| 2008-09-05 |
FreeBSD -- amd64 swapgs local privilege escalation |
| FreeBSD -- nmount(2) local arbitrary code execution |
| FreeBSD -- Remote kernel panics on IPv6 connections |
| 2008-08-25 |
opera -- multiple vulnerabilities |
| 2008-08-21 |
gnutls -- "gnutls_handshake()" Denial of Service |
| 2008-08-20 |
joomla -- flaw in the reset token validation |
| 2008-08-19 |
cdf3 -- Buffer overflow vulnerability |
| 2008-08-18 |
drupal -- multiple vulnerabilities |
| 2008-08-16 |
ruby -- DNS spoofing vulnerability |
| ruby -- DoS vulnerability in WEBrick |
| ruby -- multiple vulnerabilities in safe level |
| 2008-08-15 |
Bugzilla -- Directory Traversal in importxml.pl |
| 2008-08-07 |
openvpn-devel -- arbitrary code execution |
| 2008-07-18 |
phpmyadmin -- cross site request forgery vulnerabilites |
| 2008-07-13 |
drupal -- multiple vulnerabilities |
| FreeBSD -- DNS cache poisoning |
| 2008-07-09 |
poppler -- uninitialized pointer |
| 2008-07-04 |
py-pylons -- Path traversal bug |
| 2008-07-03 |
FreeType 2 -- Multiple Vulnerabilities |
| 2008-07-01 |
fetchmail -- potential crash in -v -v verbose mode (revised patch) |
| 2008-06-28 |
phpmyadmin -- Cross Site Scripting Vulnerabilities |
| 2008-06-24 |
apache -- multiple vulnerabilities |
| 2008-06-22 |
php -- input validation error in safe_mode |
| 2008-06-21 |
ruby -- multiple integer and buffer overflow vulnerabilities |
| vim -- Vim Shell Command Injection Vulnerabilities |
| 2008-06-20 |
fetchmail -- potential crash in -v -v verbose mode |
| 2008-06-15 |
xorg -- multiple vulnerabilities |
| 2008-06-14 |
moinmoin -- superuser privilege escalation |
| 2008-06-13 |
Courier Authentication Library -- SQL Injection |
| 2008-06-01 |
ikiwiki -- cleartext passwords |
| 2008-05-31 |
ikiwiki -- empty password security hole |
| 2008-05-30 |
linux-flashplugin -- unspecified remote code execution vulnerability |
| 2008-05-28 |
Nagios -- Cross Site Scripting Vulnerability |
| 2008-05-27 |
spamdyke -- open relay |
| 2008-05-21 |
peercast -- arbitrary code execution |
| 2008-05-17 |
libvorbis -- various security issues |
| 2008-05-14 |
django -- XSS vulnerability |
| 2008-05-11 |
vorbis-tools -- Speex header processing vulnerability |
| 2008-05-08 |
qemu -- "drive_init()" Disk Format Security Bypass |
| 2008-05-07 |
swfdec -- exposure of sensitive information |
| 2008-05-02 |
mt-daapd -- integer overflow |
| sdl_image -- buffer overflow vulnerabilities |
| 2008-04-26 |
gnupg -- memory corruption vulnerability |
| 2008-04-25 |
extman -- password bypass vulnerability |
| firefox -- javascript garbage collector vulnerability |
| mailman -- script insertion vulnerability |
| mksh -- TTY attachment privilege escalation |
| openfire -- unspecified denial of service |
| php -- integer overflow vulnerability |
| png -- unknown chunk processing uninitialized memory access |
| python -- Integer Signedness Error in zlib Module |
| serendipity -- multiple cross site scripting vulnerabilities |
| 2008-04-24 |
libxine -- array index vulnerability |
| phpmyadmin -- Shared Host Information Disclosure |
| phpmyadmin -- Username/Password Session File Information Disclosure |
| postgresql -- multiple vulnerabilities |
| 2008-04-15 |
clamav -- Multiple Vulnerabilities |
| 2008-04-13 |
ikiwiki -- cross site request forging |
| lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability |
| 2008-04-06 |
postfix-policyd-weight -- working directory symlink vulnerability |
| 2008-04-05 |
opera -- multiple vulnerabilities |
| powerdns-recursor -- DNS cache poisoning |
| suphp -- multiple local privilege escalation vulnerabilities |
| 2008-03-30 |
mozilla -- multiple vulnerabilities |
| 2008-03-26 |
silc -- pkcs_decode buffer overflow |
| 2008-03-20 |
bzip2 -- crash with certain malformed archive files |
| 2008-03-11 |
qemu -- unchecked block read/write vulnerability |
| 2008-03-10 |
dovecot -- security hole in blocking passdbs |
| 2008-03-06 |
mplayer -- multiple vulnerabilities |
| 2008-03-05 |
ghostscript -- zseticcspace() function buffer overflow vulnerability |
| 2008-03-04 |
phpmyadmin -- SQL injection vulnerability |
| 2008-02-29 |
pcre -- buffer overflow vulnerability |
| 2008-02-26 |
libxine -- buffer overflow vulnerability |
| 2008-02-25 |
coppermine - multiple vulnerabilities |
| moinmoin - multiple vulnerabilities |
| 2008-02-22 |
mozilla -- multiple vulnerabilities |
| openldap -- modrdn Denial of Service vulnerability |
| opera -- multiple vulnerabilities |
| 2008-02-15 |
clamav -- ClamAV libclamav PE File Integer Overflow Vulnerability |
| 2008-02-12 |
cacti -- Multiple security vulnerabilities have been discovered |
| 2008-02-11 |
ikiwiki -- javascript insertion via uris |
| 2008-02-09 |
zenphoto -- XSS vulnerability |
| 2008-02-04 |
jetty -- multiple vulnerability |
| 2008-01-29 |
libxine -- buffer overflow vulnerability |
| 2008-01-23 |
