- New LSASS-based worm finally here (Sasser)
- [SECURITY] [DSA 500-1] New flim packages fix insecure temporary file creation
- W32/Sasser a and b SNORT Sigs
- PaX Linux Kernel 2.6 Patches DoS Advisory
- [SECURITY] [DSA 499-1] New rsync packages fix directory traversal bug
- EEYE: Apple QuickTime (QuickTime.qts) Heap Overflow
- Crystal Reports Vulnerabilities
- [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine
- X-Chat[v1.8.0-v2.0.8]: socks-5 remote buffer overflow exploit.
- Multible Vulnerabilites in Aldos Webserver
- Serv-U LIST -l Parameter Buffer Overflow
- Vulnerability in YaBB forum (Perl version without SQL)
- [slackware-security] sysklogd update (SSA:2004-124-02)
- [slackware-security] libpng update (SSA:2004-124-04)
- [slackware-security] rsync update (SSA:2004-124-01)
- [slackware-security] xine-lib update (SSA:2004-124-03)
- [product-security@apple.com: APPLE-SA-2004-05-03 Security Update 2004-05-03]
- Re: [Full-Disclosure] Re: New LSASS-based worm finally here (Sasser)
- @stake: AppleFileServer Remote Command Execution
- Sasser worm and Embedded Support Partner (ESP) port 5554/tcp
- remote root exec vulnerability in omail
- SMF SIZE Tag Script Injection Vulnerability
- Vulnerabilities In PHPX 3.26 And Earlier
- UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : apache multiple vulnerabilities, upgraded to apache-
- Re: (HOAX) Dameware Mini Remote Control Version 4.2 ? Weak Key
- Corsaire Security Advisory - Verity Ultraseek path disclosure issue
- Fuse Talk Vunerabilities
- [OpenPKG-SA-2004.019] OpenPKG Security Advisory (kolab)
- [slackware-security] lha update in bin package (SSA:2004-125-01)
- FreeBSD Security Advisory FreeBSD-SA-04:09.kadmind
- FreeBSD Security Advisory FreeBSD-SA-04:08.heimdal
- Titan FTP Server Aborted LIST DoS
- IRIX Networking Security Updates
- [waraxe-2004-SA#027 - Once again - critical vulnerabilities in
- Multiple vulnerabilities in P4DB
- [AppSecInc Security Alert] Microsoft Active Server Pages Cookie Retrieval Issue
- [0xbadc0ded #03] DeleGate (SSL-filter) <= 8.9.2
- Advisory: Heimdal kadmind version4 remote heap overflow
- Will a smart worm be made in the near future?
- [SECURITY] [DSA 501-1] New exim packages fix buffer overflows
- Security issue with Trend OfficeScan Corporate Edition
- Windows IPSec Vulnerabilty
- [CLA-2004:840] Conectiva Security Announcement - lha
- Remote DoS IE Memory Access Violation
- Fwd: [Re: cvs commit: src/sys/vm vm_map.c]
- Eudora file URL buffer overflow
- Streaming Video and Audio
- [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability
- [OpenPKG-SA-2004.020] OpenPKG Security Advisory (ssmtp)
- FW: [security bulletin] SSRT4717 Management Agents for HP-UX Remote DoS
- Status bar exploit hides spoofed URLs Eudora, possibly other
- [waraxe-2004-SA#028 - Multiple vulnerabilities in NukeJokes
- PaX DoS proof-of-concept
- a litle bypass with IE
- [ GLSA 200405-01 ] Multiple format string vulnerabilities in neon 0.24.4 and earlier
- Monit 4.1 remote shell exploit (HTTP)
- [ GLSA 200405-02 ] Multiple vulnerabilities in LHa
- OUTLOOK 2003: OuchLook
- Emule 0.42e Remote Denial Of Service Exploit
- [Ulf Harnhammar]: LHA Advisory + Patch
- msxml3.dll Parsing Error Crashes Internet Explorer Remotely Upon Refresh
- DEEP SEA PHISHING: Internet Explorer / Outlook Express
- Somebody exploiting (badly designed) yahoo service?
- MDKSA-2004:042 - Updated rsync packages fixes potential to write outside of directory tree.
