher

MonkeyShell: using XML-RPC for access to a remote shell Abe Usher (Oct 12)

ACROS Security

ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer ACROS Security (Oct 13)
ACROS Security: Unsanitized Session ID Cookie Allows Modifying Server Response ACROS Security (Oct 14)
ACROS Security: Session Fixation in JRun Management Console ACROS Security (Oct 14)
ACROS Security: HTML Injection in JRun Management Console ACROS Security (Oct 14)

Adam Gowdiak

J2ME security vulnerabilities Adam Gowdiak (Oct 22)

advisory

BindView Advisory: Memory Leak and DoS in NT4 RPC server advisory (Oct 13)
STG Security Advisory: [SSA-20041022-08] MoniWiki XSS vulnerability advisory (Oct 25)

Ahmad Muammar

Multiple Vulnerabilities in AJ-Fork Ahmad Muammar (Oct 01)

Alan Cox

CAN-2004-0814: Linux terminal layer races Alan Cox (Oct 21)

albatross

GDI+ JPEG exploit albatross (Oct 06)
MS October Security bulletins albatross (Oct 12)

Alexander Antipov

[Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal Alexander Antipov (Oct 06)
[MAxpatrol Security Advisory] Multiple vulnerabilities in GoSmart Message Board Alexander Antipov (Oct 11)
[MAXPATROL Security Advisories] Cross site scripting in Invision Power Board Alexander Antipov (Oct 05)

americanidiot

Writing Trojans that bypass Windows XP Service Pack 2 Firewall americanidiot (Oct 15)

Amit Klein (AKsecurity)

Microsoft IIS 5.x/6.0 WebDAV (XML parser) attribute blowup DoS Amit Klein (AKsecurity) (Oct 12)
Security advisory - Xerces-C++ 2.5.0: Attribute blowup Amit Klein (AKsecurity) (Oct 02)

Anatole Shaw

PuTTY SSH client vulnerability Anatole Shaw (Oct 27)

André Malo

Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33? André Malo (Oct 29)

Andrew Hunter

[IE 6 SP2] Possible URL Spoofing Andrew Hunter (Oct 15)

Andrey Bayora

Bypass of Antivirus software with GDI+ bug exploit Mutations Andrey Bayora (Oct 15)

Atom 'Smasher'

Some Voters Say Machines Failed, Incorrect Choices Appear on Screens (fwd) Atom 'Smasher' (Oct 25)

Babar Shafiq Nazmi

Re: Possible GDI Exploit Vector Babar Shafiq Nazmi (Oct 01)

Berend-Jan Wever

Re: [Full-Disclosure] python does mangleme (with IE bugs!) Berend-Jan Wever (Oct 25)
Test your windows OS Berend-Jan Wever (Oct 05)

bil

Re: Directory traversal in Yak! 2.1.2 bil (Oct 18)

Bipin Gautam

Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bug Bipin Gautam (Oct 05)
Re: EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability Bipin Gautam (Oct 15)

Boren, Rich (SSRT)

[Security Bulletin] SSRT4807 HP-UX stmkfont local unauthorized privileged access Boren, Rich (SSRT) (Oct 22)
[security bulletin]SSRT4826 rev.0 Mozilla Application Suite for HP Tru64 UNIX Multiple Potential Security Vulnerabilities Boren, Rich (SSRT) (Oct 05)
[security bulletin] SSRT3526 Serviceguard potential increase in privilege Boren, Rich (SSRT) (Oct 27)

Brandon Petty

Re: Oracle 9i Union Flaw Brandon Petty (Oct 01)
Oracle 9i Union Flaw Brandon Petty (Oct 01)

Brett Moore

SetWindowLong Shatter Attacks Brett Moore (Oct 14)
Buffer Overflow In Microsoft Excel Brett Moore (Oct 14)

Brian Gallagher

Critical Vulnerability in Altiris Deployment Server architecture Brian Gallagher (Oct 21)

Brooks, Shane

RE: Critical Vulnerability in Altiris Deployment Server architecture Brooks, Shane (Oct 25)

bugtraq

Clientexec Billing Software bugtraq (Oct 15)

Carl

Multiple vulnerabilities in Sage Saleslogix Carl (Oct 18)

Carlos Barros

mpg123 "getauthfromurl" buffer overflow Carlos Barros (Oct 20)

Chaotic Evil

HTTP Response Splitting Vulnerability in Wordpress 1.2 Chaotic Evil (Oct 07)
HTTP Response Splitting in Serendipity 0.7-beta4 Chaotic Evil (Oct 21)

Chenghuai Lu

Re: EEYE: RealPlayer pnen3260.dll Heap Overflow Chenghuai Lu (Oct 05)

chris

CESA-2004-006: libtiff chris (Oct 14)

Chris Frey

Re: zgv image viewing heap overflows Chris Frey (Oct 28)

Chris Norton

Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory Chris Norton (Oct 19)

Chris Paget

Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes Chris Paget (Sep 30)
Re: Update: Web browsers - a mini-farce (MSIE gives in) Chris Paget (Oct 29)

