Bugtraq: by date

PreviousPrevious period
Next periodNext

393 messages starting Oct 01 05 and ending Oct 31 05
Date index | Thread index | Author index

Saturday, 01 October

[SECURITY] [DSA 836-1] New cfengine2 packages fix arbitrary file overwriting Martin Schulze
MyBloggie 2.1.3beta null char + SQL Injection -> Login Bypass retrogod
[SECURITY] [DSA 835-1] New cfengine packages fix arbitrary file overwriting Martin Schulze
[Information Disclosure] NetForce v4.02 Sends NIS Password Maps with passwords hashes over sendmail bambenek
[SECURITY] [DSA 833-1] New mysql-dfsg-4.1 packages fix arbitrary code execution Martin Schulze
[SECURITY] [DSA 834-1] New prozilla packages fix arbitrary code execution Martin Schulze
Security Advisory for Bugzilla 2.18.3, 2.20rc2, and 2.21 mkanat

Monday, 03 October

RE: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides Lachniet, Mark
[SECURITY] [DSA 837-1] New Mozilla Firefox packages fix denial of service Martin Schulze
[SECURITY] [DSA 838-1] New mozilla-firefox packages fox multiple vulnerabilities Michael Stone
Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides Jason Coombs
Re: Online Dating Software by AEwebworks - aeDating Script <= 4.0 Version Vulnerability security
Trillian remote crashable philipp
Kaspersky Antivirus Remote Heap Overflow list
RE: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides L. Adrian Griffis
MDKSA-2005:171 - Updated kernel packages fix multiple vulnerabilities Mandriva Security Team

Tuesday, 04 October

[SECURITY] [DSA 840-1] New drupal packages fix remote command execution Martin Schulze
[SECURITY] [DSA 842-1] New egroupware packages fix arbitrary code execution Martin Schulze
Call for Papers - DIMVA 2006 Thomas Biege
[SECURITY] [DSA 839-1] New apachetop packages fix insecure temporary file Martin Schulze
Advisory: WZCS vulnerabilities donctl
RE: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides dave kleiman
RE: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides Neil Dickey
Re: Careless Law Enforcement Computer Forensics Lacking InfoSec Expertise Causes Suicides Stefano Zanero
[ GLSA 200510-01 ] gtkdiskfree: Insecure temporary file creation Thierry Carrez
[USN-155-3] Fixed mozilla locale packages Martin Pitt
[USN-193-1] dia vulnerability Martin Pitt
[ GLSA 200510-02 ] Berkeley MPEG Tools: Multiple insecure temporary files Thierry Carrez
[security bulletin] SSRT051041 rev.0 - HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS) security-alert
[SECURITY] [DSA 833-2] New mysql-dfsg-4.1 package fixes arbitrary code execution Martin Schulze
[ GLSA 200510-03 ] Uim: Privilege escalation vulnerability Sune Kloppenborg Jeppesen
A common researcher diagnosis error: misreading error messages Steven M. Christey
[security bulletin] SSRT051040 rev.0 - HP-UX Mozilla Remote Unauthorized Execution of Privileged Code security-alert
[security bulletin] SSRT5940 rev.2 - HP-UX Mozilla remote, unauthorized user may execute privileged code security-alert
[security bulletin] SSRT051030 rev.1 - HP OpenView Event Correlation Services (OV ECS) Remote Unauthorized Privileged Access security-alert
[security bulletin] SSRT051023 rev.5 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access security-alert

Wednesday, 05 October

[ GLSA 200510-04 ] Texinfo: Insecure temporary file creation Thierry Carrez
iDEFENSE Security Advisory 10.04.05: UW-IMAP Netmailbox Name Parsing Buffer Overflow Vulnerability iDEFENSE Labs
iDEFENSE Security Advisory 10.04.05: Symantec AntiVirus Scan Engine Web Service Buffer Overflow Vulnerability iDEFENSE Labs
RE: iDEFENSE Security Advisory 10.04.05: Symantec AntiVirus Scan Engine Web Service Buffer Overflow Vulnerability iDEFENSE Labs
[SECURITY] [DSA 843-1] New arc packages fix insecure temporary files Martin Schulze
RE: Advisory: WZCS vulnerabilities Brian J. Bartlett
Patches available for critical flaws in HP Openview NGSSoftware Insight Security Research
[SECURITY] [DSA 844-1] New mod-auth-shadow packages fix authentication bypass Martin Schulze
Some new whitepapers ... David Litchfield
Secunia Research: ALZip Multiple Archive Handling Buffer Overflow Secunia Research
PAKCON II: Call for Paper (CfP), Final Call! Ayaz Ahmed Khan