xorg -- multiple vulnerabilities |
| 2008-01-22 |
claws-mail -- insecure temporary file creation |
| xfce -- multiple vulnerabilities |
| 2008-01-19 |
IRC Services-- Denial of Service Vulnerability |
| libxine -- buffer overflow vulnerability |
| 2008-01-15 |
geeklog xss vulnerability |
| 2008-01-11 |
drupal -- cross site request forgery |
| drupal -- cross site scripting (register_globals) |
| drupal -- cross site scripting (utf8) |
| 2008-01-10 |
maradns -- CNAME record resource rotation denial of service |
| 2008-01-04 |
linux-realplayer -- multiple vulnerabilities |
| 2008-01-03 |
linux-flashplugin -- multiple vulnerabilities |
| 2007-12-29 |
dovecot -- Specific LDAP + auth cache configuration may mix up user logins |
| 2007-12-25 |
gallery2 -- multiple vulnerabilities |
| 2007-12-20 |
e2fsprogs -- heap buffer overflow |
| 2007-12-19 |
opera -- multiple vulnerabilities |
| peercast -- buffer overflow vulnerability |
| wireshark -- multiple vulnerabilities |
| 2007-12-17 |
ganglia-webfrontend -- XSS vulnerabilities |
| 2007-12-12 |
drupal -- SQL injection vulnerability |
| qemu -- Translation Block Local Denial of Service Vulnerability |
| samba -- buffer overflow vulnerability |
| smbftpd -- format string vulnerability |
| 2007-12-10 |
jetty -- multiple vulnerabilities |
| 2007-12-08 |
liveMedia -- DoS vulnerability |
| 2007-12-05 |
GNU finger vulnerability |
| 2007-12-04 |
Squid -- Denial of Service Vulnerability |
| 2007-11-28 |
rubygem-rails -- JSON XSS vulnerability |
| 2007-11-27 |
firefox -- multiple remote unspecified memory corruption vulnerabilities |
| ikiwiki -- improper symlink verification vulnerability |
| rubygem-rails -- session-fixation vulnerability |
| 2007-11-21 |
phpmyadmin -- Cross Site Scripting |
| samba -- multiple vulnerabilities |
| 2007-11-16 |
php -- multiple security vulnerabilities |
| 2007-11-13 |
flac -- media file processing integer overflow vulnerabilities |
| net-snmp -- denial of service via GETBULK request |
| 2007-11-12 |
mt-daapd -- denial of service vulnerability |
| plone -- unsafe data interpreted as pickles |
| xpdf -- multiple remote Stream.CC vulnerabilities |
| 2007-11-11 |
phpmyadmin -- cross-site scripting vulnerability |
| 2007-11-09 |
cups -- off-by-one buffer overflow |
| gallery2 -- multiple vulnerabilities |
| tikiwiki -- multiple vulnerabilities |
| 2007-11-06 |
pcre -- arbitrary code execution |
| perl -- regular expressions unicode data buffer overflow |
| 2007-11-05 |
gftp -- multiple vulnerabilities |
| perdition -- str_vwrite format string vulnerability |
| 2007-11-04 |
dircproxy -- remote denial of service |
| 2007-11-01 |
wordpress -- cross-site scripting |
| 2007-10-30 |
openldap -- multiple remote denial of service vulnerabilities |
| 2007-10-27 |
py-django -- denial of service vulnerability |
| 2007-10-25 |
opera -- multiple vulnerabilities |
| 2007-10-24 |
drupal --- multiple vulnerabilities |
| 2007-10-23 |
ldapscripts -- Command Line User Credentials Disclosure |
| 2007-10-22 |
firefox -- OnUnload Javascript browser entrapment vulnerability |
| 2007-10-17 |
phpmyadmin -- cross-site scripting vulnerability |
| 2007-10-16 |
phpmyadmin -- cross-site scripting vulnerability |
| 2007-10-11 |
nagios-plugins -- Long Location Header Buffer Overflow Vulnerability |
| png -- multiple vulnerabilities |
| 2007-10-10 |
ImageMagick -- multiple vulnerabilities |
| 2007-10-08 |
jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented |
| xfs -- multiple vulnerabilites |
| 2007-10-05 |
tcl/tk -- buffer overflow in ReadImage function |
| 2007-10-04 |
firebird -- multiple remote buffer overflow vulnerabilities |
| 2007-10-01 |
id3lib -- insecure temporary file creation |
| 2007-09-21 |
bugzilla -- multiple vulnerabilities |
| clamav -- multiple remote Denial of Service vulnerabilities |
| mediawiki -- cross site scripting vulnerability |
| samba -- nss_info plugin privilege escalation vulnerability |
| wordpress -- remote sql injection vulnerability |
| 2007-09-20 |
bugzilla -- "createmailregexp" security bypass vulnerability |
| coppermine -- multiple vulnerabilities |
| openoffice -- arbitrary command execution vulnerability |
| 2007-09-19 |
flyspray -- authentication bypass |
| kdm -- passwordless login vulnerability |
| konquerer -- address bar spoofing |
| mozilla -- code execution via Quicktime media-link files |
| 2007-09-11 |
apache -- multiple vulnerabilities |
| php -- multiple vulnerabilities |
| 2007-09-10 |
lighttpd -- FastCGI header overrun in mod_fastcgi |
| 2007-09-05 |
lsh -- multiple vulnerabilities |
| rkhunter -- insecure temporary file creation |
| 2007-09-02 |
fetchmail -- denial of service on reject of local warning
message |
| 2007-09-01 |
gtar -- Directory traversal vulnerability |
| 2007-08-27 |
claws-mail -- POP3 Format String Vulnerability |
| 2007-08-21 |
rsync -- off by one stack overflow |