Christopher J. Pilkington

Re: New URL spoofing bug in Microsoft Internet Explorer Christopher J. Pilkington (Oct 29)

Christoph Jeschke

[Powie's PSCRIPT Forum] Multiple SQL-Injection Vulnerabilities Christoph Jeschke (Oct 18)

Conectiva Updates

[CLA-2004:878] Conectiva Security Announcement - zlib Conectiva Updates (Oct 25)
[CLA-2004:880] Conectiva Security Announcement - foomatic-filters Conectiva Updates (Oct 27)
[CLA-2004:875] Conectiva Security Announcement - gtk+ Conectiva Updates (Oct 18)
[CLA-2004:872] Conectiva Security Announcement - cups Conectiva Updates (Oct 14)
[CLA-2004:877] Conectiva Security Announcement - mozilla Conectiva Updates (Oct 22)
[CLA-2004:879] Conectiva Security Announcement - kernel Conectiva Updates (Oct 27)
[CLA-2004:873] Conectiva Security Announcement - samba Conectiva Updates (Oct 14)

CORE Security Technologies Advisories

CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities CORE Security Technologies Advisories (Oct 12)

Crispin Cowan

Re: Mozilla Firefox (tested on 0.9.3) html-code crash. Crispin Cowan (Oct 28)
Re: avoiding stackguard Crispin Cowan (Oct 22)

customer service mailbox

iDEFENSE Security Advisory 09.29.04 - Macromedia JRun 4 mod_jrun Apache Module Buffer Overflow Vulnerability customer service mailbox (Sep 30)
iDEFENSE Security Advisory 10.18.04: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability customer service mailbox (Oct 18)
iDEFENSE Security Advisory 10.27.04 - PuTTY SSH2_MSG_DEBUG Buffer Overflow Vulnerability customer service mailbox (Oct 27)
iDEFENSE Security Advisory XX.XX.04 - Novell SuSe Linux LibTIFF Heap Overflow Vulnerability customer service mailbox (Oct 22)

Daniel Milisic

Norton AntiVirus 2004/2005 Script Blocking Redux Daniel Milisic (Oct 22)
Norton AntiVirus 2004 Script Blocking Failure (Includes PoC and rant) Daniel Milisic (Oct 15)

Daniel Veditz

Re: [Full-Disclosure] Update: Web browsers - a mini-farce (MSIE gives in) Daniel Veditz (Oct 25)

Dan Margolis

[ GLSA 200410-04 ] PHP: Memory disclosure and arbitrary location file upload Dan Margolis (Oct 06)

Dave Aitel

IT Underground Talks Dave Aitel (Oct 13)

David Brodbeck

RE: Update: Web browsers - a mini-farce (MSIE gives in) David Brodbeck (Oct 28)
RE: Update: Web browsers - a mini-farce (MSIE gives in) David Brodbeck (Oct 29)
RE: Update: Web browsers - a mini-farce (MSIE gives in) David Brodbeck (Oct 25)

David Miller

[BUGZILLA] Vulnerabilities in Bugzilla 2.16.6 and 2.18rc2 David Miller (Oct 25)

David Schwartz

RE: Diebold Global Election Management System (GEMS) Backdoor David Schwartz (Sep 30)

Derek Martin

rssh: pizzacode security alert Derek Martin (Oct 23)

Derek Soeder

EEYE: Windows VDM #UD Local Privilege Escalation Derek Soeder (Oct 13)
EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability Derek Soeder (Oct 13)

Dirk Mueller

[KDE security advisory] Multiple integer overflows in kpdf Dirk Mueller (Oct 22)

Dominic Hargreaves

[FLSA-2004:1804] Updated kernel resolves security vulnerabilities Dominic Hargreaves (Oct 19)
[FLSA-2004:2102] Updated samba packages fix security vulnerability Dominic Hargreaves (Oct 13)
[FLSA-2004:2102] Updated samba packages fix security vulnerability [updated] Dominic Hargreaves (Oct 15)
[FLSA-2004:1325] Updated mod_python packages fix security vulnerability Dominic Hargreaves (Oct 04)
[FLSA-2004:2089] Updated mozilla packages fix security vulnerabilities Dominic Hargreaves (Oct 28)
[FLSA-2004:1733] Updated squirrelmail resolves security vulnerabilities Dominic Hargreaves (Oct 02)

Dragos Ruiu

pacsec.jp advisory: Firewire/IEEE 1394 Considered Harmful to Physical Security Dragos Ruiu (Oct 26)

Dror Shalev

RE: [IE 6 SP2] Possible URL Spoofing Dror Shalev (Oct 19)

ducch apple

Mozilla Firefox (tested on 0.9.3) html-code crash. ducch apple (Oct 25)

Eric Lackey

CFMX vulnerability Eric Lackey (Sep 30)

ET LoWNOISE

[LoWNOISE] IPSWITCH WhatsUp Gold 8.03 Remote fr33 exploit ET LoWNOISE (Oct 04)

Evans, Arian

ASP.NET cannonicalization issue Evans, Arian (Oct 08)

