SecurityFocus

DMA[2005-0103a] - 'William LeFebvre "top" format string vulnerability' 2005-01-05
KF (Lists) (kf_lists digitalmunition com)

[ GLSA 200501-03 ] Mozilla, Firefox, Thunderbird: Various vulnerabilities 2005-01-05
Thierry Carrez (koon gentoo org)

[ GLSA 200501-02 ] a2ps: Insecure temporary files handling 2005-01-04
Thierry Carrez (koon gentoo org)

[ GLSA 200501-01 ] LinPopUp: Buffer overflow in message reply 2005-01-04
Thierry Carrez (koon gentoo org)

[ GLSA 200501-04 ] Shoutcast Server: Remote code execution 2005-01-05
Luke Macken (lewk gentoo org)

[CLA-2005:910] Conectiva Security Announcement - mplayer 2005-01-05
Conectiva Updates (secure conectiva com br)

[SECURITY] [DSA 625-1] New pcal packages fix arbitrary code execution 2005-01-05
joey infodrom org (Martin Schulze)

[SECURITY] [DSA 624-1] New zip packages fix arbitrary code execution 2005-01-05
joey infodrom org (Martin Schulze)

QWikiwiki directory traversal vulnerability 2005-01-04
Madelman (madelman iname com)

Socket termination, format string and XSS in Soldner Secret Wars 30830 2005-01-04
Luigi Auriemma (aluigi autistici org)

MyBB SQL Injection 2005-01-05
scottm spamcop net

[KDE Security Advisory] ftp kioslave command injection 2005-01-04
Dirk Mueller (mueller kde org)

[SECURITY] [DSA 623-1] New nasm packages fix arbitrary code execution 2005-01-04
joey infodrom org (Martin Schulze)

Serious Vulnerabilities In PhotoPost ReviewPost 2005-01-03
GulfTech Security (security gulftech org)

Multiple PhotoPost Pro Vulnerabilities 2005-01-03
GulfTech Security (security gulftech org)

3Com 3CDaemon Multiple Vulnerabilities 2005-01-04
Sowhat . (smaillist gmail com)

Multiple Firewall Products Bypass Vulnerability 2005-01-03
Ferruh Mavituna (ferruh mavituna com)

STG Security Advisory: [SSA-20041224-21] File extensions restriction bypass vulnerability in GNUBoard 2005-01-03
advisory stgsecurity com

Multiple Vulnerabilities in FlatNuke 2005-01-02
Pierquinto Manco (pierquinto gmail com)

Remote DoS in GFI MailEssentials due to a bug in Microsoft HTML parser 2005-01-03
Peter Kruse (kruse krusesecurity dk)

[SECURITY] [DSA 622-1] New htmlheadline package fixes insecure temporary files 2005-01-03
joey infodrom org (Martin Schulze)

Two Vulnerabilities in ViewCVS 2005-01-01
Joxean Koret (joxeankoret yahoo es)

Cross Site Scripting Vulnerabilities and Possible Code Executionin SugarCRM 2005-01-01
Joxean Koret (joxeankoret yahoo es)

Various Vulnerabilities in OWL Intranet Engine 2005-01-01
Joxean Koret (joxeankoret yahoo es)

7a69Adv#17 - Internet Explorer FTP download path disclosure 2004-12-30
Albert Puigsech Galicia (ripe 7a69ezine org)

Windows LoadImage API Heapoverflow exploit 2005-01-01
Berend-Jan Wever (skylined edup tudelft nl)

Windows Media files allow opening any url in Internet Explorer 2005-01-01
Berend-Jan Wever (skylined edup tudelft nl)

Jacks FormMail.php remote file access vulnerability 2004-12-31
Hack Hawk (hh hackhawk net)

WHM AutoPilot Security Release [ Plus Upgrade Instructions ] 2004-12-31
GulfTech Security (security gulftech org)

Re: [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC 2004-12-31
Steve Friedl (steve unixwiz net)

Cross Site Scripting DOS (Zyxel B-420 Ethernet Bridge) 2004-12-31
beniwiedmer tiscali ch

[SECURITY] [DSA 621-1] New CUPS packages fix arbitrary code execution 2004-12-31
joey infodrom org (Martin Schulze)

Re: [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC 2004-12-31
Alberto Garcia Hierro (tcpdevil linuxlover org)

ArGoSoft FTP Server reveals valid usernames and allows for brute force attacks 2004-12-31
steven lovebug org

