| 2008-05-11 |
vorbis-tools -- Speex header processing vulnerability |
| 2008-05-08 |
qemu -- "drive_init()" Disk Format Security Bypass |
| 2008-05-07 |
swfdec -- exposure of sensitive information |
| 2008-05-03 |
mozilla -- multiple vulnerabilities |
| 2008-05-02 |
mt-daapd -- integer overflow |
| sdl_image -- buffer overflow vulnerabilities |
| php -- integer overflow vulnerability |
| 2008-04-29 |
gnupg -- memory corruption vulnerability |
| png -- unknown chunk processing uninitialized memory access |
| 2008-04-28 |
firefox -- javascript garbage collector vulnerability |
| python -- Integer Signedness Error in zlib Module |
| 2008-04-25 |
mksh -- TTY attachment privilege escalation |
| openfire -- unspecified denial of service |
| extman -- password bypass vulnerability |
| mailman -- script insertion vulnerability |
| serendipity -- multiple cross site scripting vulnerabilities |
| 2008-04-24 |
phpmyadmin -- Shared Host Information Disclosure |
| phpmyadmin -- Username/Password Session File Information Disclosure |
| libxine -- array index vulnerability |
| postgresql -- multiple vulnerabilities |
| 2008-04-15 |
clamav -- Multiple Vulnerabilities |
| 2008-04-13 |
ikiwiki -- cross site request forging |
| lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability |
| 2008-04-06 |
postfix-policyd-weight -- working directory symlink vulnerability |
| 2008-04-05 |
suphp -- multiple local privilege escalation vulnerabilities |
| powerdns-recursor -- DNS cache poisoning |
| opera -- multiple vulnerabilities |
| 2008-03-26 |
silc -- pkcs_decode buffer overflow |
| 2008-03-20 |
bzip2 -- crash with certain malformed archive files |
| 2008-03-11 |
qemu -- unchecked block read/write vulnerability |
| 2008-03-10 |
dovecot -- security hole in blocking passdbs |
| 2008-03-06 |
mplayer -- multiple vulnerabilities |
| 2008-03-05 |
ghostscript -- zseticcspace() function buffer overflow vulnerability |
| 2008-03-04 |
phpmyadmin -- SQL injection vulnerability |
| 2008-02-29 |
pcre -- buffer overflow vulnerability |
| 2008-02-27 |
up-imapproxy -- multiple vulnerabilities |
| 2008-02-26 |
libxine -- buffer overflow vulnerability |
| moinmoin - multiple vulnerabilities |
| 2008-02-25 |
coppermine - multiple vulnerabilities |
| 2008-02-22 |
openldap -- modrdn Denial of Service vulnerability |
| opera -- multiple vulnerabilities |
| mozilla -- multiple vulnerabilities |
| 2008-02-15 |
clamav -- ClamAV libclamav PE File Integer Overflow Vulnerability |
| 2008-02-13 |
xfce -- multiple vulnerabilities |
| 2008-02-12 |
cacti -- Multiple security vulnerabilities have been discovered |
| claws-mail -- insecure temporary file creation |
| 2008-02-11 |
ikiwiki -- javascript insertion via uris |
| 2008-02-09 |
zenphoto -- XSS vulnerability |
| 2008-02-04 |
jetty -- multiple vulnerability |
| 2008-01-31 |
dircproxy -- remote denial of service |
| 2008-01-29 |
libxine -- buffer overflow vulnerability |
| 2008-01-23 |
xorg -- multiple vulnerabilities |
| 2008-01-20 |
freeradius -- sql injection and denial of service vulnerability |
| 2008-01-19 |
libxine -- buffer overflow vulnerability |
| IRC Services-- Denial of Service Vulnerability |
| 2008-01-15 |
geeklog xss vulnerability |
| 2008-01-14 |
php -- multiple vulnerabilities |
| 2008-01-11 |
drupal -- cross site request forgery |
| drupal -- cross site scripting (utf8) |
| drupal -- cross site scripting (register_globals) |
| 2008-01-10 |
maradns -- CNAME record resource rotation denial of service |
| 2008-01-07 |
lsh -- multiple vulnerabilities |
| 2008-01-04 |
linux-realplayer -- multiple vulnerabilities |
| 2008-01-03 |
linux-flashplugin -- multiple vulnerabilities |
| 2007-12-31 |
tcl/tk -- buffer overflow in ReadImage function |
| 2007-12-29 |
dovecot -- Specific LDAP + auth cache configuration may mix up user logins |
| gallery2 -- multiple vulnerabilities |
| opera -- multiple vulnerabilities |
| 2007-12-22 |
wireshark -- multiple vulnerabilities |
| 2007-12-20 |
e2fsprogs -- heap buffer overflow |
| 2007-12-19 |
peercast -- buffer overflow vulnerability |
| 2007-12-18 |
ganglia-webfrontend -- XSS vulnerabilities |
| 2007-12-14 |
qemu -- Translation Block Local Denial of Service Vulnerability |
| firefox -- multiple remote unspecified memory corruption vulnerabilities |
| mozilla -- code execution via Quicktime media-link files |
| mozilla -- multiple vulnerabilities |
| 2007-12-12 |
drupal -- SQL injection vulnerability |
| samba -- buffer overflow vulnerability |
| smbftpd -- format string vulnerability |
| 2007-12-10 |
jetty -- multiple vulnerabilities |
| 2007-12-09 |
liveMedia -- DoS vulnerability |
| 2007-12-07 |
Squid -- Denial of Service Vulnerability |
| 2007-12-05 |
GNU finger vulnerability |
| 2007-12-01 |
rubygem-rails -- JSON XSS vulnerability |
| 2007-11-27 |
rubygem-rails -- session-fixation vulnerability |
| ikiwiki -- improper symlink verification vulnerability |
| 2007-11-21 |
phpmyadmin -- Cross Site Scripting |