| 2007-08-15 |
opera -- Vulnerability in javascript handling |
| 2007-08-02 |
FreeBSD -- Buffer overflow in tcpdump(1) |
| FreeBSD -- Predictable query ids in named(8) |
| fsplib -- multiple vulnerabilities |
| joomla -- multiple vulnerabilities |
| 2007-07-31 |
xpdf -- stack based buffer overflow |
| 2007-07-29 |
mutt -- buffer overflow vulnerability |
| 2007-07-28 |
drupal -- Cross site request forgeries |
| drupal -- Multiple cross-site scripting vulnerabilities |
| p5-Net-DNS -- multiple Vulnerabilities |
| phpsysinfo -- url Cross-Site Scripting |
| 2007-07-27 |
vim -- Command Format String Vulnerability |
| 2007-07-26 |
libvorbis -- Multiple memory corruption flaws |
| 2007-07-24 |
dokuwiki -- XSS vulnerability in spellchecker backend |
| tomcat -- multiple vulnerabilities |
| tomcat -- XSS vulnerability in sample applications |
| 2007-07-21 |
lighttpd -- multiple vulnerabilities |
| 2007-07-19 |
mozilla -- multiple vulnerabilities |
| opera -- multiple vulnerabilities |
| 2007-07-18 |
linux-flashplugin -- critical vulnerabilities |
| 2007-07-06 |
wireshark -- Multiple problems |
| 2007-07-03 |
typespeed -- arbitrary code execution |
| 2007-06-29 |
gd -- multiple vulnerabilities |
| 2007-06-28 |
flac123 -- stack overflow in comment parsing |
| 2007-06-25 |
evolution-data-server -- remote execution of arbitrary code vulnerability |
| 2007-06-21 |
xpcd -- buffer overflow |
| 2007-06-19 |
clamav -- multiple vulnerabilities |
| 2007-06-18 |
p5-Mail-SpamAssassin -- local user symlink-attack DoS vulnerability |
| vlc -- format string vulnerability and integer overflow |
| 2007-06-12 |
cups -- Incomplete SSL Negotiation Denial of Service |
| 2007-06-09 |
c-ares -- DNS Cache Poisoning Vulnerability |
| webmin -- cross site scripting vulnerability |
| wordpress -- unmoderated comments disclosure |
| wordpress -- XMLRPC SQL Injection |
| 2007-06-07 |
mplayer -- cddb stack overflow |
| 2007-06-05 |
mod_jk -- information disclosure |
| 2007-06-04 |
phppgadmin -- cross site scripting vulnerability |
| typo3 -- email header injection |
| 2007-06-01 |
findutils -- GNU locate heap buffer overrun |
| 2007-05-24 |
FreeType 2 -- Heap overflow vulnerability |
| 2007-05-23 |
FreeBSD -- heap overflow in file(1) |
| 2007-05-21 |
squirrelmail -- Cross site scripting in HTML filter |
| 2007-05-16 |
png -- DoS crash vulnerability |
| samba -- multiple vulnerabilities |
| 2007-05-07 |
php -- multiple vulnerabilities |
| 2007-05-01 |
qemu - several vulnerabilities |
| 2007-04-30 |
p5-Imager - possibly exploitable buffer overflow |
| 2007-04-28 |
FreeBSD -- IPv6 Routing Header 0 is dangerous |
| 2007-04-24 |
mod_perl -- remote DoS in PATH_INFO parsing |
| 2007-04-19 |
claws-mail -- APOP vulnerability |
| 2007-04-14 |
lighttpd -- DOS when access files with mtime 0 |
| lighttpd -- Remote DOS in CRLF parsing |
| 2007-04-13 |
freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability |
| 2007-04-09 |
fetchmail -- insecure APOP authentication |
| 2007-04-08 |
mcweject -- exploitable buffer overflow |
| webcalendar -- "noSet" variable overwrite vulnerability |
| 2007-04-05 |
zope -- cross-site scripting vulnerability |
| 2007-03-21 |
Squid -- TRACE method handling denial of service |
| 2007-03-16 |
samba -- format string bug in afsacl.so VFS plugin |
| samba -- potential Denial of Service bug in smbd |
| sql-ledger -- security bypass vulnerability |
| 2007-03-11 |
ktorrent -- multiple vulnerabilities |
| 2007-03-09 |
mplayer -- DMO File Parsing Buffer Overflow Vulnerability |
| trac -- cross site scripting vulnerability |
| 2007-03-05 |
mod_jk -- long URL stack overflow vulnerability |
| 2007-02-27 |
bind -- Multiple Denial of Service vulnerabilities |
| FreeBSD -- Jail rc.d script privilege escalation |
| FreeBSD -- Kernel memory disclosure in firewire(4) |
| gtar -- name mangling symlink vulnerability |
| 2007-02-26 |
libarchive -- Infinite loop in corrupt archives handling in libarchive |
| OpenSSL -- Multiple problems in crypto(3) |
| 2007-02-24 |
mozilla -- multiple vulnerabilities |
| 2007-02-21 |
snort -- DCE/RPC preprocessor vulnerability |
| 2007-02-17 |
php -- multiple vulnerabilities |
| rar -- password prompt buffer overflow vulnerability |
| 2007-01-17 |
joomla -- multiple remote vulnerabilities |
| 2007-01-15 |
sircd -- remote operator privilege escalation vulnerability |
| sircd -- remote reverse DNS buffer overflow |
| 2007-01-12 |
cacti -- Multiple vulnerabilities |
| 2007-01-08 |
mplayer -- buffer overflow in the code for RealMedia RTSP streams. |
| 2007-01-06 |
fetchmail -- crashes when refusing a message bound for an MDA |
| fetchmail -- TLS enforcement problem/MITM attack/password exposure |
| 2007-01-05 |
drupal -- multiple vulnerabilities |
| opera -- multiple vulnerabilities |
| 2007-01-03 |
w3m -- format string vulnerability |
| 2006-12-27 |