SQL Injection Vulnerability In IBProArcade 2004-12-31
mike bailey (mike ub3r net)

Bluetooth: BlueSnarf and BlueBug Full Disclusore 2004-12-31
Adam Laurie (adam laurie thebunker net)

[EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC 2004-12-30
houseofdabus HOD (houseofdabus inbox ru)

MDKSA-2004:166 - Updated tetex packages fix multiple vulnerabilities 2004-12-30
Mandrake Linux Security Team (security linux-mandrake com)

Re: Multiple Vulnerabilities in Moodle 2004-12-30
Martin Dougiamas (martin moodle com)

MDKSA-2004:162 - Updated gpdf packages fix buffer overflow vulnerability 2004-12-30
Mandrake Linux Security Team (security linux-mandrake com)

Re: Strange Java Loader (not so strange - Trojan.ByteVerify) 2004-12-31
K-OTiK Security (Special-Alerts k-otik com)

MDKSA-2004:165 - Updated koffice packages fix multiple vulnerabilities 2004-12-30
Mandrake Linux Security Team (security linux-mandrake com)

MDKSA-2004:163 - Updated kdegraphics packages fix buffer overflow vulnerability 2004-12-30
Mandrake Linux Security Team (security linux-mandrake com)

MDKSA-2004:159 - Updated glibc packages fix temporary file vulnerability 2004-12-30
Mandrake Linux Security Team (security linux-mandrake com)

MDKSA-2004:164 - Updated cups packages fix buffer overflow vulnerability 2004-12-30
Mandrake Linux Security Team (security linux-mandrake com)

[SECURITY] [DSA 619-1] New xpdf packages fix arbitrary code execution 2004-12-30
joey infodrom org (Martin Schulze)

MDKSA-2004:161 - Updated xpdf packages fix buffer overflow vulnerability 2004-12-30
Mandrake Linux Security Team (security linux-mandrake com)

Re: Sanity Worm Concepts 2004-12-30
Paul Laudanski (zx castlecops com)

MDKSA-2004:160 - Updated kdelibs packages fix konqueror email vulnerability 2004-12-30
Mandrake Linux Security Team (security linux-mandrake com)

Strange Java Loader 2004-12-30
duffbeer (duffbeer gmx net)

[SECURITY] [DSA 620-1] New perl packages fix several vulnerabilities 2004-12-30
joey infodrom org (Martin Schulze)

NetCat V 1.11 Multiple Bugs 2004-12-30
CorryL (corryl80 gmail com)

KorWeblog php injection Vulnerability 2004-12-30
Min-sung Choi (mins fsu or kr)

Heap overflow in Mozilla Browser <= 1.7.3 NNTP code. 2004-12-29
Maurycy Prodeus (z33d isec pl)

[ GLSA 200412-26 ] ViewCVS: Information leak and XSS vulnerabilities 2004-12-28
Thierry Carrez (koon gentoo org)

[ GLSA 200412-25 ] CUPS: Multiple vulnerabilities 2004-12-28
Thierry Carrez (koon gentoo org)

[ GLSA 200412-24 ] Xpdf, GPdf: New integer overflows 2004-12-28
Thierry Carrez (koon gentoo org)

Re: Did a 16-bit counter overflow shut down Comair? 2004-12-29
Avleen Vig (lists-bugtraq silverwraith com)

Sanity Worm Concepts 2004-12-29
Andy Fewtrell (afsec throwaway coldfyre net)

Re: Did a 16-bit counter overflow shut down Comair? 2004-12-29
Mike Nice (niceman att net)

QNX crrtrap arbitrary file read/write vulnerability [RLSA_06-2004] 2004-12-29
Julio Cesar Fort (julio rfdslabs com br)

php-Calendar File Include Vulnerability [ Command Exec ] 2004-12-29
GulfTech Security (security gulftech org)

[CLA-2004:909] Conectiva Security Announcement - netpbm 2004-12-29
Conectiva Updates (secure conectiva com br)

KDE Security Advisory: kpdf Buffer Overflow Vulnerability 2004-12-28
Dirk Mueller (mueller kde org)

Re: Microsoft Windows LoadImage API IntegerBuffer overflow 2004-12-25
Berend-Jan Wever (skylined edup tudelft nl)

Re: [HAT-SQUAD] NetCat Remote Critical Vulnerability, Poc included 2004-12-28
Chris Wysopal (weld vulnwatch org)