- Re: NISCC Vulnerability Advisory 236929: Vulnerability Issues in
- PING: Outlook 2003 Spam
- MDKSA-2004:043 - Updated apache2 packages fixes a denial of service vulnerability in mod_ssl
- [SECURITY] [DSA 502-1] New exim-tls packages fix buffer overflows
- Linux Kernel sctp_setsockopt() Integer Overflow
- [ GLSA 200405-04 ] OpenOffice.org vulnerability when using DAV servers
- [ GLSA 200405-03 ] ClamAV VirusEvent parameter vulnerability
- Hiding URLs from Outlook and other mail clients
- Advisory 04/2004: Net(Free)BSD Systrace local root vulnerabilitiy
- OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : X sessions which are not started by scologin ca
- Re: [Full-Disclosure] Linux Kernel sctp_setsockopt() Integer Overflow
- [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
- MS04-015 - Windows Help Center - Dvdupgrade
- surfboard1.1.6 local exploit.
- NetBSD Security Advisory 2004-007: Systrace systrace_exit() local root
- EEYE: Symantec Multiple Firewall NBNS Response Processing Stack Overflow
- EEYE: Symantec Multiple Firewall NBNS Response Remote Heap Corruption
- [slackware-security] apache (SSA:2004-133-01)
- EEYE: Symantec Multiple Firewall Remote DNS KERNEL Overflow
- [ GLSA 200405-05 ] Utempter symlink vulnerability
- EEYE: Symantec Multiple Firewall DNS Response Denial-of-Service
- [SECURITY] [DSA 503-1] New mah-jong packages fix denial of service
- Opera Telnet URI Handler Vulnerability also applies to other browsers
- SYM04-008, Symantec Client Firewall Remote Access and Denial of Service
- [security bulletin] SSRT4722 rev.0 HP-UX Mozilla denial of service
- POA: Outlook Expresss 6.00
- IE URL Issue Being Used In Phishing In the Wild [USBank]
- DOE updated cybersecurity //no code or 0day sploits// just info
- [security bulletin] SSRT4721 rev.0 HP-UX dtlogin unauthorized privileged access, DoS
- TSLSA-2004-0027 - apache
- Curious fileutils/coreutils behaviour.
- Still Vulnerable in MSIE
- Vulnerability Scanning on Windows 2003 localhost will crash RPC
- [security bulletin] SSRT3613 rev.0 HP-UX B6848AB GTK+ Support Libraries - elevated privileges
- Symantec Multiple Firewall DNS Response Denial-of-Service Exploit
- TSLSA-2004-0029 - kernel
- [ GLSA 200405-07 ] Exim verify=header_syntax buffer overflow
- [ GLSA 200405-06 ] libpng denial of service vulnerability
- more simple and flexible WinBlox(GET CONTROL OF WINNT SYSTEM)
- lha buffer overflow(s) again
- CiSCO IOS 12.* source code stolen
- Re: Denial of Service Vulnerability in IEEE 802.11 Wireless Devices
- Re[2]: Denial of Service Vulnerability in IEEE 802.11 Wireless Devices
- NetChat HTTP Server Stack Overflow
- WebCT: Cross Site Scripting Vulnerability
- [slackware-security] mc (SSA:2004-136-01)
- Wget race condition vulnerability
- KDE Security Advisory: URI Handler Vulnerabilities
- Safari remote arbitrary code execution
- RE: Remote Buffer Overflow in MailEnable HTTPMail
- Microsoft Internet Explorer ImageMap URL Spoof Vulnerability
- Multiple TTT-C XSS vulnerabilities
- oscommerce 2.2 file_manager.php file browsing
- ROCKET SCIENCE: Outllook 2003
- [waraxe-2004-SA#029 - Possible remote file inclusion in PhpNuke
- MDKSA-2004:046 - Updated apache packages fix a number of vulnerabilities
- Buffer Overflow in ActivePerl ?
- MDKSA-2004:044 - Updated libuser packages fix vulnerability
- [waraxe-2004-SA#030 - Multiple vulnerabilities in PhpNuke 6.x - 7.3]
- MDKSA-2004:045 - Updated passwd packages fix vulnerabilities
- Advisory 05/2004: phpMyFAQ local file inclusion vulnerability
- Zen Cart login.php SQL Injection Vulnerability
- IRIX 6.5.24 rpc.mountd infinte loop
- RE: [Full-Disclosure] Re: Buffer Overflow in ActivePerl ?
- [slackware-security] kdelibs (SSA:2004-238-01)
- Re: Buffer Overflow in ActivePerl?