plone -- user can masquerade as a group |
| 2006-12-21 |
proftpd -- remote code execution vulnerabilities |
| 2006-12-19 |
bind9 -- Denial of Service in named(8) |
| gzip -- multiple vulnerabilities |
| openssl -- Incorrect PKCS#1 v1.5 padding validation in
crypto(3) |
| 2006-12-18 |
sql-ledger -- multiple vulnerabilities |
| 2006-12-14 |
dbus -- match_rule_equal() Weakness |
| evince -- Buffer Overflow Vulnerability |
| 2006-12-13 |
tdiary -- injection vulnerability |
| wv -- Multiple Integer Overflow Vulnerabilities |
| wv2 -- Integer Overflow Vulnerability |
| 2006-12-11 |
tnftpd -- Remote root Exploit |
| 2006-12-07 |
gnupg -- remotely controllable function pointer |
| libxine -- multiple buffer overflow vulnerabilities |
| 2006-12-04 |
ruby -- cgi.rb library Denial of Service |
| 2006-12-02 |
ImageMagick -- SGI Image File heap overflow vulnerability |
| libmusicbrainz -- multiple buffer overflow vulnerabilities |
| tdiary -- cross site scripting vulnerability |
| 2006-11-30 |
gtar -- GNUTYPE_NAMES directory traversal vulnerability |
| kronolith -- arbitrary local file inclusion vulnerability |
| 2006-11-27 |
gnupg -- buffer overflow |
| 2006-11-14 |
proftpd -- Remote Code Execution Vulnerability |
| unzoo -- Directory Traversal Vulnerability |
| 2006-11-11 |
bugzilla -- multiple vulnerabilities |
| 2006-11-08 |
Imlib2 -- multiple image file processing vulnerabilities |
| 2006-11-04 |
ruby -- cgi.rb library Denial of Service |
| 2006-10-29 |
mysql -- database "case-sensitive" privilege escalation |
| mysql -- database suid privilege escalation |
| screen -- combined UTF-8 characters vulnerability |
| 2006-10-22 |
kdelibs -- integer overflow in khtml |
| 2006-10-21 |
Serendipity -- XSS Vulnerabilities |
| 2006-10-20 |
asterisk -- remote heap overwrite vulnerability |
| opera -- URL parsing heap overflow vulnerability |
| 2006-10-19 |
plone -- unprotected MembershipTool methods |
| 2006-10-18 |
drupal -- cross site request forgeries |
| drupal -- HTML attribute injection |
| drupal -- multiple XSS vulnerabilities |
| ingo -- local arbitrary shell command execution |
| 2006-10-16 |
clamav -- CHM unpacker and PE rebuilding vulnerabilities |
| nvidia-driver -- arbitrary root code execution vulnerability |
| 2006-10-15 |
tkdiff -- temporary file symlink privilege escalation |
| vtiger -- multiple remote file inclusion vulnerabilities |
| 2006-10-14 |
google-earth -- heap overflow in the KML engine |
| 2006-10-12 |
clamav -- Multipart Nestings Denial of Service |
| 2006-10-07 |
python -- buffer overrun in repr() for unicode strings |
| torrentflux -- User-Agent XSS Vulnerability |
| 2006-10-06 |
php -- _ecalloc Integer Overflow Vulnerability |
| 2006-10-05 |
mambo -- multiple SQL injection vulnerabilities |
| mono -- "System.CodeDom.Compiler" Insecure Temporary Creation |
| openldap -- slapd acl selfwrite Security Issue |
| php -- open_basedir Race Condition Vulnerability |
| tin -- buffer overflow vulnerabilities |
| 2006-10-04 |
phpbb -- NULL byte injection vulnerability |
| 2006-10-03 |
postnuke -- admin section SQL injection |
| 2006-10-02 |
cscope -- Buffer Overflow Vulnerabilities |
| freetype -- LWFN Files Buffer Overflow Vulnerability |
| gnutls -- RSA Signature Forgery Vulnerability |
| MT -- Search Unspecified XSS |
| phpmyadmin -- XSRF vulnerabilities |
| 2006-09-30 |
dokuwiki -- multiple vulnerabilities |
| dokuwiki -- multiple vulnerabilities |
| openssh -- multiple vulnerabilities |
| punbb -- NULL byte injection vulnerability |
| tikiwiki -- multiple vulnerabilities |
| 2006-09-26 |
freeciv -- Denial of Service Vulnerabilities |
| freeciv -- Packet Parsing Denial of Service Vulnerability |
| plans -- multiple vulnerabilities |
| 2006-09-25 |
eyeOS -- multiple XSS security bugs |
| 2006-09-22 |
libmms -- stack-based buffer overflow |
| opera -- RSA Signature Forgery |
| zope -- restructuredText "csv_table" Information Disclosure |
| 2006-09-15 |
mozilla -- multiple vulnerabilities |
| 2006-09-14 |
win32-codecs -- multiple vulnerabilities |
| 2006-09-13 |
drupal-pubcookie -- authentication may be bypassed |
| php -- multiple vulnerabilities |
| 2006-09-12 |
linux-flashplugin7 -- arbitrary code execution vulnerabilities |
| 2006-09-04 |
mailman -- Multiple Vulnerabilities |
| 2006-09-02 |
gtetrinet -- remote code execution |
| hlstats -- multiple cross site scripting vulnerabilities |
| 2006-08-30 |
joomla -- multiple vulnerabilities |
| 2006-08-23 |
sppp -- buffer overflow vulnerability |
| 2006-08-17 |
horde -- Phishing and Cross-Site Scripting Vulnerabilities |
| 2006-08-15 |
globus -- Multiple tmpfile races |
| 2006-08-13 |
alsaplayer -- multiple vulnerabilities |
| mysql -- format string vulnerability |
| postgresql -- encoding based SQL injection |
| postgresql -- multiple vulnerabilities |
| x11vnc -- authentication bypass vulnerability |
| 2006-08-12 |