Thursday, 06 October

Announcement : Core Banking Application Security List Lila Buchalski
RE: Some new whitepapers ... Lila Buchalski
Planet Technology Corp FGSW2402RS switch default password / "backdoor" lms
[security bulletin] SSRT4743, SSRT4884 rev.1 - HP Tru64 UNIX TCP/IP remote Denial of Service (DoS) security-alert
Secunia Research: PHP-Fusion Two SQL Injection Vulnerabilities Secunia Research
Secunia Research: Webroot Desktop Firewall Two Vulnerabilities Secunia Research
WASC Threat Classification in 4 languages contact
[security bulletin] SSRT051004 rev.1 - HP-UX Java Runtime Environment (JRE) Untrusted Applet Elevates Privilege security-alert
aspReady FAQ - open for SQL-injections preben
Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers David Litchfield
[ GLSA 200510-06 ] Dia: Arbitrary code execution through SVG import Sune Kloppenborg Jeppesen
High Risk Vulnerability in Sun Directory Server NGSSoftware Insight Security Research
[SECURITY] [DSA 845-1] New mason packages fix missing init script Martin Schulze
Re: Some new whitepapers ... Jerome Athias
[ GLSA 200510-05 ] Ruby: Security bypass vulnerability Sune Kloppenborg Jeppesen
[USN-194-1] texinfo vulnerability Martin Pitt
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers Rainer Duffner
xloadimage buffer overflow. Ariel Berkman
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers David Litchfield
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers Cesar
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers Rainer Duffner

Friday, 07 October

[SECURITY] [DSA 846-1] New cpio packages fix several vulnerabilities Martin Schulze
[security bulletin] SSRT051043 rev.0 - Apache Remote Unauthorized access security-alert
[security bulletin] SSRT051003 rev.1 - HP-UX Java Web Start remote unauthorized privileged access security-alert
Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB ak
Plaintext Password Vulnerabilitiy during Installation of Oracle HTMLDB ak
Cross-Site-Scripting Vulnerability in Oracle iSQL*Plus ak
Cross-Site-Scripting Vulnerability in Oracle XMLDB ak
Shutdown TNS Listener via Oracle iSQL*Plus ak
Shutdown TNS Listener via Oracle Forms Servlet ak
MDKSA-2005:172 - Updated openssh packages fix GSSAPI credentials vulnerability Mandriva Security Team
MDKSA-2005:173 - Updated mozilla-firefox packages fix vulnerabilities Mandriva Security Team
MDKSA-2005:174 - Updated mozilla-thunderbird packages fix multiple vulnerabilities Mandriva Security Team
MDKSA-2005:175 - Updated texinfo packages fix temporary file vulnerability Mandriva Security Team
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers Gadi Evron
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers David Litchfield
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers Gadi Evron
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers David Litchfield
Re: Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers ak
Aenovo Multiple Vulnerabilities advisory
[ GLSA 200510-07 ] RealPlayer, Helix Player: Format string vulnerability Thierry Carrez
Re: [Dailydave] Security contact for ... security curmudgeon
MailEnable W3C Logging Remote Buffer Overflow Proof of Concept advisory
Utopia News Pro 1.1.3 SQL Injection / cross site scripting retrogod
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers Ivan .
Re: Security contact for ... Williams, James K
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers Radoslav Dejanović

Saturday, 08 October

[ GLSA 200510-09 ] Weex: Format string vulnerability Sune Kloppenborg Jeppesen
[ GLSA 200510-08 ] xine-lib: Format string vulnerability Sune Kloppenborg Jeppesen
[SECURITY] [DSA 849-1] New shorewall packages fix firewall bypass Martin Schulze
[SECURITY] [DSA 848-1] New masqmail packages fix several vulnerabilities Martin Schulze
[SECURITY] [DSA 847-1] New dia packages fix arbitrary code execution Martin Schulze
Cyphor 0.19 SQL Injection / Board takeover / cross site scripting retrogod
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers Tony Jambu
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers Kurt Seifried
MDKSA-2005:177 - Updated hylafax packages fix temporary file vulnerability Mandriva Security Team
MDKSA-2005:176 - Updated webmin package fixes authentication bypass vulnerability Mandriva Security Team
gnome-pty-helper writes arbitrary utmp records Paul Szabo
Antivirus detection bypass by special crafted archive. unsecure