Exoduks

[hackgen-2004-#002] - Remote file inclusion bug in ocPortal 1.0.3. Exoduks (Oct 12)

Florian Rock

SQL Injection in UBB.threads 3.4.x Florian Rock (Oct 21)

FraMe

PHP4 cURL functions bypass open_basedir FraMe (Oct 28)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-04:15.syscons FreeBSD Security Advisories (Oct 04)

gabrield89

Re: Update: Web browsers - a mini-farce (MSIE gives in) gabrield89 (Oct 25)

Gerald (Jerry) Carter

ERRATA: Potential Arbitrary File Access (CAN-2004-0815) Gerald (Jerry) Carter (Oct 05)

Greg A. Woods

Re: cdrecord local root exploit Greg A. Woods (Oct 01)

GreyMagic Security

Regression in IE: Accessing remote/local content in IE (GM#009-IE) GreyMagic Security (Oct 12)

GuidoZ

Re: New URL spoofing bug in Microsoft Internet Explorer GuidoZ (Oct 29)
Re: New URL spoofing bug in Microsoft Internet Explorer GuidoZ (Oct 30)
Re: New URL spoofing bug in Microsoft Internet Explorer GuidoZ (Oct 29)

GulfTech Security

dbPowerAmp Buffer Overflow And Dos Vulnerabilities GulfTech Security (Oct 01)

houseofdabus HOD

[EXPL] (MS04-032) Microsoft Windows XP Metafile (.emf) Heap Overflow (PoC) houseofdabus HOD (Oct 20)

http-equiv () excite com

Re: [IE 6 SP2] Possible URL Spoofing http-equiv () excite com (Oct 18)

http-equiv () excite com

How to Break Windows XP SP2 + Internet Explorer 6 SP2 http-equiv () excite com (Oct 20)
Re: New URL spoofing bug in Microsoft Internet Explorer http-equiv () excite com (Oct 30)

infamous41md

debian dhcpd, old format string bug infamous41md (Oct 27)
RE: libgd integer overflow infamous41md (Oct 29)
libxml2 remote buffer overflows (not in xml parsing code though) infamous41md (Oct 26)
pppd out of bounds memory access, possible DOS infamous41md (Oct 26)
libgd integer overflow infamous41md (Oct 26)
zgv image viewing heap overflows infamous41md (Oct 26)
wvtfpd remote root heap overflow infamous41md (Oct 26)
inetutils tftp client, DNS resolving bofs infamous41md (Oct 26)
Re: Update: Web browsers - a mini-farce (MSIE gives in) infamous41md (Oct 29)
Re: debian dhcpd, old format string bug infamous41md (Oct 29)

Ivan Casado

More details on BID 11408 (3com 3cradsl72 wireless router) Ivan Casado (Oct 15)

James McGlinn

SQL Injection vulnerability in bBlog 0.7.3 James McGlinn (Oct 01)

Jason T. Miller

Re: cdrecord local root exploit Jason T. Miller (Oct 01)

Jay Calvert

Re: Writing Trojans that bypass Windows XP Service Pack 2 Firewall Jay Calvert (Oct 18)

je

OpenSSL 0.9.7e released (fwd from mark () openssl org) je (Oct 26)

Jean-Baptiste Marchand

Re: Insecure Default Service DACL's in Windows 2003 Jean-Baptiste Marchand (Oct 15)

Jeff Bates

RE: Promiscuous email printing in Canon imageRunner Jeff Bates (Sep 30)

Jelmer

Adobe acrobat / Adobe Reader 6 can read local files Jelmer (Oct 13)
Microsoft cabarc directory traversal Jelmer (Oct 12)

Jian Hui Wang

[Gosecure Adivsory] Neoteris IVE Vulnerability Jian Hui Wang (Oct 06)
[GoSecure Advisory] Neoteris IVE Vulnerability Jian Hui Wang (Oct 06)

Jim Hatfield

Re: EEYE: Windows VDM #UD Local Privilege Escalation Jim Hatfield (Oct 18)

Jim Ley

Google Script Insertion Exploit Jim Ley (Oct 19)

John Bissell

New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory John Bissell (Oct 14)

Joxean Koret

Two Vulnerabilities in OpenWFE Web Client Joxean Koret (Oct 25)

J�r�me

MailCarrier 2.51 SMTP server Buffer Overflow [PoC included] J�r�me (Oct 26)
Ability FTP Server 2.34 Buffer Overflow Exploit J�r�me (Oct 22)
Re: New URL spoofing bug in Microsoft Internet Explorer J�r�me (Oct 29)
Re: Google Script Insertion Exploit J�r�me (Oct 25)

Juan C Calderon

Re: IBM Lotus Notes/Domino fails to encode Square Brackets ( [ ] ) in computed field/text, allowing XSS (Risk increased) Juan C Calderon (Oct 21)
IBM Lotus Notes/Domino fails to encode Square Brackets ( [ ] ) in computed field/text, allowing XSS Juan C Calderon (Oct 18)
Re: IBM Lotus Notes/Domino fails to encode Square Brackets ( [ ] ) in computed field/text, allowing XSS Juan C Calderon (Oct 18)