| samba -- multiple vulnerabilities |
| 2007-11-17 |
postnuke -- admin section SQL injection |
| 2007-11-16 |
php -- multiple security vulnerabilities |
| jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented |
| 2007-11-14 |
net-snmp -- denial of service via GETBULK request |
| xpdf -- multiple remote Stream.CC vulnerabilities |
| 2007-11-13 |
flac -- media file processing integer overflow vulnerabilities |
| 2007-11-12 |
plone -- unsafe data interpreted as pickles |
| mt-daapd -- denial of service vulnerability |
| cups -- off-by-one buffer overflow |
| 2007-11-11 |
phpmyadmin -- cross-site scripting vulnerability |
| gftp -- multiple vulnerabilities |
| 2007-11-09 |
gallery2 -- multiple vulnerabilities |
| tikiwiki -- multiple vulnerabilities |
| 2007-11-07 |
perl -- regular expressions unicode data buffer overflow |
| perl -- vulnerabilities in PERLIO_DEBUG handling |
| perl -- File::Path insecure file/directory permissions |
| 2007-11-06 |
pcre -- arbitrary code execution |
| 2007-11-05 |
perdition -- str_vwrite format string vulnerability |
| 2007-11-01 |
wordpress -- cross-site scripting |
| 2007-10-31 |
openldap -- multiple remote denial of service vulnerabilities |
| mod_jk -- information disclosure |
| 2007-10-27 |
py-django -- denial of service vulnerability |
| 2007-10-26 |
phpmyadmin -- cross-site scripting vulnerability |
| 2007-10-25 |
opera -- multiple vulnerabilities |
| 2007-10-24 |
drupal --- multiple vulnerabilities |
| 2007-10-23 |
ldapscripts -- Command Line User Credentials Disclosure |
| firefox -- OnUnload Javascript browser entrapment vulnerability |
| 2007-10-20 |
phpmyadmin -- cross-site scripting vulnerability |
| 2007-10-16 |
phpmyadmin -- cross site scripting vulnerability |
| 2007-10-11 |
nagios-plugins -- Long Location Header Buffer Overflow Vulnerability |
| png -- multiple vulnerabilities |
| 2007-10-10 |
ImageMagick -- multiple vulnerabilities |
| mediawiki -- cross site scripting vulnerability |
| 2007-10-08 |
xfs -- multiple vulnerabilites |
| 2007-10-04 |
firebird -- multiple remote buffer overflow vulnerabilities |
| 2007-10-02 |
bugzilla -- "createmailregexp" security bypass vulnerability |
| 2007-10-01 |
id3lib -- insecure temporary file creation |
| 2007-09-21 |
wordpress -- remote sql injection vulnerability |
| clamav -- multiple remote Denial of Service vulnerabilities |
| samba -- nss_info plugin privilege escalation vulnerability |
| bugzilla -- multiple vulnerabilities |
| 2007-09-20 |
coppermine -- multiple vulnerabilities |
| openoffice -- arbitrary command execution vulnerability |
| 2007-09-19 |
konquerer -- address bar spoofing |
| flyspray -- authentication bypass |
| kdm -- passwordless login vulnerability |
| 2007-09-11 |
apache -- multiple vulnerabilities |
| xpdf -- stack based buffer overflow |
| 2007-09-10 |
lighttpd -- FastCGI header overrun in mod_fastcgi |
| 2007-09-05 |
rkhunter -- insecure temporary file creation |
| 2007-09-02 |
fetchmail -- denial of service on reject of local warning
message |
| 2007-09-01 |
gtar -- Directory traversal vulnerability |
| 2007-08-28 |
claws-mail -- POP3 Format String Vulnerability |
| 2007-08-25 |
opera -- Vulnerability in javascript handling |
| 2007-08-23 |
rsync -- off by one stack overflow |
| 2007-08-16 |
wordpress -- unmoderated comments disclosure |
| 2007-08-10 |
flac123 -- stack overflow in comment parsing |
| 2007-08-02 |
fsplib -- multiple vulnerabilities |
| joomla -- multiple vulnerabilities |
| FreeBSD -- Buffer overflow in tcpdump(1) |
| FreeBSD -- Predictable query ids in named(8) |
| FreeBSD -- heap overflow in file(1) |
| FreeBSD -- Jail rc.d script privilege escalation |
| 2007-08-01 |
phpsysinfo -- url Cross-Site Scripting |
| 2007-07-29 |
mutt -- buffer overflow vulnerability |
| 2007-07-28 |
p5-Net-DNS -- multiple Vulnerabilities |
| drupal -- Cross site request forgeries |
| drupal -- Multiple cross-site scripting vulnerabilities |
| 2007-07-27 |
vim -- Command Format String Vulnerability |
| 2007-07-26 |
libvorbis -- Multiple memory corruption flaws |
| 2007-07-24 |
tomcat -- XSS vulnerability in sample applications |
| tomcat -- multiple vulnerabilities |
| dokuwiki -- XSS vulnerability in spellchecker backend |
| 2007-07-21 |
lighttpd -- multiple vulnerabilities |
| 2007-07-19 |
opera -- multiple vulnerabilities |
| 2007-07-18 |
linux-flashplugin -- critical vulnerabilities |
| 2007-07-09 |
typespeed -- arbitrary code execution |
| 2007-07-07 |
wireshark -- Multiple problems |
| 2007-06-29 |
gd -- multiple vulnerabilities |
| 2007-06-28 |
evolution-data-server -- remote execution of arbitrary code vulnerability |
| 2007-06-27 |
mod_perl -- remote DoS in PATH_INFO parsing |
| 2007-06-24 |
wordpress -- XMLRPC SQL Injection |
| 2007-06-21 |
xpcd -- buffer overflow |
| 2007-06-19 |
clamav -- multiple vulnerabilities |
| 2007-06-18 |
vlc -- format string vulnerability and integer overflow |
| p5-Mail-SpamAssassin -- local user symlink-attack DoS vulnerability |