Monday, 10 October

[USN-196-1] Xine library vulnerability Martin Pitt
[USN-198-1] cfengine vulnerabilities Martin Pitt
[USN-197-1] Shorewall vulnerability Martin Pitt
[USN-199-1] Linux kernel vulnerabilities Martin Pitt
[USN-195-1] Ruby vulnerability Martin Pitt

Tuesday, 11 October

CodeCon 2006 Call For Papers Len Sassaman
[EEYEB20050803] - Windows UMPNPMGR wsprintfW Stack Buffer Overflow Vulnerability Advisories
[EEYEB20050915] - MDT2DD.DLL COM Object Uninitialized Heap Memory Vulnerability Advisories
[EEYEB20050708] Microsoft Distributed Transaction Coordinator Memory Modification Vulnerability Advisories
[EEYEB20050510] - Microsoft DirectShow Remote Code Vulnerability Advisories
iDEFENSE Security Advisory 10.11.05: Microsoft Distributed Transaction Controller TIP DoS Vulnerability iDEFENSE Labs
iDEFENSE Security Advisory 10.11.05: Microsoft Distributed Transaction Controller Packet Relay DoS Vulnerability iDEFENSE Labs
The Malloc Maleficarum Phantasmal Phantasmagoria
Secunia Research: WinRAR Format String and Buffer Overflow Vulnerabilities Secunia Research
[KDE Security Advisory] KOffice/KWord RTF import buffer overflow Dirk Mueller
XSS vulnerability in Zeroblog alireza hassani
FreeBSD Security Advisory FreeBSD-SA-05:21.openssl FreeBSD Security Advisories
[SECURITY] [DSA 862-1] New Ruby 1.6 packages fix safety bypass Martin Schulze
[SECURITY] [DSA 861-1] New uw-imap packages fix arbitrary code execution Martin Schulze
[SECURITY] [DSA 860-1] New Ruby packages fix safety bypass Martin Schulze
versatileBulletinBoard V1.0.0 RC2 (possibly prior versions) multiple SQL injection vulnerabilities / login bypass / board takeover rgod
iDEFENSE Security Advisory 10.10.05: Kaspersky Anti-Virus Engine CHM File Parser Buffer Overflow Vulnerability iDEFENSE Labs
iDEFENSE Security Advisory 10.10.05: SGI IRIX runpriv Design Error Vulnerability iDEFENSE Labs
[SECURITY] [DSA 859-1] New xli packages fix arbitrary code execution Martin Schulze
[SECURITY] [DSA 858-1] New xloadimage packages fix arbitrary code execution Martin Schulze
[SECURITYREASON.COM] phpMyAdmin Local file inclusion 2.6.4-pl1 max
PullThePlug Contest: Call For Papers announcements
Re: Opinion: Complete failure of Oracle security response and utter neglect of t Silent / Saracoth
[SECURITY] [DSA 857-1] New graphviz packages fix insecure temporary file Martin Schulze
[SECURITY] [DSA 856-1] New py2play packages fix arbitrary code execution Martin Schulze
[SECURITY] [DSA 855-1] New weex packages fix arbitrary code execution Martin Schulze
Announcement: The Web Application Firewall Evaluation Criteria v1 contact
[SECURITY] [DSA 854-1] New tcpdump packages fix denial of service Martin Schulze
[SECURITY] [DSA 853-1] New ethereal packages fix several vulnerabilities Martin Schulze
[SECURITY] [DSA 852-1] New up-imapproxy packages fix arbitrary code execution Martin Schulze
[SECURITY] [DSA 851-1] New openvpn packages fix denial of service Martin Schulze
[SECURITY] [DSA 850-1] New tcpdump packages fix denial of service Martin Schulze
[USN-200-1] Thunderbird vulnerabilities Martin Pitt