Karb0nOxyde -

3COM Wireless router (3CRADSL72) information disclosure Karb0nOxyde - (Oct 14)

Karol Więsek

cPanel hardlink backup issue Karol Więsek (Oct 18)
cPanel symlink chmod issue Karol Więsek (Oct 18)
cPanel hardlink chown issue Karol Więsek (Oct 18)

keitel andres ortega

a path disclosure and a posibility file inclusion and vulneability in thepeak file upload v1.3 keitel andres ortega (Oct 15)

kers0r

Reverse Engineering the First Pocket PC Trojan kers0r (Oct 12)

KF_lists

Re: Critical Vulnerability in Altiris Deployment Server architecture KF_lists (Oct 21)
[Fwd: Altiris Carbon Copy Remote Control local SYSTEM exploitation.] KF_lists (Oct 22)

K-OTiK Security

Fake RedHat - Fedora Security Patch / Trojan Source Code & Analysis K-OTiK Security (Oct 25)

Kurt Dillard

RE: Insecure Default Service DACL's in Windows 2003 Kurt Dillard (Oct 12)

Kurt Lieber

[ GLSA 200410-21 ] Apache 2, mod_ssl: Bypass of SSLCipherSuite directive Kurt Lieber (Oct 22)
[ GLSA 200410-06 ] CUPS: Leakage of sensitive information Kurt Lieber (Oct 09)
[ GLSA 200410-05 ] Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities Kurt Lieber (Oct 07)

Larry Cashdollar

local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33? Larry Cashdollar (Oct 29)

Larry Seltzer

RE: New URL spoofing bug in Microsoft Internet Explorer Larry Seltzer (Oct 29)
RE: New URL spoofing bug in Microsoft Internet Explorer Larry Seltzer (Oct 30)

Len Sassaman

CodeCon 2005 Call for Papers Len Sassaman (Oct 06)

Lin Xiaofeng

Multiple vulnerabilities in ZanfiCmsLite Lin Xiaofeng (Oct 11)
Multiple vulnerabilities in BlackBoard Lin Xiaofeng (Oct 06)

LSS Security

Re: Full path disclosure in PHP Links - more LSS Security (Oct 05)
ProFTPD 1.2.x remote users enumeration bug LSS Security (Oct 15)
ProFTPD 1.2.x remote users enumeration bug - correction LSS Security (Oct 18)

Luigi Auriemma

Directory traversal in Yak! 2.1.2 Luigi Auriemma (Oct 15)
In-game format string in Judge Dredd vs. Death 1.01 Luigi Auriemma (Oct 02)
Limited \secure\ buffer-overflow in some old Monolith games Luigi Auriemma (Oct 08)
Re: Format String Vulnerability in Valve's CS-Source Luigi Auriemma (Oct 15)
Crashs in Master of Orion III 1.2.5 Luigi Auriemma (Oct 27)
Broadcast buffer-overflow in Vypress Messenger 3.5.1 Luigi Auriemma (Oct 01)
Broadcast crash in Vypress Tonecast 1.3 Luigi Auriemma (Oct 19)
Server crash in Flash Messaging 5.2.0g Luigi Auriemma (Oct 07)
Directory traversal in Tridcomm 1.3 Luigi Auriemma (Oct 06)
Buffer-overflow in ShixxNOTE 6.net Luigi Auriemma (Oct 14)
Buffer-overflow in Age of Sail II 1.04.151 Luigi Auriemma (Oct 20)

Luke Macken

[ GLSA 200410-15 ] Squid: Remote DoS vulnerability Luke Macken (Oct 18)
[ GLSA 200410-09 ] LessTif: Integer and stack overflows in libXpm Luke Macken (Oct 13)
[ GLSA 200410-10 ] gettext: Insecure temporary file handling Luke Macken (Oct 14)
[ GLSA 200410-12 ] WordPress: HTTP response splitting and XSS vulnerabilities Luke Macken (Oct 14)
[ GLSA 200410-25 ] Netatalk: Insecure tempfile handling in etc2ps.sh Luke Macken (Oct 26)
[ GLSA 200410-26 ] socat: Format string vulnerability Luke Macken (Oct 26)
[ GLSA 200410-10 ] gettext: Insecure temporary file handling Luke Macken (Oct 13)