| 2007-06-12 |
cups -- Incomplete SSL Negotiation Denial of Service |
| 2007-06-09 |
c-ares -- DNS Cache Poisoning Vulnerability |
| webmin -- cross site scripting vulnerability |
| 2007-06-07 |
mplayer -- cddb stack overflow |
| 2007-06-06 |
zope -- cross-site scripting vulnerability |
| 2007-06-05 |
gzip -- multiple vulnerabilities |
| 2007-06-04 |
typo3 -- email header injection |
| phppgadmin -- cross site scripting vulnerability |
| 2007-06-01 |
findutils -- GNU locate heap buffer overrun |
| 2007-05-24 |
FreeType 2 -- Heap overflow vulnerability |
| 2007-05-21 |
squirrelmail -- Cross site scripting in HTML filter |
| 2007-05-16 |
png -- DoS crash vulnerability |
| samba -- multiple vulnerabilities |
| 2007-05-10 |
php -- multiple vulnerabilities |
| 2007-05-02 |
qemu - several vulnerabilities |
| p5-Imager - possibly exploitable buffer overflow |
| 2007-04-28 |
FreeBSD -- IPv6 Routing Header 0 is dangerous |
| 2007-04-23 |
gnupg -- OpenPGP symmetric encryption vulnerability |
| 2007-04-19 |
claws-mail -- APOP vulnerability |
| mozilla -- multiple vulnerabilities |
| 2007-04-14 |
lighttpd -- Remote DOS in CRLF parsing |
| lighttpd -- DOS when access files with mtime 0 |
| 2007-04-13 |
freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability |
| google-earth -- heap overflow in the KML engine |
| 2007-04-09 |
fetchmail -- insecure APOP authentication |
| 2007-04-08 |
mcweject -- exploitable buffer overflow |
| webcalendar -- "noSet" variable overwrite vulnerability |
| 2007-03-21 |
Squid -- TRACE method handling denial of service |
| 2007-03-16 |
samba -- potential Denial of Service bug in smbd |
| sql-ledger -- security bypass vulnerability |
| samba -- format string bug in afsacl.so VFS plugin |
| tdiary -- injection vulnerability |
| tdiary -- cross site scripting vulnerability |
| 2007-03-14 |
ktorrent -- multiple vulnerabilities |
| 2007-03-12 |
php -- multiple vulnerabilities |
| 2007-03-09 |
mplayer -- DMO File Parsing Buffer Overflow Vulnerability |
| trac -- cross site scripting vulnerability |
| 2007-03-06 |
mod_jk -- long URL stack overflow vulnerability |
| 2007-02-27 |
FreeBSD -- Kernel memory disclosure in firewire(4) |
| gtar -- name mangling symlink vulnerability |
| bind -- Multiple Denial of Service vulnerabilities |
| 2007-02-26 |
libarchive -- Infinite loop in corrupt archives handling in libarchive |
| OpenSSL -- Multiple problems in crypto(3) |
| 2007-02-21 |
snort -- DCE/RPC preprocessor vulnerability |
| 2007-02-17 |
rar -- password prompt buffer overflow vulnerability |
| 2007-01-17 |
joomla -- multiple remote vulnerabilities |
| 2007-01-15 |
sircd -- remote operator privilege escalation vulnerability |
| sircd -- remote reverse DNS buffer overflow |
| 2007-01-12 |
cacti -- Multiple vulnerabilities |
| 2007-01-08 |
mplayer -- buffer overflow in the code for RealMedia RTSP streams. |
| 2007-01-06 |
fetchmail -- TLS enforcement problem/MITM attack/password exposure |
| fetchmail -- crashes when refusing a message bound for an MDA |
| 2007-01-05 |
drupal -- multiple vulnerabilities |
| opera -- multiple vulnerabilities |
| 2007-01-03 |
w3m -- format string vulnerability |
| 2006-12-27 |
plone -- user can masquerade as a group |
| zope -- restructuredText "csv_table" Information Disclosure |
| 2006-12-24 |
phpbb -- NULL byte injection vulnerability |
| 2006-12-21 |
proftpd -- remote code execution vulnerabilities |
| 2006-12-19 |
bind9 -- Denial of Service in named(8) |
| openssl -- Incorrect PKCS#1 v1.5 padding validation in
crypto(3) |
| 2006-12-18 |
sql-ledger -- multiple vulnerabilities |
| 2006-12-15 |
gnupg -- remotely controllable function pointer |
| ruby -- cgi.rb library Denial of Service |
| unzoo -- Directory Traversal Vulnerability |
| ruby -- cgi.rb library Denial of Service |
| 2006-12-14 |
evince -- Buffer Overflow Vulnerability |
| dbus -- match_rule_equal() Weakness |
| 2006-12-13 |
wv2 -- Integer Overflow Vulnerability |
| wv -- Multiple Integer Overflow Vulnerabilities |
| 2006-12-11 |
tnftpd -- Remote root Exploit |
| 2006-12-09 |
libxine -- multiple buffer overflow vulnerabilities |
| 2006-12-02 |
libmusicbrainz -- multiple buffer overflow vulnerabilities |
| ImageMagick -- SGI Image File heap overflow vulnerability |
| 2006-11-30 |
gtar -- GNUTYPE_NAMES directory traversal vulnerability |
| kronolith -- arbitrary local file inclusion vulnerability |
| 2006-11-27 |
gnupg -- buffer overflow |
| 2006-11-15 |
proftpd -- Remote Code Execution Vulnerability |
| awstats -- arbitrary command execution vulnerability |
| 2006-11-11 |
bugzilla -- multiple vulnerabilities |
| bugzilla -- multiple vulnerabilities |
| 2006-11-08 |
Imlib2 -- multiple image file processing vulnerabilities |
| cvsbug -- race condition |
| 2006-11-02 |
mozilla -- multiple vulnerabilities |
| mozilla -- multiple vulnerabilities |
| 2006-11-01 |
apache -- mod_rewrite buffer overflow vulnerability |
| 2006-10-30 |
mysql -- database suid privilege escalation |