Wednesday, 12 October

[ GLSA 200510-10 ] uw-imap: Remote buffer overflow Thierry Carrez
using php local file include vulnerabilities for command execution Andreas Zeidler
MDKSA-2005:180 - Updated xine-lib packages fixes cddb vulnerability Mandriva Security Team
MDKSA-2005:178 - Updated squirrelmail packages fixes XSS vulberability Mandriva Security Team
MDKSA-2005:179 - Updated openssl packages fix vulnerabilities Mandriva Security Team
Re: using php local file include vulnerabilities for command execution Andreas Zeidler
[USN-202-1] KOffice vulnerability Martin Pitt
[SECURITY] [DSA 863-1] New xine-lib packages fix arbitrary code execution Martin Schulze
[ GLSA 200510-11 ] OpenSSL: SSL 2.0 protocol rollback Thierry Carrez
[SEC-1 Advisory] GFI MailSecurity 8.1 Web Module Buffer Overflow Gary Oleary-Steele
[USN-201-1] SqWebmail vulnerabilities Martin Pitt
MDKSA-2005:181 - Updated squid packages fix vulnerabilities Mandriva Security Team
Linux Orinoco drivers information leakage Meder Kydyraliev
Re: [SECURITYREASON.COM] phpMyAdmin Local file inclusion 2.6.4-pl1 Andreas Zeidler
Research for network security news article lgreenem
[SEC-1 Advisory] Collaboration Data Objects Buffer Overflow Vulnerability Gary Oleary-Steele
VERITAS NetBackup: Java User-Interface, format string vulnerability secure
Re: VoIP-Phones: Weakness in proccessing SIP-Notify-Messages Tobias Glemser
ZDI-05-001: VERITAS NetBackup Remote Code Execution zdi-disclosures
Secunia Research: Novell NetMail NMAP Agent "USER" Buffer Overflow Vulnerability Secunia Research

Thursday, 13 October

[SECURITY] [DSA 865-1] New hylafax packages fix insecure temporary files Martin Schulze
[SECURITY] [DSA 864-1] New Ruby 1.8 packages fix safety bypass Martin Schulze
Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service Piotr Bania
Yapig: XSS / Code Injection Vulnerability enji
[USN-203-1] Abiword vulnerabilities Martin Pitt
Secunia Research: AhnLab V3 Antivirus ALZ/UUE/XXE Archive Handling Buffer Overflow Secunia Research
[security bulletin] SSRT051041 rev.1 - HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS) security-alert
[security bulletin] SSRT5975 HP-UX Running on Itanium Platforms Local Denial of Service (DoS) Security Alert
iDEFENSE Security Advisory 10.13.05: Multiple Vendor XMail 'sendmail' Recipient Buffer Overflow Vulnerability iDEFENSE Labs
iDEFENSE Security Advisory 10.13.05: Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability iDEFENSE Labs

Friday, 14 October

[USN-205-1] Curl and wget vulnerabilities Martin Pitt
Re: Antivirus detection bypass by special crafted archive. Williams, James K
RTasarim WebAdmin modul SQL injection khc
Google Talk cleartext proxy credentials vulnerability m123303
MDKSA-2005:182 - Updated curl packages fix NTLM authentication vulnerability Mandriva Security Team
Airscanner Mobile Security Advisory #05101001: iTunes Shared Music Denial of Service/Spoofing/Flooding/Abuse Seth Fogie
MDKSA-2005:183 - Updated wget packages fix NTLM authentication vulnerability Mandriva Security Team
Gallery 2.x Remote File Access Vulnerability Bharat Mediratta
CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability Williams, James K
Trusted Digital, Trusted Mobility Suite Authorization Bypass Vulnerability none
[ GLSA 200510-12 ] KOffice, KWord: RTF import buffer overflow Sune Kloppenborg Jeppesen
[USN-204-1] SSL library vulnerability Martin Pitt
MDKSA-2005:184 - Updated cfengine packages fix temporary file vulnerabilities Mandriva Security Team

Saturday, 15 October

[KAPDA::#6] Punbb SQL Injection Vulnerability advisory
Security Contacr for Mycall Fixer
[ GLSA 200510-13 ] SPE: Insecure file permissions Thierry Carrez
MDKSA-2005:185 - Updated koffice packages fix KWord RTF import overflow vulnerability Mandriva Security Team
Re: Google Talk cleartext proxy credentials vulnerability 3APA3A