Mandrake Linux Security Team

MDKSA-2004:105 - Updated xine-lib packages fix multiple vulnerabilities Mandrake Linux Security Team (Oct 06)
MDKSA-2004:114 - Updated gpdf packages fix DoS vulnerability Mandrake Linux Security Team (Oct 22)
MDKSA-2004:106 - Updated cyrus-sasl packages fix local vulnerability Mandrake Linux Security Team (Oct 08)
MDKSA-2004:107 - Updated mozilla packages fix vulnerabilities Mandrake Linux Security Team (Oct 20)
MDKSA-2004:110 - Updated gaim packages fix vulnerabilities Mandrake Linux Security Team (Oct 21)
MDKSA-2004:109 - Updated libtiff packages fix multiple vulnerabilities Mandrake Linux Security Team (Oct 20)
MDKSA-2004:108 - Updated cvs packages fix vulnerability Mandrake Linux Security Team (Oct 20)
MDKSA-2004:112 - Updated squid packages fix SNMP processing vulnerability Mandrake Linux Security Team (Oct 22)
MDKSA-2004:115 - Updated kdegraphics packages fix DoS vulnerability Mandrake Linux Security Team (Oct 22)
MDKSA-2004:111 - Updated wxGTK2 packages fix vulnerabilities Mandrake Linux Security Team (Oct 21)
MDKSA-2004:113 - Updated xpdf packages fix vulnerabilities Mandrake Linux Security Team (Oct 22)
MDKSA-2004:104 - Updated samba packages fix vulnerability Mandrake Linux Security Team (Oct 01)
MDKSA-2004:116 - Updated cups packages fix DoS vulnerabilities Mandrake Linux Security Team (Oct 22)

Marc Deslauriers

[FLSA-2004:1372] Updated sysstat packages fix security vulnerabilities Marc Deslauriers (Oct 04)
[FLSA-2004:1833] Updated lha resolves security vulnerabilities Marc Deslauriers (Oct 14)
[FLSA-2004:1737] Updated httpd packages fix a mod_proxy security vulnerability Marc Deslauriers (Oct 14)
[FLSA-2004:1237] Updated gaim package resolves security issues Marc Deslauriers (Oct 18)
[FLSA-2004:1888] Updated mod_ssl package fixes Apache security vulnerabilities Marc Deslauriers (Oct 14)
[FLSA-2004:2072] Updated CUPS packages fix security vulnerability Marc Deslauriers (Oct 18)
[FLSA-2004:1324] Updated libxml2 resolves security vulnerability Marc Deslauriers (Oct 04)

Marc Maiffret

EEYE: RealPlayer Zipped Skin File Buffer Overflow Marc Maiffret (Oct 27)
EEYE: RealPlayer pnen3260.dll Heap Overflow Marc Maiffret (Oct 01)

marco correnti

Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory marco correnti (Oct 18)

Marco Ivaldi

Re: Promiscuous email printing in Canon imageRunner Marco Ivaldi (Oct 01)

Marcus Garvey

Hawking Technologies HAR11A router considered insecure Marcus Garvey (Oct 26)

Marcus Meissner

SuSE Security Announcement: kernel (SUSE-SA:2004:037) Marcus Meissner (Oct 21)
SuSE Security Announcement: libtiff (SUSE-SA:2004:038) Marcus Meissner (Oct 22)

Martin Pitt

[USN-11-1] libgd2 vulnerabilities Martin Pitt (Oct 29)
[USN-6-1] postgresql contributed script vulnerability Martin Pitt (Oct 28)
[USN-9-1] tetex-bin vulnerabilities Martin Pitt (Oct 28)
[USN-5-1] gettext vulnerabilities Martin Pitt (Oct 28)
[USN-3-1] GhostScript utility script vulnerabilities Martin Pitt (Oct 28)
[USN-4-1] Standard C library script vulnerabilities Martin Pitt (Oct 28)
[USN-7-1] imagemagick vulnerability Martin Pitt (Oct 28)
[USN-8-1] gaim vulnerabilities Martin Pitt (Oct 28)
[USN-12-1] ppp Denial of Service Martin Pitt (Oct 30)

Martin Schulze

[SECURITY] [DSA 575-1] New catdoc packages fix temporary file vulnerability Martin Schulze (Oct 28)
[SECURITY] [DSA 560-1] New lesstif packages fix several vulnerabilities Martin Schulze (Oct 07)
[SECURITY] [DSA 573-1] New cupsys packages fix arbitrary code execution Martin Schulze (Oct 21)
[SECURITY] [DSA 558-1] New libapache-mod-dav packages fix potential denial of service Martin Schulze (Oct 06)
[SECURITY] [DSA 553-1] New getmail packages fix root compromise Martin Schulze (Sep 30)
[SECURITY] [DSA 571-1] New libpng3 packages fix several vulnerabilities Martin Schulze (Oct 20)
[SECURITY] [DSA 568-1] New cyrus-sasl-mit packages fix arbitrary code execution Martin Schulze (Oct 18)
[SECURITY] [DSA 567-1] New libtiff packages fix remote code execution Martin Schulze (Oct 15)
[SECURITY] [DSA 565-1] New sox packages fix buffer overflow Martin Schulze (Oct 13)
[SECURITY] [DSA 564-1] New mpg123 packages fix arbitrary code exceution Martin Schulze (Oct 13)
[SECURITY] [DSA 562-1] New mysql packages fix several vulnerabilities Martin Schulze (Oct 11)
[SECURITY] [DSA 576-1] New Squid packages fix several vulnerabilities Martin Schulze (Oct 29)
[SECURITY] [DSA 572-1] New ecartis packages fix unauthorised access to admin interface Martin Schulze (Oct 21)
[SECURITY] [DSA 556-2] New netkit-telnet packages really fix denial of service Martin Schulze (Oct 18)
[SECURITY] [DSA 563-1] New cyrus-sasl packages fix arbitrary code execution Martin Schulze (Oct 12)
[SECURITY] [DSA 570-1] New libpng packages fix several vulnerabilities Martin Schulze (Oct 20)
[SECURITY] [DSA 574-1] New cabextract packages fix unintended directory traversal Martin Schulze (Oct 28)
[SECURITY] [DSA 557-1] New rp-pppoe packages fix potential root compromise Martin Schulze (Oct 04)
[SECURITY] [DSA 600-1] New samba packages fix arbitrary file access Martin Schulze (Oct 07)
[SECURITY] [DSA 458-3] New python2.2 packages really fix buffer overflow and restore functionality Martin Schulze (Oct 11)
[SECURITY] [DSA 563-2] New cyrus-sasl packages really fix arbitrary code execution Martin Schulze (Oct 12)
[SECURITY] [DSA 577-1] New postgresql packages fix symlink vulnerability Martin Schulze (Oct 29)
[SECURITY] [DSA 566-1] New CUPS packages fix information leak Martin Schulze (Oct 14)
[SECURITY] [DSA 563-3] New cyrus-sasl packages fix arbitrary code execution on sparc and arm Martin Schulze (Oct 14)
[SECURITY] [DSA 569-1] New netkit-telnet-ssl packages fix denial of service Martin Schulze (Oct 18)
[SECURITY] [DSA 559-1] New net-acct packages fix insecure temporary file creation Martin Schulze (Oct 06)