| 2006-10-29 |
screen -- combined UTF-8 characters vulnerability |
| mysql -- database "case-sensitive" privilege escalation |
| 2006-10-22 |
kdelibs -- integer overflow in khtml |
| 2006-10-21 |
Serendipity -- XSS Vulnerabilities |
| nvidia-driver -- arbitrary root code execution vulnerability |
| 2006-10-20 |
asterisk -- remote heap overwrite vulnerability |
| opera -- URL parsing heap overflow vulnerability |
| plone -- unprotected MembershipTool methods |
| 2006-10-18 |
drupal -- cross site request forgeries |
| drupal -- HTML attribute injection |
| drupal -- multiple XSS vulnerabilities |
| ingo -- local arbitrary shell command execution |
| 2006-10-17 |
php -- _ecalloc Integer Overflow Vulnerability |
| win32-codecs -- multiple vulnerabilities |
| 2006-10-16 |
clamav -- CHM unpacker and PE rebuilding vulnerabilities |
| php -- open_basedir Race Condition Vulnerability |
| 2006-10-15 |
tkdiff -- temporary file symlink privilege escalation |
| vtiger -- multiple remote file inclusion vulnerabilities |
| torrentflux -- User-Agent XSS Vulnerability |
| MT -- Search Unspecified XSS |
| plans -- multiple vulnerabilities |
| eyeOS -- multiple XSS security bugs |
| 2006-10-12 |
clamav -- Multipart Nestings Denial of Service |
| 2006-10-11 |
cscope -- Buffer Overflow Vulnerabilities |
| 2006-10-09 |
zgv, xzgv -- heap overflow vulnerability |
| 2006-10-08 |
python -- buffer overrun in repr() for unicode strings |
| python -- SimpleXMLRPCServer.py allows unrestricted traversal |
| 2006-10-05 |
mono -- "System.CodeDom.Compiler" Insecure Temporary Creation |
| tin -- buffer overflow vulnerabilities |
| openldap -- slapd acl selfwrite Security Issue |
| mambo -- multiple SQL injection vulnerabilities |
| mambo -- SQL injection vulnerabilities |
| curl -- TFTP packet buffer overflow vulnerability |
| lynx -- remote buffer overflow |
| 2006-10-04 |
mailman -- Multiple Vulnerabilities |
| 2006-10-03 |
phpmyadmin -- XSRF vulnerabilities |
| 2006-10-02 |
freetype -- LWFN Files Buffer Overflow Vulnerability |
| gnutls -- RSA Signature Forgery Vulnerability |
| dokuwiki -- multiple vulnerabilities |
| dokuwiki -- multiple vulnerabilities |
| 2006-10-01 |
gtetrinet -- remote code execution |
| 2006-09-30 |
punbb -- NULL byte injection vulnerability |
| tikiwiki -- multiple vulnerabilities |
| openssh -- multiple vulnerabilities |
| 2006-09-26 |
freeciv -- Denial of Service Vulnerabilities |
| freeciv -- Packet Parsing Denial of Service Vulnerability |
| unace -- multiple vulnerabilities |
| 2006-09-22 |
libmms -- stack-based buffer overflow |
| opera -- RSA Signature Forgery |
| 2006-09-14 |
php -- multiple vulnerabilities |
| 2006-09-13 |
drupal-pubcookie -- authentication may be bypassed |
| 2006-09-12 |
linux-flashplugin7 -- arbitrary code execution vulnerabilities |
| tomcat -- Tomcat Manager cross-site scripting |
| jdk -- jar directory traversal vulnerability |
| 2006-09-03 |
fd_set -- bitmap index overflow in multiple applications |
| 2006-09-02 |
hlstats -- multiple cross site scripting vulnerabilities |
| 2006-08-30 |
joomla -- multiple vulnerabilities |
| sppp -- buffer overflow vulnerability |
| 2006-08-17 |
horde -- Phishing and Cross-Site Scripting Vulnerabilities |
| 2006-08-15 |
globus -- Multiple tmpfile races |
| f2c -- insecure temporary files |
| 2006-08-13 |
x11vnc -- authentication bypass vulnerability |
| alsaplayer -- multiple vulnerabilities |
| postgresql -- encoding based SQL injection |
| postgresql -- multiple vulnerabilities |
| mysql -- format string vulnerability |
| postgresql81-server -- SET ROLE privilege escalation |
| 2006-08-12 |
squirrelmail -- random variable overwrite vulnerability |
| 2006-08-10 |
rubygem-rails -- evaluation of ruby code |
| 2006-08-08 |
clamav -- heap overflow vulnerability |
| drupal -- XSS vulnerability |
| 2006-08-02 |
gnupg -- 2 more possible memory allocation attacks |
| 2006-07-30 |
ruby - multiple vulnerabilities |
| 2006-07-14 |
zope -- information disclosure vulnerability |
| drupal -- multiple vulnerabilities |
| 2006-07-11 |
shoutcast -- cross-site scripting, information exposure |
| 2006-07-10 |
twiki -- multiple file extensions file upload vulnerability |
| samba -- memory exhaustion DoS in smbd |
| 2006-07-05 |
horde -- various problems in dereferrer |
| 2006-07-02 |
webmin, usermin -- arbitrary file disclosure vulnerability |
| 2006-06-30 |
Joomla -- multiple vulnerabilities |
| mutt -- Remote Buffer Overflow Vulnerability |
| 2006-06-27 |
hashcash -- heap overflow vulnerability |
| 2006-06-25 |
gnupg -- user id integer overflow vulnerability |
| 2006-06-17 |
horde -- multiple parameter cross site scripting vulnerabilities |
| webcalendar -- information disclosure vulnerability |
| 2006-06-14 |
sendmail -- Incorrect multipart message handling |
| 2006-06-12 |
dokuwiki -- multiple vulnerabilities |
| 2006-06-11 |
libxine -- buffer overflow vulnerability |
| 2006-06-10 |
trac -- reStructuredText breach of privacy and denial of service vulnerability |