squirrelmail -- random variable overwrite vulnerability |
| 2006-08-10 |
rubygem-rails -- evaluation of ruby code |
| 2006-08-08 |
clamav -- heap overflow vulnerability |
| 2006-08-02 |
drupal -- XSS vulnerability |
| gnupg -- 2 more possible memory allocation attacks |
| 2006-07-29 |
ruby - multiple vulnerabilities |
| 2006-07-28 |
apache -- mod_rewrite buffer overflow vulnerability |
| 2006-07-27 |
mozilla -- multiple vulnerabilities |
| 2006-07-14 |
zope -- information disclosure vulnerability |
| 2006-07-13 |
drupal -- multiple vulnerabilities |
| 2006-07-11 |
shoutcast -- cross-site scripting, information exposure |
| 2006-07-10 |
samba -- memory exhaustion DoS in smbd |
| twiki -- multiple file extensions file upload vulnerability |
| 2006-07-07 |
trac -- reStructuredText breach of privacy and denial of service vulnerability |
| 2006-07-05 |
horde -- various problems in dereferrer |
| mambo -- SQL injection vulnerabilities |
| 2006-07-03 |
phpmyadmin -- cross site scripting vulnerability |
| 2006-07-02 |
webmin, usermin -- arbitrary file disclosure vulnerability |
| 2006-06-30 |
Joomla -- multiple vulnerabilities |
| mutt -- Remote Buffer Overflow Vulnerability |
| 2006-06-27 |
hashcash -- heap overflow vulnerability |
| 2006-06-25 |
gnupg -- user id integer overflow vulnerability |
| 2006-06-17 |
horde -- multiple parameter cross site scripting vulnerabilities |
| 2006-06-16 |
webcalendar -- information disclosure vulnerability |
| 2006-06-14 |
sendmail -- Incorrect multipart message handling |
| 2006-06-11 |
dokuwiki -- multiple vulnerabilities |
| libxine -- buffer overflow vulnerability |
| 2006-06-09 |
smbfs -- chroot escape |
| ypserv -- Inoperative access controls in ypserv |
| 2006-06-08 |
freeradius -- authentication bypass vulnerability |
| freeradius -- multiple vulnerabilities |
| 2006-06-05 |
dokuwiki -- spellchecker remote PHP code execution |
| drupal -- multiple vulnerabilities |
| squirrelmail -- plugin.php local file inclusion vulnerability |
| 2006-06-01 |
MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities |
| MySQL -- SQL-injection security vulnerability |
| 2006-05-23 |
cscope -- buffer overflow vulnerabilities |
| frontpage -- cross site scripting vulnerability |
| 2006-05-22 |
coppermine -- "file" Local File Inclusion Vulnerability |
| coppermine -- File Inclusion Vulnerabilities |
| coppermine -- Multiple File Extensions Vulnerability |
| 2006-05-21 |
phpmyadmin -- XSRF vulnerabilities |
| 2006-05-18 |
vnc - authentication bypass vulnerability |
| 2006-05-14 |
phpldapadmin -- Cross-Site Scripting and Script Insertion vulnerabilities |
| 2006-05-06 |
fswiki -- XSS vulnerability |
| mysql50-server -- COM_TABLE_DUMP arbitrary code execution |
| 2006-05-05 |
awstats -- arbitrary command execution vulnerability |
| 2006-05-03 |
clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability |
| firefox -- denial of service vulnerability |
| phpwebftp -- "language" Local File Inclusion |
| 2006-05-02 |
trac -- Wiki Macro Script Insertion Vulnerability |
| 2006-05-01 |
jabberd -- SASL Negotiation Denial of Service Vulnerability |
| 2006-04-27 |
amaya -- Attribute Value Buffer Overflow Vulnerabilities |
| cacti -- ADOdb "server.php" Insecure Test Script Security Issue |
| ethereal -- Multiple Protocol Dissector Vulnerabilities |
| lifetype -- ADOdb "server.php" Insecure Test Script Security Issue |
| 2006-04-25 |
asterisk -- denial of service vulnerability, local system access |
| 2006-04-23 |
crossfire-server -- denial of service and remote code execution vulnerability |
| p5-DBI -- insecure temporary file creation vulnerability |
| wordpress -- full path disclosure |
| xine -- multiple remote string vulnerabilities |
| zgv, xzgv -- heap overflow vulnerability |
| 2006-04-22 |
cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service |
| 2006-04-19 |
FreeBSD -- FPU information disclosure |
| 2006-04-18 |
plone -- "member_id" Parameter Portrait Manipulation Vulnerability |
| 2006-04-16 |
mailman -- Private Archive Script Cross-Site Scripting |
| mozilla -- multiple vulnerabilities |
| 2006-04-10 |
f2c -- insecure temporary files |
| 2006-04-07 |
kaffeine -- buffer overflow vulnerability |
| mplayer -- Multiple integer overflows |
| thunderbird -- javascript execution |
| 2006-04-06 |
clamav -- Multiple Vulnerabilities |
| phpmyadmin -- 'set_theme' Cross-Site Scripting |
| phpmyadmin -- XSS vulnerabilities |
| 2006-04-05 |
dia -- XFig Import Plugin Buffer Overflow |
| mediawiki -- cross site scripting vulnerability |
| mediawiki -- hardcoded placeholder string security bypass vulnerability |
| mod_pubcookie -- cross site scripting vulnerability |
| netpbm -- buffer overflow in pnmtopng |
| openvpn -- LD_PRELOAD code execution on client through malicious or compromised server |
| pubcookie-login-server -- cross site scripting vulnerability |