Monday, 17 October

[ GLSA 200510-14 ] Perl, Qt-UnixODBC, CMake: RUNPATH issues Thierry Carrez
[USN-206-1] Lynx vulnerability Martin Pitt
[USN-208-1] SSH server vulnerability Martin Pitt
[USN-207-1] PHP vulnerability Martin Pitt
[USN-208-1] graphviz vulnerability Martin Pitt
Exploiting Windows Device Drivers Whitepaper Piotr Bania
Ciscos VPN-Client-Passwords can be decrypted Thierry Zoller
Yahoo RSS XSS Vulnerability (Correction) alljer
SUSE Security Announcement: OpenWBEM (SUSE-SA:2005:060) Sebastian Krahmer
ie7 will have more mechanisms liudieyu
flexbackup default config insecure temporary file creation ZATAZ Audits
[OpenPKG-SA-2005.022] OpenPKG Security Advisory (openssl) OpenPKG
Lynx Remote Buffer Overflow Ulf Harnhammar
Yahoo RSS XSS Vulnerability alljer
PHP local safedir restriction bypass slythers
[ GLSA 200510-15 ] Lynx: Buffer overflow in NNTP processing Sune Kloppenborg Jeppesen
[ GLSA 200510-16 ] phpMyAdmin: Local file inclusion vulnerability Sune Kloppenborg Jeppesen
Re: Aenovo Multiple Vulnerabilities (Patch) ali202
winrar 3.50 Exploit edward11

Tuesday, 18 October

[USN-210-1] netpbm vulnerability Martin Pitt
Re: [Full-disclosure] [USN-208-1] SSH server vulnerability Martin Pitt
Secunia Research: MySource Cross-Site Scripting and File Inclusion Vulnerabilities Secunia Research
Re: [Full-disclosure] Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service Paul Laudanski
SECURECon 2006 Call for papers! Will Belcher
MDKSA-2005:186 - Updated lynx packages fix remote buffer overflow Mandriva Security Team
Re: [Full-disclosure] Ciscos VPN-Client-Passwords can be decrypted Clayton Kossmeyer
e107 remote commands execution retrogod
NetFlow Analyzer 4 XSS Vulnerability why
Windows host based firewall tester Tim
Linksys WRT54G/S Directory Traversal Shell
Re: [KAPDA::#6] Punbb SQL Injection Vulnerability arpen
Re: Require many large corporate emails for contact regarding vulnerability. dcrab
Multiple Critical and High Vulnerabilities in Oracle Database Server NGSSoftware Insight Security Research

Wednesday, 19 October

Revision: Multiple Critical and High Vulnerabilities in Oracle Database Server David Litchfield
Metasploit Framework v2.5 H D Moore
SUSE Security Announcement: openSSL protocol downgrade attack (SUSE-SA:2005:061) Marcus Meissner
Re: [KAPDA::#6] Punbb SQL Injection Vulnerability alireza hassani
SecurityAlert SA025 : PHPNuke Remote Directory Traversal sp3x
Re: Windows host based firewall tester Morten Torstensen
cacam_logsecurity_win32 exploit published on 20051018 by Metasploit Williams, James K
Cisco Security Advisory:Cisco 11500 Content Services Switch SSL Malformed Client Certificate Vulnerability Cisco Systems Product Security Incident Response Team

Thursday, 20 October

[security bulletin] SSRT051052 rev.0 - HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE) Remote Privileged Access security-alert
[SECURITY] [DSA 868-1] New Mozilla Thunderbird packages fix several vulnerabilities Martin Schulze
RE: CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability Williams, James K
XSS & Path Disclosure in Chipmunk's products alireza hassani
Oracle 10g - emagent.exe Stack-Based Overflow SPI Labs
[SECURITY] [DSA 866-1] New Mozilla packages fix several vulnerabilities Martin Schulze
Oracle Workflow CSS Vulnerability wf_monitor ak
[SECURITY] [DSA 867-1] New module-assistant package fixes insecure temporary file Martin Schulze
Oracle Workflow CSS Vulnerability wf_route ak
Vulnerabilities in Oracle E-Business Suite 11i - Critical Patch Update October 2005 Integrigy Security
[ GLSA 200510-17 ] AbiWord: New RTF import buffer overflows Thierry Carrez
[ GLSA 200510-18 ] Netpbm: Buffer overflow in pnmtopng Thierry Carrez
[USN-211-1] Enigmail vulnerability Martin Pitt