| 2006-06-09 |
smbfs -- chroot escape |
| ypserv -- Inoperative access controls in ypserv |
| FreeBSD -- FPU information disclosure |
| ipsec -- reply attack vulnerability |
| sendmail -- race condition vulnerability |
| OPIE -- arbitrary password change |
| openssh -- remote denial of service |
| nfs -- remote denial of service |
| FreeBSD -- Local kernel memory disclosure |
| IEEE 802.11 -- buffer overflow |
| ipfw -- IP fragment denial of service |
| pf -- IP fragment handling panic |
| FreeBSD -- Infinite loop in SACK handling |
| 2006-06-08 |
freeradius -- authentication bypass vulnerability |
| freeradius -- multiple vulnerabilities |
| opera -- image dragging vulnerability |
| tiff -- buffer overflow vulnerability |
| tiff -- divide-by-zero denial-of-service |
| tiff -- directory entry count integer overflow vulnerability |
| tiff -- multiple integer overflows |
| tiff -- RLE decoder heap overflows |
| 2006-06-06 |
squirrelmail -- plugin.php local file inclusion vulnerability |
| 2006-06-05 |
drupal -- multiple vulnerabilities |
| dokuwiki -- spellchecker remote PHP code execution |
| 2006-06-01 |
MySQL -- SQL-injection security vulnerability |
| MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities |
| 2006-05-23 |
cscope -- buffer overflow vulnerabilities |
| frontpage -- cross site scripting vulnerability |
| 2006-05-22 |
coppermine -- "file" Local File Inclusion Vulnerability |
| coppermine -- Multiple File Extensions Vulnerability |
| coppermine -- File Inclusion Vulnerabilities |
| 2006-05-21 |
phpmyadmin -- XSRF vulnerabilities |
| 2006-05-18 |
vnc - authentication bypass vulnerability |
| 2006-05-14 |
phpldapadmin -- Cross-Site Scripting and Script Insertion vulnerabilities |
| 2006-05-11 |
p5-DBI -- insecure temporary file creation vulnerability |
| 2006-05-06 |
fswiki -- XSS vulnerability |
| mysql50-server -- COM_TABLE_DUMP arbitrary code execution |
| 2006-05-05 |
firefox -- denial of service vulnerability |
| 2006-05-03 |
phpwebftp -- "language" Local File Inclusion |
| clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability |
| 2006-05-02 |
trac -- Wiki Macro Script Insertion Vulnerability |
| 2006-05-01 |
jabberd -- SASL Negotiation Denial of Service Vulnerability |
| 2006-04-27 |
lifetype -- ADOdb "server.php" Insecure Test Script Security Issue |
| cacti -- ADOdb "server.php" Insecure Test Script Security Issue |
| amaya -- Attribute Value Buffer Overflow Vulnerabilities |
| ethereal -- Multiple Protocol Dissector Vulnerabilities |
| mozilla -- multiple vulnerabilities |
| 2006-04-25 |
asterisk -- denial of service vulnerability, local system access |
| 2006-04-23 |
crossfire-server -- denial of service and remote code execution vulnerability |
| wordpress -- full path disclosure |
| xine -- multiple remote string vulnerabilities |
| 2006-04-22 |
cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service |
| 2006-04-18 |
plone -- "member_id" Parameter Portrait Manipulation Vulnerability |
| 2006-04-16 |
mailman -- Private Archive Script Cross-Site Scripting |
| heartbeat -- insecure temporary file creation vulnerability |
| 2006-04-07 |
kaffeine -- buffer overflow vulnerability |
| thunderbird -- javascript execution |
| mplayer -- Multiple integer overflows |
| phpmyadmin -- XSS vulnerabilities |
| 2006-04-06 |
phpmyadmin -- 'set_theme' Cross-Site Scripting |
| clamav -- Multiple Vulnerabilities |
| zoo -- stack based buffer overflow |
| openvpn -- LD_PRELOAD code execution on client through malicious or compromised server |
| 2006-04-05 |
pubcookie-login-server -- cross site scripting vulnerability |
| mediawiki -- hardcoded placeholder string security bypass vulnerability |
| mediawiki -- cross site scripting vulnerability |
| netpbm -- buffer overflow in pnmtopng |
| dia -- XFig Import Plugin Buffer Overflow |
| samba -- Exposure of machine account credentials in winbind log files |
| mod_pubcookie -- cross site scripting vulnerability |
| 2006-03-30 |
horde -- remote code execution vulnerability in the help viewer |
| 2006-03-29 |
freeradius -- EAP-MSCHAPv2 Authentication Bypass |
| 2006-03-27 |
linux-realplayer -- buffer overrun |
| linux-realplayer -- heap overflow |
| 2006-03-24 |
evolution -- remote format string vulnerabilities |
| 2006-03-21 |
xorg-server -- privilege escalation |
| 2006-03-20 |
heimdal -- Multiple vulnerabilities |
| 2006-03-17 |
drupal -- multiple vulnerabilities |
| 2006-03-15 |
linux-flashplugin -- arbitrary code execution vulnerability |
| horde -- "url" disclosure of sensitive information vulnerability |
| 2006-03-11 |
GnuPG does not detect injection of unsigned data |
| 2006-03-09 |
mplayer -- heap overflow in the ASF demuxer |
| 2006-03-06 |
SSH.COM SFTP server -- format string vulnerability |
| 2006-03-03 |
gtar -- invalid headers buffer overflow |
| 2006-02-24 |
squirrelmail -- multiple vulnerabilities |
| 2006-02-20 |
WebCalendar -- unauthorized access vulnerability |