| samba -- Exposure of machine account credentials in winbind log files |
| zoo -- stack based buffer overflow |
| 2006-03-29 |
freeradius -- EAP-MSCHAPv2 Authentication Bypass |
| 2006-03-28 |
horde -- remote code execution vulnerability in the help viewer |
| 2006-03-27 |
linux-realplayer -- buffer overrun |
| linux-realplayer -- heap overflow |
| 2006-03-24 |
ipsec -- reply attack vulnerability |
| OPIE -- arbitrary password change |
| sendmail -- race condition vulnerability |
| 2006-03-21 |
xorg-server -- privilege escalation |
| 2006-03-20 |
curl -- TFTP packet buffer overflow vulnerability |
| heimdal -- Multiple vulnerabilities |
| 2006-03-17 |
drupal -- multiple vulnerabilities |
| 2006-03-15 |
horde -- "url" disclosure of sensitive information vulnerability |
| linux-flashplugin -- arbitrary code execution vulnerability |
| 2006-03-12 |
nfs -- remote denial of service |
| openssh -- remote denial of service |
| 2006-03-10 |
GnuPG does not detect injection of unsigned data |
| 2006-03-09 |
mplayer -- heap overflow in the ASF demuxer |
| 2006-03-04 |
SSH.COM SFTP server -- format string vulnerability |
| 2006-03-03 |
gtar -- invalid headers buffer overflow |
| 2006-02-27 |
bugzilla -- multiple vulnerabilities |
| 2006-02-24 |
squirrelmail -- multiple vulnerabilities |
| 2006-02-20 |
abiword, koffice -- stack based buffer overflow vulnerabilities |
| gedit -- format string vulnerability |
| WebCalendar -- unauthorized access vulnerability |
| 2006-02-18 |
postgresql81-server -- SET ROLE privilege escalation |
| 2006-02-17 |
gnupg -- false positive signature verification |
| 2006-02-16 |
heartbeat -- insecure temporary file creation vulnerability |
| libtomcrypt -- weak signature scheme with ECC keys |
| mantis -- "view_filters_page.php" cross site scripting vulnerability |
| phpbb -- multiple vulnerabilities |
| postgresql -- character conversion and tsearch2 vulnerabilities |
| rssh -- privilege escalation vulnerability |
| sudo -- arbitrary command execution |
| tor -- malicious tor server can locate a hidden service |
| 2006-02-15 |
kpdf -- heap based buffer overflow |
| perl, webmin, usermin -- perl format string integer wrap vulnerability |
| phpicalendar -- cross site scripting vulnerability |
| phpicalendar -- file disclosure vulnerability |
| 2006-02-14 |
FreeBSD -- Infinite loop in SACK handling |
| FreeBSD -- Local kernel memory disclosure |
| IEEE 802.11 -- buffer overflow |
| ipfw -- IP fragment denial of service |
| pf -- IP fragment handling panic |
| 2006-02-07 |
kpopup -- local root exploit and local denial of service |
| 2006-01-27 |
cpio -- multiple vulnerabilities |
| cvsbug -- race condition |
| ee -- temporary file privilege escalation |
| texindex -- temporary file privilege escalation |
| 2006-01-23 |
fetchmail -- crash when bouncing a message |
| sge -- local root exploit in bundled rsh executable |
| 2006-01-10 |
clamav -- possible heap overflow in the UPX code |
| 2006-01-09 |
milter-bogom -- headerless message crash |
| 2006-01-07 |
bogofilter -- heap corruption through excessively long words |
| bogofilter -- heap corruption through malformed input |
| 2006-01-04 |
rxvt-unicode -- restore permissions on tty devices |
| 2006-01-01 |
apache -- mod_imap cross-site scripting flaw |
| 2005-12-22 |
nbd-server -- buffer overflow vulnerability |
| scponly -- local privilege escalation exploits |
| 2005-12-19 |
fetchmail -- null pointer dereference in multidrop mode with headerless email |
| 2005-12-14 |
mantis -- "t_core_path" file inclusion vulnerability |
| mantis -- "view_filters_page.php" cross-site scripting vulnerability |
| 2005-12-11 |
horde -- Cross site scripting vulnerabilities in several of Horde's templates |
| kronolith -- Cross site scripting vulnerabilities in several of the calendar name and event data fields |
| mnemo -- Cross site scripting vulnerabilities in several of the notepad name and note data fields |
| nag -- Cross site scripting vulnerabilities in several of the tasklist name and task data fields |
| turba -- Cross site scripting vulnerabilities in several of the address book name and contact data fields |
| 2005-12-09 |
curl -- URL buffer overflow vulnerability |
| 2005-12-07 |
ffmpeg -- libavcodec buffer overflow vulnerability |
| phpmyadmin -- register_globals emulation "import_blacklist" manipulation |
| phpmyadmin -- XSS vulnerabilities |
| trac -- search module SQL injection vulnerability |
| 2005-12-01 |
drupal -- multiple vulnerabilities |
| 2005-11-30 |
mambo -- "register_globals" emulation layer overwrite vulnerability |
| opera -- command line URL shell command injection |
| opera -- multiple vulnerabilities |
| 2005-11-27 |
ghostscript -- insecure temporary file creation vulnerability |
| 2005-11-22 |
horde -- Cross site scripting vulnerabilities in MIME viewers |
| 2005-11-16 |