Friday, 21 October

iDEFENSE Security Advisory 10.20.05: Multiple Vendor Ethereal srvloc Buffer Overflow Vulnerability iDEFENSE Labs
iDEFENSE Security Advisory 10.20.05: Symantec Norton AntiVirus LiveUpdate Local Privilege Escalation iDEFENSE Labs
iDEFENSE Security Advisory 10.20.05: Symantec Norton AntiVirus DiskMountNotify Local Privilege Escalation iDEFENSE Labs
[Argeniss] Story of a dumb patch (Paper advisoryabout CSRSS and Windows Explorer vulnerabilities) Cesar
UnixWare 7.1.4 UnixWare 7.1.3 : ppp buffer overflow please_reply_to_security
OpenServer 5.0.7 : authsh and backupsh buffer overflow please_reply_to_security
F.E.A.R. 1.01 likes lithsock Luigi Auriemma
[SECURITY] [DSA 869-1] New eric packages fix arbitrary code execution Martin Schulze
Nuked klan 1.7: XSS vulnerability papipsycho
MDKSA-2005:187 - Updated dia packages fix python SVG import vulnerability. Mandriva Security Team
MDKSA-2005:188 - Updated graphviz packages fix temporary file vulnerability. Mandriva Security Team
MDKSA-2005:189 - Updated imap packages fix buffer overflow vulnerabilities. Mandriva Security Team
MDKSA-2005:190 - Updated nss_ldap/pam_ldap packages fix privilege vulnerabilities. Mandriva Security Team
MDKSA-2005:191 - Updated ruby packages fix safe level and taint flag protections vulnerability Mandriva Security Team
MDKSA-2005:192 - Updated xli packages fix buffer overflow vulnerabilities. Mandriva Security Team
[SNS Advisory No.84] Oracle Application Server HTTP Response Splitting Vulnerability snsadv
Secunia Research: ZipGenius Multiple Archive Handling Buffer Overflow Secunia Research
SEC-CONSULT-SA-20051021-0: Yahoo/MSIE XSS Bernhard Mueller
[security bulletin] SSRT051052 rev.1 - HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE) Remote Privileged Access security-alert
Windows UMPNPMGR wsprintfW Stack Buffer Overflow Vulnerability PoC ppwd25

Monday, 24 October

phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. alphakgen
PhpNuke 7.8 with all security fixes/patches "Your_Account", "Downloads", "Web Links" SQL Injection / Remote commans execution retrogod
DBoardGear SQL Injection almaster
SUSE Security Announcement: permissions (SUSE-SA:2005:062) Ludwig Nussel
DCP - portal XSS & SQL attacks alex
Remote File Inclusion in forum PunBB rod hedor
Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability Stefan Esser
TSLSA-2005-0059 - multi Trustix Security Advisor
Insecure Temporary Files in BMC/Control-M Agent Scott Cromar
Nuked klan 1.7: Bypassed level admin on forum(corrected) papipsycho
[security bulletin] SSRT051055 rev.0 - HP Oracle for OpenView (OfO) Critical Patch Update October 2005 security-alert
Revised draft on ICMP attacks Fernando Gont
Possible Bug in PHP-Fusion 6.0.204 peanut
aRCHILLES Newsworld < 1.5.0-rc1 Multiple Vulnerabilities chburchert
[KAPDA::#8] Domain Manager Pro Vulnerability advisory
SQL saphp Lesson almaster
File Including In FLAT NUKE abducter_minds
Zomplog Script Injection Vulnerability =>3.4 (all versions vulnerable) sikikmail
php < 4.4.1 htaccess apache dos Eric Romang / ZATAZ.com
Nuked klan 1.7: Remote Exploit papipsycho
Nuked klan 1.7: SQL vulnerability papipsycho
Flat Nuke Cross Site Scripting alex