| gedit -- format string vulnerability |
| abiword, koffice -- stack based buffer overflow vulnerabilities |
| 2006-02-17 |
gnupg -- false positive signature verification |
| 2006-02-16 |
sudo -- arbitrary command execution |
| mantis -- "view_filters_page.php" cross site scripting vulnerability |
| libtomcrypt -- weak signature scheme with ECC keys |
| rssh -- privilege escalation vulnerability |
| tor -- malicious tor server can locate a hidden service |
| postgresql -- character conversion and tsearch2 vulnerabilities |
| phpbb -- multiple vulnerabilities |
| 2006-02-15 |
phpicalendar -- file disclosure vulnerability |
| phpicalendar -- cross site scripting vulnerability |
| kpdf -- heap based buffer overflow |
| perl, webmin, usermin -- perl format string integer wrap vulnerability |
| 2006-02-07 |
kpopup -- local root exploit and local denial of service |
| 2006-01-27 |
texindex -- temporary file privilege escalation |
| ee -- temporary file privilege escalation |
| 2006-01-23 |
sge -- local root exploit in bundled rsh executable |
| fetchmail -- crash when bouncing a message |
| 2006-01-15 |
clamav -- possible heap overflow in the UPX code |
| 2006-01-11 |
cpio -- multiple vulnerabilities |
| 2006-01-09 |
milter-bogom -- headerless message crash |
| 2006-01-07 |
bogofilter -- heap corruption through excessively long words |
| bogofilter -- heap corruption through malformed input |
| 2006-01-04 |
rxvt-unicode -- restore permissions on tty devices |
| 2006-01-03 |
apache -- mod_imap cross-site scripting flaw |
| 2006-01-02 |
squid -- possible cache-poisoning via malformed HTTP responses |
| 2006-01-01 |
curl -- URL buffer overflow vulnerability |
| 2005-12-25 |
nbd-server -- buffer overflow vulnerability |
| phpSysInfo -- "register_globals" emulation layer overwrite vulnerability |
| apache -- http request smuggling |
| phpSysInfo -- cross site scripting vulnerability |
| 2005-12-22 |
scponly -- local privilege escalation exploits |
| 2005-12-19 |
fetchmail -- null pointer dereference in multidrop mode with headerless email |
| 2005-12-14 |
mantis -- "view_filters_page.php" cross-site scripting vulnerability |
| mantis -- "t_core_path" file inclusion vulnerability |
| 2005-12-11 |
turba -- Cross site scripting vulnerabilities in several of the address book name and contact data fields |
| mnemo -- Cross site scripting vulnerabilities in several of the notepad name and note data fields |
| nag -- Cross site scripting vulnerabilities in several of the tasklist name and task data fields |
| kronolith -- Cross site scripting vulnerabilities in several of the calendar name and event data fields |
| horde -- Cross site scripting vulnerabilities in several of Horde's templates |
| 2005-12-07 |
phpmyadmin -- register_globals emulation "import_blacklist" manipulation |
| phpmyadmin -- XSS vulnerabilities |
| ffmpeg -- libavcodec buffer overflow vulnerability |
| trac -- search module SQL injection vulnerability |
| 2005-12-01 |
drupal -- multiple vulnerabilities |
| 2005-11-30 |
mambo -- "register_globals" emulation layer overwrite vulnerability |
| opera -- command line URL shell command injection |
| opera -- multiple vulnerabilities |
| 2005-11-29 |
flyspray -- cross-site scripting vulnerabilities |
| 2005-11-28 |
zope -- expose RestructuredText functionality to untrusted users |
| 2005-11-27 |
ghostscript -- insecure temporary file creation vulnerability |
| 2005-11-26 |
horde -- Cross site scripting vulnerabilities in MIME viewers |
| qpopper -- multiple privilege escalation vulnerabilities |
| 2005-11-16 |
phpmyadmin -- HTTP Response Splitting vulnerability |
| 2005-11-14 |
sudo -- local race condition vulnerability |
| 2005-11-13 |
Macromedia flash player -- swf file handling arbitrary code |
| 2005-11-10 |
p5-Mail-SpamAssassin -- long message header denial of service |
| 2005-11-08 |
webcalendar -- remote file inclusion vulnerability |
| gallery2 -- file disclosure vulnerability |
| 2005-11-06 |
ruby -- arbitrary command execution on XMLRPC server |
| 2005-11-04 |
pear-PEAR -- PEAR installer arbitrary code execution vulnerability |
| openvpn -- potential denial-of-service on servers in TCP mode |
| openvpn -- arbitrary code execution on client through malicious or compromised server |
| 2005-11-02 |
skype -- multiple buffer overflow vulnerabilities |
| 2005-11-01 |
squid -- FTP server response handling denial of service |
| PHP -- multiple vulnerabilities |
| 2005-10-31 |
base -- PHP SQL injection vulnerability |
| 2005-10-30 |
fetchmail -- fetchmailconf local password exposure |
| 2005-10-27 |
ruby -- vulnerability in the safe level settings |
| 2005-10-26 |
firefox & mozilla -- multiple vulnerabilities |
| firefox & mozilla -- command line URL shell command injection |
| firefox & mozilla -- buffer overflow vulnerability |
| net-snmp -- remote DoS vulnerability |
| 2005-10-25 |
openssl -- potential SSL 2.0 rollback |
| 2005-10-23 |
xloadimage -- buffer overflows in NIFF image title handling |