- Vapid Labs Security Advisory for PrimeBase Database 4.2 (update)
- Overflow@OmniHTTPd
- [SECURITY] [DSA 504-1] New heimdal packages fix potential buffer overflow
- Unknown IE bug with css-styles
- [ GLSA 200405-08 ] Pound format string vulnerability
- MDKSA-2004:047 - Updated kdelibs packages fix URI handling vulnerabilities
- [FLSA-2004:1546] Updated utempter resolves security vulnerability -- Reissue: updated 8.0 version nu
- [ GLSA 200405-09 ] ProFTPD Access Control List bypass vulnerability
- [SECURITY] [DSA 506-1] New neon packages fix buffer overflow
- Advisory 07/2004: CVS remote vulnerability
- [SECURITY] [DSA 505-1] New cvs packages fix remote exploit
- FreeBSD Security Advisory FreeBSD-SA-04:10.cvs
- Advisory 06/2004: libneon date parsing vulnerability
- A new Sanctum paper: "Blind XPath Injection"
- [SECURITY] [DSA 507-1] New cadaver packages fix buffer overflow
- Non-logged Brute Force Attack Vulnerability for Fantastico-Created Databases on cPanel Based Hosts
- Advisory 08/2004: Subversion remote vulnerability
- Idea for proactive worm protection
- [ GLSA 200405-10 ] Icecast denial of service vulnerability
- [ GLSA 200405-11 ] KDE URI Handler Vulnerabilities
- MDKSA-2004:049 - Updated libneon packages fix heap variable overflow issues
- MDKSA-2004:048 - Updated cvs packages fix remotely exploitable vulnerability
- [OpenPKG-SA-2004.023] OpenPKG Security Advisory (subversion)
- Reporting a Security Vulnerability in a Microsoft Product
- [OpenPKG-SA-2004.022] OpenPKG Security Advisory (cvs)
- SGI ProPack 3: Kernel Update #1 - Security and other fixes
- SGI ProPack v2.4: Kernel Update #4 - Security and other fixes
- [slackware-security] cvs (SSA:2004-140-01)
- [security bulletin] SSRT4696 rev. 0 HP ProCurve Routing Switches TCP Denial of Service (DoS)
- [ GLSA 200405-12 ] CVS heap overflow vulnerability
- [ GLSA 200405-14 ] Buffer overflow in Subversion
- [ GLSA 200405-15 ] cadaver heap-based buffer overflow
- [ GLSA 200405-13 ] neon heap-based buffer overflow
- Auditor security collection released - a swiss army knife for security assessments.
- Question About Ethics and Full Disclosure
- [OpenPKG-SA-2004.025] OpenPKG Security Advisory (rsync)
- Re: Non-logged Brute Force Attack Vulnerability forFantastico-Created Databases on cPanel Based Host
- e107 web portal Referers HTTP Injection
- [SNS Advisory No.72] Symantec Norton AntiVirus 2004 ActiveX Control Vulnerability
- MDKSA-2004:046-1 - apache-mod_perl packages are now available
- Eudora 6.1.1 attachment spoof, LaunchProtect
- [ GLSA 200405-16 ] Multiple XSS Vulnerabilities in SquirrelMail
- RE: Internet explorer .clsid vulnerability
- Re: Non-logged Brute Force Attack Vulnerability for
- Exploit codes for CVS Vulnerability and snort rules from ISC
- Liferay Cross Site Scripting Flaw
- MDKSA-2004:050 - Updated kernel packages fix multiple vulnerabilities
- BNBT BitTorrent Tracker Denial Of Service
- Allegro RomPager/2.10 DoS exploit
- [SECURITY] [DSA 508-1] New xpcd packages fix buffer overflow
- Netgear RP114 URL filter fails if URL is too long
- e107 web portal user.php XSS (Cross Site Scripting)
- cPanel mod_phpsuexec Vulnerability
- [ GLSA 200405-18 ] Buffer Overflow in Firebird
- SSH URI handler remote arbitrary code execution
- [ GLSA 200405-19 ] Opera telnet URI handler file creation/truncation vulnerability
- ERRATA: [ GLSA 200405-16 ] Multiple XSS Vulnerabilities in SquirrelMail
- [CLA-2004:841] Conectiva Security Announcement - libneon
- [ GLSA 200405-20 ] Insecure Temporary File Creation In MySQL
- [CLA-2004:842] Conectiva Security Announcement - mailman