Tuesday, 25 October

iDEFENSE Security Advisory 10.24.05: SCO Openserver backupsh 'Home' Buffer Overflow Vulnerability iDEFENSE Labs
PHP iCalendar CSS ascii
[SECURITY] [DSA 871-1] New libgda2 packages fix arbitrary code execution Martin Schulze
DboardGear - uncorrect import themes (SQL-inject) poizon
Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through Andrey Bayora
Skype security advisory . EADS CCR DCR/STI/C
[ GLSA 200510-19 ] cURL: NTLM username stack overflow Thierry Carrez
[ GLSA 200510-20 ] Zope: File inclusion through RestructuredText Thierry Carrez
[ GLSA 200510-21 ] phpMyAdmin: Local file inclusion and XSS vulnerabilities Thierry Carrez
[SNS Advisory No.85] XOOPS Multiple Cross-site Scripting Vulnerabilities snsadv
[SECURITY] [DSA 870-1] New sudo packages fix arbitrary command execution Martin Schulze
iDEFENSE Security Advisory 10.24.05: SCO Unixware Setuid ppp prompt Buffer Overflow Vulnerability iDEFENSE Labs
RE: Possible Bug in PHP-Fusion 6.0.204 Paul
Mozilla Thunderbird SMTP down-negotiation weakness Thomas Henlich
Network Appliance iSCSI Authentication Bypass advisories
[SECURITY] [DSA 871-2] New libgda2 packages fix arbitrary code execution Martin Schulze
SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability Bernhard Mueller
SEC-Consult SA 20051025-1 :: RSA ACE Web Agent XSS Bernhard Mueller
iDEFENSE Security Advisory 10.24.05: SCO Openserver authsh 'Home' Buffer Overflow Vulnerability iDEFENSE Labs
SparkleBlog Journal.php HTML Injection Vulnerability =>v2.1 (all versions vulnerable) sikikmail

Wednesday, 26 October

Looking for security contacts at Sony and Lenovo (FKA IBM) Richard M. Smith
[SECURITY] [DSA 548-2] New imlib packages fix arbitrary code execution Martin Schulze
MDKSA-2005:193 - Updated ethereal packages fix multiple vulnerabilities Mandriva Security Team
Looking for a security contact at Macrovision/InstallShield Richard M. Smith
Re: Mozilla Thunderbird SMTP down-negotiation weakness Jason Haar
Secunia Research: Mantis "t_core_path" File Inclusion Vulnerability Secunia Research
Woltlab Burning Board info_db.php multiple SQL injection admin
SQL-Injection in MyBulletinBoard allows attacker to become a board admin. Animal
phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Paul Laudanski
[SECURITY] [DSA 873-1] New net-snmp packages fix denial of service Martin Schulze
[KAPDA::#9] Techno Dreams Scripts Vulnerabilities advisory
Re: [Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte Andrey Bayora
Re: Mozilla Thunderbird SMTP down-negotiation weakness Tony Finch
Update for the magic byte bug Andrey Bayora
MDKSA-2005:197 - Updated unzip packages fix suid, permissions vulnerabilities. Mandriva Security Team
MDKSA-2005:193-1 - Updated ethereal packages fix multiple vulnerabilities Mandriva Security Team
Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through Andrey Bayora
MDKSA-2005:198 - Updated uim packages fix suid linking vulnerabilities. Mandriva Security Team
MDKSA-2005:195 - Updated squid packages fix vulnerabilities Mandriva Security Team
MDKSA-2005:186-1 - Updated lynx packages fix remote buffer overflow Mandriva Security Team
Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through Andreas Marx
MDKSA-2005:194 - Updated php-imap packages fix buffer overflow vulnerabilities. Mandriva Security Team
MDKSA-2005:196 - Updated perl-Compress-Zlib packages fix vulnerabilities Mandriva Security Team
[SECURITY] [DSA 872-1] New koffice packages fix arbitrary code execution Martin Schulze
PHP-Nuke Cross-Site Scripting Vulnerability bhfh01
RE: [Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte Debasis Mohanty
MDKSA-2005:199 - Updated netpbm packages fix pnmtopng vulnerabilities Mandriva Security Team

Thursday, 27 October

[SECURITY] [DSA 874-1] New lynx packages fix arbitrary code execution Martin Schulze
fetchmail security announcement 2005-02 (CVE-2005-3088) ma+nomail
[SECURITY] [DSA 875-1] New OpenSSL packages fix cryptographic weakness Martin Schulze
[SECURITY] [DSA 876-1] New lynx-ssl packages fix arbitrary code execution Martin Schulze
Secunia Research: ATutor Multiple Vulnerabilities Secunia Research
[CIRT.DK] - Novell ZENworks Patch Management Server 6.0.0.52 - SQL injection CIRT.DK Advisory