| libgadu -- multiple vulnerabilities |
| 2005-10-22 |
clamav -- arbitrary code execution and DoS vulnerabilities |
| 2005-10-18 |
snort -- Back Orifice preprocessor buffer overflow vulnerability |
| 2005-10-13 |
phpmyadmin -- local file inclusion vulnerability |
| 2005-10-09 |
libxine -- format string vulnerability |
| kdebase -- Kate backup file permission leak |
| 2005-10-07 |
cfengine -- arbitrary file overwriting vulnerability |
| 2005-10-05 |
imap-uw -- mailbox name handling remote buffer vulnerability |
| 2005-10-02 |
weex -- remote format string vulnerability |
| picasm -- buffer overflow vulnerability |
| squid -- possible denial of service condition regarding NTLM authentication |
| squid -- Possible Denial Of Service Vulnerability in store.c |
| squid -- Denial Of Service Vulnerability in sslConnectTimeout |
| 2005-10-01 |
uim -- privilege escalation vulnerability |
| zlib -- buffer overflow vulnerability |
| ProZilla -- server response buffer overflow vulnerabilities |
| 2005-09-29 |
phpmyfaq -- SQL injection, takeover, path disclosure, remote code execution |
| 2005-09-24 |
zlib -- buffer overflow vulnerability |
| 2005-09-22 |
urban -- stack overflow vulnerabilities |
| 2005-09-21 |
bind -- buffer overrun vulnerability |
| tor -- diffie-hellman handshake flaw |
| cups-base -- CUPS server remote DoS vulnerability |
| 2005-09-19 |
squirrelmail -- _$POST variable handling allows for various attacks |
| 2005-09-17 |
apache -- Certificate Revocation List (CRL) off-by-one vulnerability |
| 2005-09-15 |
X11 server -- pixmap allocation vulnerability |
| 2005-09-13 |
unzip -- permission race vulnerability |
| htdig -- cross site scripting vulnerability |
| 2005-09-07 |
xpdf -- disk fill DoS vulnerability |
| 2005-09-04 |
pear-XML_RPC -- remote PHP code injection vulnerability |
| 2005-09-03 |
bind9 -- denial of service |
| 2005-08-29 |
fswiki - command injection vulnerability |
| 2005-08-28 |
acroread -- XML External Entity vulnerability |
| 2005-08-27 |
pam_ldap -- authentication bypass vulnerability |
| 2005-08-26 |
pcre -- regular expression buffer overflow |
| 2005-08-23 |
elm -- remote buffer overflow in Expires header |
| awstats -- arbitrary code execution vulnerability |
| 2005-08-19 |
openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients |
| openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server |
| openvpn -- denial of service: malicious authenticated "tap" client can deplete server virtual memory |
| openvpn -- denial of service: client certificate validation can disconnect unrelated clients |
| 2005-08-16 |
acroread -- plug-in buffer overflow vulnerability |
| 2005-08-12 |
gaim -- AIM/ICQ non-UTF-8 filename crash |
| gaim -- AIM/ICQ away message buffer overflow |
| 2005-08-09 |
gforge -- XSS and email flood vulnerabilities |
| 2005-08-08 |
postnuke -- multiple vulnerabilities |
| 2005-08-05 |
ipsec -- Incorrect key usage in AES-XCBC-MAC |
| devfs -- ruleset bypass |
| mambo -- multiple vulnerabilities |
| 2005-08-03 |
proftpd -- format string vulnerabilities |
| 2005-08-01 |
nbsmtp -- format string vulnerability |
| 2005-07-31 |
vim -- vulnerabilities in modeline handling: glob, expand |
| phpmyadmin -- cross site scripting vulnerability |
| sylpheed -- MIME-encoded file name buffer overflow vulnerability |
| ekg -- insecure temporary file creation |
| 2005-07-30 |
opera -- download dialog spoofing vulnerability |
| ethereal -- multiple protocol dissectors vulnerabilities |
| jabberd -- 3 buffer overflows |
| 2005-07-25 |
clamav -- multiple remote buffer overflows |
| 2005-07-23 |
isc-dhcpd -- format string vulnerabilities |
| egroupware -- multiple cross-site scripting (XSS) and SQL injection vulnerabilities |
| 2005-07-22 |
fetchmail -- denial of service/crash from malicious POP3 server |
| 2005-07-21 |
dnrd -- remote buffer and stack overflow vulnerabilities |
| PowerDNS -- LDAP backend fails to escape all queries |
| fetchmail -- remote root/code injection from malicious POP3 server |
| phppgadmin -- "formLanguage" local file inclusion vulnerability |
| 2005-07-18 |
bugzilla -- multiple vulnerabilities |
| 2005-07-16 |
drupal -- PHP code execution vulnerabilities |
| firefox & mozilla -- multiple vulnerabilities |
| 2005-07-13 |
net-snmp -- fixproc insecure temporary file creation |
| 2005-07-09 |
mysql-server -- insecure temporary file creation |
| shtool -- insecure temporary file creation |
| phpbb -- multiple vulnerabilities |
| 2005-07-08 |
pear-XML_RPC -- information disclosure vulnerabilities |
| nwclient -- multiple vulnerabilities |
| 2005-07-07 |
phpbb -- remote PHP code execution vulnerability |
| 2005-07-06 |
clamav -- MS-Expand file handling DoS vulnerability |
| clamav -- cabinet file handling DoS vulnerability |
| acroread -- insecure temporary file creation |
| acroread -- buffer overflow vulnerability |
| kernel -- ipfw packet matching errors with address tables |
| bzip2 -- denial of service and permission race vulnerabilities |