phpmyadmin -- HTTP Response Splitting vulnerability |
| 2005-11-13 |
Macromedia flash player -- swf file handling arbitrary code |
| phpSysInfo -- "register_globals" emulation layer overwrite vulnerability |
| 2005-11-10 |
flyspray -- cross-site scripting vulnerabilities |
| p5-Mail-SpamAssassin -- long message header denial of service |
| 2005-11-07 |
qpopper -- multiple privilege escalation vulnerabilities |
| 2005-11-04 |
pear-PEAR -- PEAR installer arbitrary code execution vulnerability |
| 2005-11-01 |
openvpn -- arbitrary code execution on client through malicious or compromised server |
| openvpn -- potential denial-of-service on servers in TCP mode |
| PHP -- multiple vulnerabilities |
| skype -- multiple buffer overflow vulnerabilities |
| squid -- FTP server response handling denial of service |
| 2005-10-31 |
base -- PHP SQL injection vulnerability |
| 2005-10-30 |
fetchmail -- fetchmailconf local password exposure |
| lynx -- remote buffer overflow |
| 2005-10-27 |
ruby -- vulnerability in the safe level settings |
| 2005-10-20 |
xloadimage -- buffer overflows in NIFF image title handling |
| 2005-10-18 |
snort -- Back Orifice preprocessor buffer overflow vulnerability |
| 2005-10-15 |
gallery2 -- file disclosure vulnerability |
| webcalendar -- remote file inclusion vulnerability |
| 2005-10-12 |
openssl -- potential SSL 2.0 rollback |
| 2005-10-11 |
phpmyadmin -- local file inclusion vulnerability |
| zope -- expose RestructuredText functionality to untrusted users |
| 2005-10-09 |
libxine -- format string vulnerability |
| 2005-10-05 |
imap-uw -- mailbox name handling remote buffer vulnerability |
| 2005-10-02 |
picasm -- buffer overflow vulnerability |
| weex -- remote format string vulnerability |
| 2005-10-01 |
cfengine -- arbitrary file overwriting vulnerability |
| uim -- privilege escalation vulnerability |
| 2005-09-29 |
phpmyfaq -- SQL injection, takeover, path disclosure, remote code execution |
| 2005-09-24 |
clamav -- arbitrary code execution and DoS vulnerabilities |
| 2005-09-23 |
firefox & mozilla -- multiple vulnerabilities |
| 2005-09-22 |
firefox & mozilla -- command line URL shell command injection |
| 2005-09-17 |
apache -- Certificate Revocation List (CRL) off-by-one vulnerability |
| squirrelmail -- _$POST variable handling allows for various attacks |
| 2005-09-15 |
squid -- possible denial of service condition regarding NTLM authentication |
| X11 server -- pixmap allocation vulnerability |
| 2005-09-13 |
unzip -- permission race vulnerability |
| 2005-09-10 |
firefox & mozilla -- buffer overflow vulnerability |
| 2005-09-04 |
htdig -- cross site scripting vulnerability |
| squid -- Denial Of Service Vulnerability in sslConnectTimeout |
| squid -- Possible Denial Of Service Vulnerability in store.c |
| 2005-09-03 |
bind -- buffer overrun vulnerability |
| bind9 -- denial of service |
| 2005-09-02 |
urban -- stack overflow vulnerabilities |
| 2005-08-29 |
fswiki - command injection vulnerability |
| 2005-08-27 |
evolution -- remote format string vulnerabilities |
| pam_ldap -- authentication bypass vulnerability |
| 2005-08-26 |
pcre -- regular expression buffer overflow |
| 2005-08-23 |
elm -- remote buffer overflow in Expires header |
| 2005-08-19 |
openvpn -- denial of service: client certificate validation can disconnect unrelated clients |
| openvpn -- denial of service: malicious authenticated "tap" client can deplete server virtual memory |
| openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients |
| openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server |
| 2005-08-17 |
tor -- diffie-hellman handshake flaw |
| 2005-08-16 |
acroread -- plug-in buffer overflow vulnerability |
| 2005-08-15 |
pear-XML_RPC -- remote PHP code injection vulnerability |
| 2005-08-14 |
awstats -- arbitrary code execution vulnerability |
| 2005-08-12 |
gaim -- AIM/ICQ away message buffer overflow |
| gaim -- AIM/ICQ non-UTF-8 filename crash |
| libgadu -- multiple vulnerabilities |
| xpdf -- disk fill DoS vulnerability |
| 2005-08-09 |
gforge -- XSS and email flood vulnerabilities |
| 2005-08-08 |
postnuke -- multiple vulnerabilities |
| 2005-08-05 |
devfs -- ruleset bypass |
| ipsec -- Incorrect key usage in AES-XCBC-MAC |
| mambo -- multiple vulnerabilities |
| zlib -- buffer overflow vulnerability |
| 2005-08-03 |
proftpd -- format string vulnerabilities |
| 2005-08-01 |
nbsmtp -- format string vulnerability |
| 2005-07-31 |
gnupg -- OpenPGP symmetric encryption vulnerability |
| phpmyadmin -- cross site scripting vulnerability |
| sylpheed -- MIME-encoded file name buffer overflow vulnerability |
| vim -- vulnerabilities in modeline handling: glob, expand |
| 2005-07-30 |
ethereal -- multiple protocol dissectors vulnerabilities |
| jabberd -- 3 buffer overflows |
| opera -- download dialog spoofing vulnerability |