Friday, 28 October

[SECURITY] [DSA 878-1] New netpbm-free packages fix arbitrary code execution Martin Schulze
[ GLSA 200510-23 ] TikiWiki: XSS vulnerability Thierry Carrez
MDKSA-2005:201 - Updated sudo packages fix vulnerability Mandriva Security Team
[ GLSA 200510-22 ] SELinux PAM: Local password guessing attack Thierry Carrez
[SECURITY] [DSA 877-1] New gnump3d packages fix several vulnerabilities Martin Schulze
MDKSA-2005:200 - Updated apache-mod_auth_shadow packages fix security restriction bypass issues. Mandriva Security Team
[ GLSA 200510-24 ] Mantis: Multiple vulnerabilities Thierry Carrez
iDefense Security Advisory 10.28.05: Multiple Vendor chmlib CHM File Handling Buffer Overflow Vulnerability iDEFENSE Labs
Re: [ GLSA 200510-23 ] TikiWiki: XSS vulnerability Thierry Carrez
Re: [ GLSA 200510-23 ] TikiWiki: XSS vulnerability dave canuck
File Including In PBLang abducter_minds
Multiple vulnerabilities within RockLiffe MailSite Express WebMail Paul Craig

Saturday, 29 October

Remote File Inclusion in vCard :) [AT]
Re: [Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte Andrey Bayora
Re: Mozilla Thunderbird SMTP down-negotiation weakness Bob Beck
Re: Mozilla Thunderbird SMTP down-negotiation weakness Jason Haar
Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through Dave English
Remote MySQL User on Cpanel Default installation with blank password sup3r_linux
Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Paul Laudanski
Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through forged magic byte Williams, James K
Re: [Full-disclosure] SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability Florian Weimer
Re: [Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Tatercrispies
Re: [Full-disclosure] SEC-Consult SA 20051025-0 :: Snoopy Remote Code Execution Vulnerability SEC Consult Research
Re: [Full-disclosure] Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Nicob
Re: [Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte Eygene A. Ryabinkin
Re: Network Appliance iSCSI Authentication Bypass Steve Shockley
Re: [Full-disclosure] Multiple Vendor Anti-Virus Software DetectionEvasion Vulnerability through forged magic byte Bipin Gautam
Re: Network Appliance iSCSI Authentication Bypass steve . shockley
Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through mgotts
Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through Andrey Bayora
Re: Remote File Inclusion in forum PunBB arpen
Vulnerability in MG2 php based Image Gallery - bypass security, view password protected images preben
Mirabilis ICQ 2003a Buffer Overflow Download Shellcoded Exploit atmaca
uplod phpshell in PHP Advanced Transfer Manager sQl
Trend Micro's Response to the Magic Byte Bug Auri Rahimzadeh

Monday, 31 October

[USN-206-2] Fixed lynx packages for USN-206-1 Martin Pitt
[USN-213-1] sudo vulnerability Martin Pitt
[USN-151-3] zlib vulnerabilities Martin Pitt
[USN-212-1] libgda2 vulnerability Martin Pitt
New List David Ahmad
Advisory 20/2005: PHP File-Upload $GLOBALS Overwrite Vulnerability Stefan Esser
Advisory 19/2005: PHP register_globals Activation Vulnerability in parse_str() Stefan Esser
Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo() Stefan Esser
OpenVPN[v2.0.x]: foreign_option() formart string vulnerability. v9
Advisory 17/2005: phpBB Multiple Vulnerabilities Stefan Esser
[ GLSA 200510-26 ] XLI, Xloadimage: Buffer overflow Sune Kloppenborg Jeppesen
[ GLSA 200510-25 ] Ethereal: Multiple vulnerabilities in protocol dissectors Sune Kloppenborg Jeppesen
SQL In Invision Gallery 2.0.3 almaster
mwcollect v3.0.0 Release Georg Wicherski
SQL IN FORUM.PHP ABDUCTER_MINDS
Re: uplod phpshell in PHP Advanced Transfer Manager D_BuG
APPLE-SA-2005-10-31 Mac OS X v10.4.3 noreply
PreviousPrevious period
Next periodNext