| kernel -- TCP connection stall denial of service |
| gzip -- directory traversal and permission race vulnerabilities |
| 2005-07-05 |
wordpress -- multiple vulnerabilities |
| wordpress -- multiple vulnerabilities |
| cacti -- multiple vulnerabilities |
| 2005-07-03 |
pear-XML_RPC -- arbitrary remote code execution |
| 2005-06-24 |
tor -- information disclosure |
| linux-realplayer -- RealText parsing heap overflow |
| ethereal -- multiple protocol dissectors vulnerabilities |
| ethereal -- multiple protocol dissectors vulnerabilities |
| 2005-06-21 |
cacti -- potential SQL injection and cross site scripting attacks |
| 2005-06-20 |
razor-agents -- denial of service vulnerability |
| opera -- "javascript:" URL cross-site scripting vulnerability |
| opera -- redirection cross-site scripting vulnerability |
| trac -- file upload/download vulnerability |
| opera -- XMLHttpRequest security bypass |
| tcpdump -- infinite loops in protocol decoding |
| 2005-06-18 |
p5-Mail-SpamAssassin -- denial of service vulnerability |
| squirrelmail -- Several cross site scripting vulnerabilities |
| 2005-06-17 |
gaim -- MSN Remote DoS vulnerability |
| gallery -- remote code injection via HTTP_POST_VARS |
| gallery -- cross-site scripting |
| gaim -- Yahoo! remote crash vulnerability |
| kstars -- exploitable set-user-ID application fliccd |
| 2005-06-09 |
leafnode -- denial of service vulnerability |
| 2005-06-03 |
xloadimage -- arbitrary command execution when handling compressed files |
| imap-uw -- authentication bypass when CRAM-MD5 is enabled |
| gforge -- directory traversal vulnerability |
| squid -- denial-of-service vulnerabilities |
| racoon -- remote denial-of-service |
| xli -- integer overflows in image size calculations |
| xloadimage -- buffer overflow in FACES image handling |
| yamt -- buffer overflow and directory traversal issues |
| 2005-06-01 |
mailman -- password disclosure |
| xtrlock -- X display locking bypass |
| mailman -- generated passwords are poor quality |
| sympa -- buffer overflow in "queue" |
| linux_base -- vulnerabilities in Red Hat 7.1 libraries |
| xview -- multiple buffer overflows in xv_parse_one |
| squirrelmail -- XSS and remote code injection vulnerabilities |
| fswiki -- XSS problem in file upload form |
| 2005-05-29 |
samba -- integer overflow vulnerability |
| 2005-05-22 |
oops -- format string vulnerability |
| ppxp -- local root exploit |
| 2005-05-19 |
cdrdao -- unspecified privilege escalation vulnerability |
| squid -- possible abuse of cachemgr.cgi |
| squid -- DNS lookup spoofing vulnerability |
| 2005-05-14 |
gaim -- MSN remote DoS vulnerability |
| gaim -- remote crash on some protocols |
| 2005-05-13 |
kernel -- information disclosure when using HTT |
| leafnode -- fetchnews denial-of-service triggered by transmission abort/timeout |
| leafnode fetchnews denial-of-service triggered by missing header |
| leafnode denial-of-service triggered by article request |
| leafnode fetchnews denial-of-service triggered by truncated transmission |
| 2005-05-12 |
mozilla -- privilege escalation via non-DOM property overrides |
| mozilla -- "Wrapped" javascript: urls bypass security checks |
| 2005-05-11 |
mozilla -- code execution via javascript: IconURL vulnerability |
| 2005-05-09 |
groff -- pic2graph and eqn2graph are vulnerable to symlink attack through temporary files |
| groff -- groffer uses temporary files unsafely |
| 2005-05-03 |
gnu-radius -- SNMP-related denial-of-service |
| 2005-05-01 |
sharutils -- unshar insecure temporary file creation |
| rsnapshot -- local privilege escalation |
| coppermine -- IP spoofing and XSS vulnerability |
| 2005-04-27 |
ImageMagick -- ReadPNMImage() heap overflow vulnerability |
| jdk/jre -- Security Vulnerability With Java Plugin |
| 2005-04-25 |
gaim -- AIM/ICQ remote denial of service vulnerability |
| gaim -- remote DoS on receiving malformed HTML |
| mplayer & libxine -- MMS and Real RTSP buffer overflow vulnerabilities |
| 2005-04-23 |
kdewebdev -- kommander untrusted code execution vulnerability |
| 2005-04-22 |
kdelibs -- kimgio input validation errors |
| junkbuster -- heap corruption vulnerability and configuration modification vulnerability |
| 2005-04-20 |
openoffice -- DOC document heap overflow vulnerability |
| 2005-04-19 |
gld -- format string and buffer overflow vulnerabilities |
| 2005-04-17 |
axel -- remote buffer overflow |
| 2005-04-16 |
firefox -- arbitrary code execution in sidebar panel |
| firefox -- PLUGINSPAGE privileged javascript execution |
| mozilla -- code execution through javascript: favicons |
| mozilla -- privilege escalation via DOM property overrides |
| mozilla -- javascript "lambda" replace exposes memory contents |
| 2005-04-15 |
wget -- multiple vulnerabilities |
| 2005-04-12 |
portupgrade -- insecure temporary file handling vulnerability |
| 2005-04-10 |
squid -- DoS on failed PUT/POST requests vulnerability |
| gaim -- jabber remote crash |
|