XSA-2004-7: stack overflow in AIFF demultiplexer 2004-12-26
Michael Roitzsch (mroi users sourceforge net)

Netcat v1.11 For Windows , New fixed version 2004-12-29
Hat-Squad Security Team (bugtraq hat-squad com)

[HAT-SQUAD] NetCat Remote Critical Vulnerability, Poc included 2004-12-27
Hat-Squad Security Team (bugtraq hat-squad com)

Re: iDEFENSE Security Advisory 12.21.04: libtiff STRIPOFFSETS Integer Overflow Vulnerability 2004-12-27
Marcus Meissner (meissner suse de)

Remote code execution with parameters withoutu ser interaction, even with XP SP2 2004-12-28
ShredderSub7 SecExpert (shreddersub7 hotmail com)

Multiple WHM Autopilot Vulnerabilities 2004-12-28
GulfTech Security (security gulftech org)

Did a 16-bit counter overflow shut down Comair? 2004-12-28
Richard M. Smith (rms computerbytesman com)

possible error in latest NGS realplayer advisory 2004-12-28
Marc Bejarano (bugtraq beej org)

MDKSA-2004:158 - Updated samba packages fix integer overflow vulnerabilities 2004-12-27
Mandrake Linux Security Team (security linux-mandrake com)

Multiple Vulnerabilities in Moodle 2004-12-27
Bartek Nowotarski (silence10 wp pl)

Microsoft Internet Explorer SP2 Fully Automated Remote Compromise 2004-12-25
Paul (paul greyhats cjb net)

Re: New Santy-Worm attacks *all* PHP-skripts ( Santy.c ? ) 2004-12-26
K-OTiK Security (Special-Alerts k-otik com)

Re: Microsoft Windows LoadImage API Integer Buffer overflow 2004-12-25
Brett Glass (brett lariat org)

RE: phpBB Worm 2004-12-25
Chris Ess (securityfocus cae tokimi net)

New Winhlp32.exe vuln 2004-12-24
bad_son pimp it

new phpBB worm affects 2.0.11 2004-12-24
Herman Sheremetyev (herman swebpage com)

CleanCache v2.19: False Sense of Security 2004-12-25
WBG Links (wbglinks gmail com)

New Santy-Worm attacks *all* PHP-skripts 2004-12-25
Juergen Schmidt (ju heisec de)

Re: phpBB Worm 2004-12-25
Zeljko Brajdic (zebrajdi inet hr)

Re: phpBB Worm 2004-12-24
Raymond Dijkxhoorn (raymond prolocation net)

Final Call for Papers & Workshops - BCS Asia 2005 2004-12-24
Anthony.zboralski (bcs2005 bellua com)

XSS in yacy 0.31 2004-12-24
Donato Ferrante (fdonato autistici org)

Re: Inexcusable weakness in Kmail / GnuPG 2004-12-24
Simple Nomad (thegnome nmrc org)

Re: [USN-52-1] vim vulnerability 2004-12-24
Liu Die Yu (liudieyu umbrella name)

STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard 2004-12-24
advisory stgsecurity com

Re: DJB's students release 44 *nix software vulnerability advisories 2004-12-24
daw taverner cs berkeley edu (David Wagner)

Re: DJB's students release 44 *nix software vulnerability advisories 2004-12-24
Crispin Cowan (crispin immunix com)

[SECURITY] [DSA 617-1] New libtiff packages fix arbitrary code execution 2004-12-24
joey infodrom org (Martin Schulze)

Re: phpBB Worm 2004-12-24
steve uptime org uk

[SECURITY] [DSA 618-1] New imlib packages fix arbitrary code execution 2004-12-24
joey infodrom org (Martin Schulze)

raptor's xmas pack 2004 2004-12-22
Marco Ivaldi (raptor 0xdeadbeef info)

Re: possible local exploit via sendmail with procmail on solaris 2004-12-22
Jeff Damens (jdamens ebbets poly edu)

Re: Webmin BruteForce + Command execution - By Di42lo <DiAblo_2 (at) 012.net (dot) il [email concealed]> 2004-12-23
Martin Mewes (mm mewes tv)

[Security Bulletin] SSRT4696 rev.0 - HP Tru64 UNIX TCP Stack Remote Denial of Service (DoS) 2004-12-23
Boren, Rich (SSRT) (rich boren hp com)