Matthew Oyer

XXS in SCT email client Matthew Oyer (Oct 13)
XXS in fusetalk forum Matthew Oyer (Oct 13)

Matthias Geerdsen

[ GLSA 200410-23 ] Gaim: Multiple vulnerabilities Matthias Geerdsen (Oct 26)

Matt Zimmerman

Re: Buffer Overflow in Spider game Matt Zimmerman (Oct 06)
[SECURITY] [DSA 556-1] New netkit-telnet packages fix invalid free Matt Zimmerman (Oct 04)

mccauley () gmx net

Re: 3COM Wireless router (3CRADSL72) information disclosure mccauley () gmx net (Oct 18)

MCMuir

Re: Update: Web browsers - a mini-farce (MSIE gives in) MCMuir (Oct 28)

me

Re:2. Code execution in Icecast 2.0.1(exploit with shellcode) me (Oct 02)

Michael Bartosh

Latest Apple Sec update Michael Bartosh (Oct 06)

Michael Engert

Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33? Michael Engert (Oct 30)

michael evanchik

Re: How to Break Windows XP SP2 + Internet Explorer 6 SP2 michael evanchik (Oct 25)

Michael Shigorin

Re: Update: Web browsers - a mini-farce (MSIE gives in) Michael Shigorin (Oct 29)

Michael Wojcik

RE: Update: Web browsers - a mini-farce (MSIE gives in) Michael Wojcik (Oct 28)
RE: Update: Web browsers - a mini-farce (MSIE gives in) Michael Wojcik (Oct 27)
RE: Update: Web browsers - a mini-farce (MSIE gives in) Michael Wojcik (Oct 27)

Michal Zalewski

Web browsers - a mini-farce Michal Zalewski (Oct 18)
Re: Mozilla Firefox (tested on 0.9.3) html-code crash. Michal Zalewski (Oct 29)
Update: Web browsers - a mini-farce (MSIE gives in) Michal Zalewski (Oct 23)

Microsoft Security Response Center

New Microsoft Security Response Center PGP Key [pgp] Microsoft Security Response Center (Oct 06)

MrJoe

Micronet wireless broadband router SP916BM admin password reset when power off MrJoe (Oct 12)

ned

python does mangleme (with IE bugs!) ned (Oct 25)

newbug Tseng

Re: cdrdao local root exploit newbug Tseng (Oct 01)

NGSSoftware Insight Security Research

High Risk Vulnerability in Quicktime for Windows NGSSoftware Insight Security Research (Oct 27)
MSN Gaming Heartbeat Component Buffer Overflow NGSSoftware Insight Security Research (Oct 13)
Microsoft Windows NetDDE Service Buffer Overflow NGSSoftware Insight Security Research (Oct 15)
High Risk Vulnerability in RealPlayer NGSSoftware Insight Security Research (Oct 27)
Patch available for critical IBM DB2 Universal Database flaws NGSSoftware Insight Security Research (Oct 05)
Patch available for multiple high risk vulnerabilities in RealPlayer NGSSoftware Insight Security Research (Oct 06)
Patch available for high risk flaws in the AtHoc Toolbar NGSSoftware Insight Security Research (Oct 06)
Microsoft Internet Explorer Install Engine Control Buffer Overflow NGSSoftware Insight Security Research (Oct 12)

Nick Caramella

windows 2000 server terminal server denial of service Nick Caramella (Oct 22)

Nick FitzGerald

Re: Regression in IE: Accessing remote/local content in IE (GM#009-IE) Nick FitzGerald (Oct 12)