- FreeBSD Security Advisory FreeBSD-SA-04:11.msync
- [security bulletin] SSRT4719 hp OpenView Select Access remote unauthorized access
- IEBUG: Archives of Internet Explorer
- [ GLSA 200405-21 ] Midnight Commander: Multiple vulnerabilities
- [Full-Disclosure] iDEFENSE Security Advisory 05.26.04: 3Com OfficeConnect Remote 812
- [security bulletin] SSRT4749 HP-UX Java Runtime Environment (JRE) remote DoS
- [ GLSA 200405-22 ] Apache 1.3: Multiple vulnerabilities
- [security bulletin]SSRT4724 HP integrated Lights Out (iLO) Denial of Service (DoS) using port zero
- Orenosv HTTP/FTP Server Denial Of Service
- Re: IRIX libcpr vulnerability
- IRIX libcpr vulnerability
- [CLA-2004:843] Conectiva Security Announcement - kde
- SGI Advanced Linux Environment 3 Security Update #1
- DoS in MiniShare 1.3.2
- The Dangers of Cross-Site-Scripting: Rogers Hi-Speed Internet Network [Canada]
- Sun-Java-App-Server PE 8.0 path disclosure
- MDKSA-2004:051 - Updated mailman packages fix password retrieval vulnerability
- WildTangent Web Driver Long FileName Stack Overflow
- MDKSA-2004:052 - Updated kolab-server package fixes world readable file vulnerability
- [PHP] include() bypassing filter with php://input
- [OpenPKG-SA-2004.026] OpenPKG Security Advisory (apache)
- [ GLSA 200405-23 ] Heimdal: Kerberos 4 buffer overflow in kadmin
- Re: [Full-Disclosure] iDEFENSE Security Advisory 05.27.04: 3Com OfficeConnect Remote 812 ADSL Router
- SGI Advanced Linux Environment security update #20
- SGI Advanced Linux Environment 3 Security Update #2
- [ GLSA 200405-24 ] MPlayer, xine-lib: vulnerabilities in RTSP stream
- JPortal SQL Injects
- Mollensoft ftp Server ver 3.6 Buffer overflow
- EnderUNIX Security Anouncement (Isoqlog and Spamguard)
- LDU (land down under) xss vulnerability
- [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]
- [SECURITY] [DSA 510-1] New jftpgw packages fix format string vulnerability
- [SECURITY] [DSA 509-1] New gatos packages fix privilege escalation
- [Full-Disclosure] iDEFENSE Security Advisory 05.27.04: 3Com OfficeConnect Remote 812
- [ GLSA 200405-25 ] tla: Heap-based buffer overflow in included libneon
- Users who have expired passwords can still log on to the domain
- Looking for a security contact of RealNetworks Live Rhapsody
- [SECURITY] [DSA 511-1] New ethereal packages fix buffer overflows
- LinkSys WRT54G administration page availble to WAN
- Possible bug in PHPNuke and other CMS
- Mollensoft Lightweight FTP Server CWD Buffer Overflow
- Firebird Database Remote Database Name Overflow
- RS-2004-1: SquirrelMail "Content-Type" XSS vulnerability
- [Squid 2004-betaNC-001] Inadequate Security Checking in NukeCops
- OSVDB Post Go-Live Update, 3000 Stable Entries
- [Squid 2004-OSC2Nuke-001] Inadequate Security Checking in OSC2Nuke
- [Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke
- Re: [Full-Disclosure] Possible bug in PHPNuke and other CMS
- MITKRB5-SA-2004-001: buffer overflows in krb5_aname_to_localname
- MDKSA-2004:055 - Updated apache2 package fix vulnerability in mod_ssl
- TSLSA-2004-0032 - kerberos
- [SECURITY] [DSA 512-1] New gallery packages fix unauthenticated access
- TSSA-2004-008 - apache
- TSSA-2004-009 - kerberos5
- MDKSA-2004:053 - Updated xpcd package fix vulnerabilities
- MDKSA-2004:054 - Updated mod_ssl package fix remote vulnerability
- MS KB article suggests turning off encrypted passwords for Mac clients
- Additional information on WRT54G administration page
- ERRATA: [ GLSA 200405-25 ] tla: Multiple vulnerabilities in included
- Remote SMTP authentication audit tool?