Nick Leoncavallo

Re: Adobe acrobat / Adobe Reader 6 can read local files Nick Leoncavallo (Oct 14)

Nikyt0x Argentina

Full path disclosure in PHP Links Nikyt0x Argentina (Oct 04)

NSFOCUS Security Team

NSFOCUS SA2004-02 : HP-UX stmkfont Local Privilege Escalation Vulnerability NSFOCUS Security Team (Oct 21)

OpenPKG

[OpenPKG-SA-2004.044] OpenPKG Security Advisory (modssl) OpenPKG (Oct 15)
[OpenPKG-SA-2004.048] OpenPKG Security Advisory (squid) OpenPKG (Oct 30)
[OpenPKG-SA-2004.046] OpenPKG Security Advisory (postgresql) OpenPKG (Oct 29)
[OpenPKG-SA-2004.047] OpenPKG Security Advisory (apache) OpenPKG (Oct 29)
[OpenPKG-SA-2004.043] OpenPKG Security Advisory (tiff) OpenPKG (Oct 14)

Paul Kurczaba

Re: [IE 6 SP2] Possible URL Spoofing Paul Kurczaba (Oct 18)

Paul Schmehl

Re: Some Voters Say Machines Failed, Incorrect Choices Appear on Screens (fwd) Paul Schmehl (Oct 28)

Paul Szabo

Eudora 6.2.0.7 attachment spoof Paul Szabo (Oct 15)

Pavel Kankovsky

Re: CAN-2004-0814: Linux terminal layer races Pavel Kankovsky (Oct 25)

Pedro Sanches

Full path disclosure and sql injection on CubeCart 2.0.1 Pedro Sanches (Oct 06)

Peter J. Holzer

Re: Oracle 9i Union Flaw Peter J. Holzer (Oct 04)

Peter Kruse

Rendering large binary file as HTML makes Mozilla Firefox stop responding Peter Kruse (Oct 27)

Phantasmal Phantasmagoria

On Polymorphic Evasion Phantasmal Phantasmagoria (Oct 02)

pigrelax

PTms04-030 pigrelax (Oct 27)

please_reply_to_security

UnixWare 7.1.3up UnixWare 7.1.4 : CUPS before 1.1.21 allows remote attackers to cause a denial of service please_reply_to_security (Oct 12)
UnixWare 7.1.4 UnixWare 7.1.3 : The error handling in the inflate and inflateBack functions in ZLib compression library allows local users to cause a denial of service please_reply_to_security (Oct 19)
UnixWare 7.1.4 : Multiple Vulnerabilities in libpng please_reply_to_security (Oct 12)

Polazzo Justin

RE: Writing Trojans that bypass Windows XP Service Pack 2 Firewall Polazzo Justin (Oct 15)

R00tCr4ck

Multiple Vulnerabilities in CoolPHP R00tCr4ck (Oct 18)

Ramon de Carvalho Valle

MMDF deliver local root exploit for SCO OpenServer 5.0.7 x86 Ramon de Carvalho Valle (Oct 27)

Rene

dwc_articles possible sql injection Rene (Oct 23)

Richard Dawe

Re: libgd integer overflow Richard Dawe (Oct 29)

Richard M. Smith

Is Windows up to snuff for running our world? Richard M. Smith (Oct 22)

Richard Stanway

Multiple Vulnerabilites in Quake II Server Richard Stanway (Oct 27)

Scott T. Cameron

Re: Full path disclosure in PHP Links Scott T. Cameron (Oct 05)

sculptex

Re: Full path disclosure and sql injection on CubeCart 2.0.1 sculptex (Oct 22)

Sebastian Krahmer

SUSE Security Announcement: mozilla (SUSE-SA:2004:036) Sebastian Krahmer (Oct 06)

secure

Re: Norton AntiVirus 2004 Script Blocking Failure (Includes PoC and rant) secure (Oct 18)
Re: Norton AntiVirus 2004 Script Blocking Failure (Includes PoC and rant) secure (Oct 20)

security

Bug in hotmail security (Oct 25)

Security Team

Buffer Overflow in Spider game Security Team (Oct 04)

Shannon Eric Peevey

Re: Adobe acrobat / Adobe Reader 6 can read local files Shannon Eric Peevey (Oct 18)

Shawn McMahon

Re: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes Shawn McMahon (Sep 30)

Simon Zuckerbraun

RE: Writing Trojans that bypass Windows XP Service Pack 2 Firewall Simon Zuckerbraun (Oct 18)

Sinan Eren

ms04-031 pre-auth ?? Sinan Eren (Oct 18)

Solar Designer

Re: cdrecord local root exploit Solar Designer (Oct 02)

Some One

Format String Vulnerability in Valve's CS-Source Some One (Oct 13)
UPDATE: Format String Vulnerability in Valve's CS-Source Some One (Oct 14)
Re: Format String Vulnerability in Valve's CS-Source Some One (Oct 18)

Sowhat .

Mutiple AntiVirus Reserved Device Name Handling Vulnerability Sowhat . (Oct 18)
Multiple AntiVirus Reserved Device Name Handling Vulnerability Sowhat . (Oct 19)

Spy Hat

Hack Dot AE Spy Hat (Oct 22)

Steve Kemp

Re: Buffer Overflow in Spider game Steve Kemp (Oct 04)

Steven

AOL Journals BlogID incrementing discloses account names and e-mail Steven (Oct 22)
Windows DoS in certain pGina configurations Steven (Oct 22)
Multiple Cross Site Scripting Vulnerabilities in FuseTalk steven (Oct 15)

Sune Kloppenborg Jeppesen

[ GLSA 200410-29 ] PuTTY: Pre-authentication buffer overflow Sune Kloppenborg Jeppesen (Oct 27)

SysAdminKC

Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory SysAdminKC (Oct 18)

Tarragon Allen

Re: debian dhcpd, old format string bug Tarragon Allen (Oct 28)

Thierry Carrez

[ GLSA 200410-02 ] Netpbm: Multiple temporary file issues Thierry Carrez (Oct 04)
[ GLSA 200410-13 ] BNC: Input validation flaw Thierry Carrez (Oct 15)
[ GLSA 200410-11 ] tiff: Buffer overflows in image decoding Thierry Carrez (Oct 13)
[ GLSA 200410-22 ] MySQL: Multiple vulnerabilities Thierry Carrez (Oct 26)
[ GLSA 200410-14 ] phpMyAdmin: Vulnerability in MIME-based transformation system Thierry Carrez (Oct 18)
[ GLSA 200410-28 ] rssh: Format string vulnerability Thierry Carrez (Oct 28)
[ GLSA 200410-24 ] MIT krb5: Insecure temporary file use in send-pr.sh Thierry Carrez (Oct 26)
[ GLSA 200410-30 ] GPdf, KPDF, KOffice: Vulnerabilities in included xpdf Thierry Carrez (Oct 28)
[ GLSA 200410-31 ] Archive::Zip: Virus detection evasion Thierry Carrez (Oct 29)
[ GLSA 200410-01 ] sharutils: Buffer overflows in shar.c and unshar.c Thierry Carrez (Oct 01)

Thomas Biege

SUSE Security Announcement: xpdf, gpdf, kpdf, pdftohtml, cups (SUSE-SA:2004:039) Thomas Biege (Oct 26)
SUSE Security Announcement: samba (SUSE-SA:2004:035) Thomas Biege (Oct 05)

Thor

Re: Is Windows up to snuff for running our world? Thor (Oct 25)

Thor Larholm

RE: How to Break Windows XP SP2 + Internet Explorer 6 SP2 Thor Larholm (Oct 20)

Tiago Halm

IISShield and ASP.NET canonicalization Tiago Halm (Oct 18)

Tim Newsham

RE: Update: Web browsers - a mini-farce (MSIE gives in) Tim Newsham (Oct 29)
RE: Update: Web browsers - a mini-farce (MSIE gives in) Tim Newsham (Oct 29)

Trustix Security Advisor

TSLSA-2004-0051 - samba Trustix Security Advisor (Oct 01)
TSLSA-2004-0054 - multi Trustix Security Advisor (Oct 15)
TSLSA-2004-0053 - cyrus-sasl Trustix Security Advisor (Oct 08)

Valdis . Kletnieks

Re: Update: Web browsers - a mini-farce (MSIE gives in) Valdis . Kletnieks (Oct 29)
Re: Update: Web browsers - a mini-farce (MSIE gives in) Valdis . Kletnieks (Oct 27)
Re: Some Voters Say Machines Failed, Incorrect Choices Appear on Screens (fwd) Valdis . Kletnieks (Oct 26)
Re: Update: Web browsers - a mini-farce (MSIE gives in) Valdis . Kletnieks (Oct 27)
Re: Update: Web browsers - a mini-farce (MSIE gives in) Valdis . Kletnieks (Oct 28)

vallez

avoiding stackguard vallez (Oct 19)

van Helsing

Re: Buffer Overflow in Spider game van Helsing (Oct 05)

vuln

[HV-MED] UPDATE: RIM Blackberry DoS, data loss vuln (Oct 14)
[HV-HIGH] MS Word multiple exceptions, at least one exploitable vuln (Oct 07)
[HV-HIGH] RIM Blackberry buffer overflow, DoS, data loss vuln (Oct 13)
[HV-LOW] Unsafe WAV header handling can cause DoS on Windows vuln (Oct 22)

Walton, John Michael (John)

FW: problem in voip environment Walton, John Michael (John) (Oct 12)

webhelp

Hi webhelp (Oct 06)

wirepair

Re: [VulnWatch] CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities wirepair (Oct 15)

Yves Goergen

Re: Multiple vulnerabilities in BlackBoard Yves Goergen (Oct 06)

Zero_X www . lobnan . de Team

apexec.pl is still vulnerable against Directory Traversal. Zero_X www . lobnan . de Team (Oct 18)

Ziots, Edward

Insecure Default Service DACL's in Windows 2003 Ziots, Edward (Oct 12)

Previous period

Next period