| opera -- image dragging vulnerability |
| tiff -- buffer overflow vulnerability |
| 2005-07-26 |
apache -- http request smuggling |
| 2005-07-25 |
clamav -- multiple remote buffer overflows |
| 2005-07-23 |
egroupware -- multiple cross-site scripting (XSS) and SQL injection vulnerabilities |
| isc-dhcpd -- format string vulnerabilities |
| 2005-07-22 |
fetchmail -- denial of service/crash from malicious POP3 server |
| 2005-07-21 |
dnrd -- remote buffer and stack overflow vulnerabilities |
| PowerDNS -- LDAP backend fails to escape all queries |
| 2005-07-20 |
fetchmail -- remote root/code injection from malicious POP3 server |
| 2005-07-18 |
kdebase -- Kate backup file permission leak |
| 2005-07-16 |
drupal -- PHP code execution vulnerabilities |
| firefox & mozilla -- multiple vulnerabilities |
| 2005-07-09 |
mysql-server -- insecure temporary file creation |
| net-snmp -- fixproc insecure temporary file creation |
| phpbb -- multiple vulnerabilities |
| phpSysInfo -- cross site scripting vulnerability |
| shtool -- insecure temporary file creation |
| 2005-07-08 |
bugzilla -- multiple vulnerabilities |
| ekg -- insecure temporary file creation |
| nwclient -- multiple vulnerabilities |
| pear-XML_RPC -- information disclosure vulnerabilities |
| phppgadmin -- "formLanguage" local file inclusion vulnerability |
| 2005-07-06 |
acroread -- buffer overflow vulnerability |
| acroread -- insecure temporary file creation |
| clamav -- cabinet file handling DoS vulnerability |
| clamav -- MS-Expand file handling DoS vulnerability |
| zlib -- buffer overflow vulnerability |
| 2005-07-05 |
cacti -- multiple vulnerabilities |
| net-snmp -- remote DoS vulnerability |
| wordpress -- multiple vulnerabilities |
| wordpress -- multiple vulnerabilities |
| 2005-07-03 |
pear-XML_RPC -- arbitrary remote code execution |
| phpbb -- remote PHP code execution vulnerability |
| 2005-06-29 |
bzip2 -- denial of service and permission race vulnerabilities |
| kernel -- ipfw packet matching errors with address tables |
| kernel -- TCP connection stall denial of service |
| 2005-06-24 |
ethereal -- multiple protocol dissectors vulnerabilities |
| linux-realplayer -- RealText parsing heap overflow |
| tor -- information disclosure |
| 2005-06-23 |
ruby -- arbitrary command execution on XMLRPC server |
| 2005-06-21 |
cacti -- potential SQL injection and cross site scripting attacks |
| 2005-06-20 |
opera -- "javascript:" URL cross-site scripting vulnerability |
| opera -- redirection cross-site scripting vulnerability |
| opera -- XMLHttpRequest security bypass |
| razor-agents -- denial of service vulnerability |
| sudo -- local race condition vulnerability |
| trac -- file upload/download vulnerability |
| 2005-06-18 |
acroread -- XML External Entity vulnerability |
| gzip -- directory traversal and permission race vulnerabilities |
| p5-Mail-SpamAssassin -- denial of service vulnerability |
| squirrelmail -- Several cross site scripting vulnerabilities |
| tcpdump -- infinite loops in protocol decoding |
| 2005-06-17 |
fd_set -- bitmap index overflow in multiple applications |
| gaim -- MSN Remote DoS vulnerability |
| gaim -- Yahoo! remote crash vulnerability |
| gallery -- cross-site scripting |
| gallery -- remote code injection via HTTP_POST_VARS |
| kstars -- exploitable set-user-ID application fliccd |
| 2005-06-09 |
leafnode -- denial of service vulnerability |
| 2005-06-03 |
gforge -- directory traversal vulnerability |
| imap-uw -- authentication bypass when CRAM-MD5 is enabled |
| racoon -- remote denial-of-service |
| squid -- denial-of-service vulnerabilities |
| xli -- integer overflows in image size calculations |
| xloadimage -- arbitrary command execution when handling compressed files |
| xloadimage -- buffer overflow in FACES image handling |
| yamt -- buffer overflow and directory traversal issues |
| 2005-06-01 |
linux_base -- vulnerabilities in Red Hat 7.1 libraries |
| mailman -- generated passwords are poor quality |
| mailman -- password disclosure |
| squirrelmail -- XSS and remote code injection vulnerabilities |
| sympa -- buffer overflow in "queue" |
| tomcat -- Tomcat Manager cross-site scripting |
| xtrlock -- X display locking bypass |
| xview -- multiple buffer overflows in xv_parse_one |
| 2005-05-29 |
fswiki -- XSS problem in file upload form |
| 2005-05-22 |
freeradius -- sql injection and denial of service vulnerability |
| oops -- format string vulnerability |
| ppxp -- local root exploit |
| 2005-05-19 |
cdrdao -- unspecified privilege escalation vulnerability |
| squid -- DNS lookup spoofing vulnerability |
| squid -- possible abuse of cachemgr.cgi |
| 2005-05-14 |
gaim -- MSN remote DoS vulnerability |
| gaim -- remote crash on some protocols |
| 2005-05-13 |
kernel -- information disclosure when using HTT |
| leafnode -- fetchnews denial-of-service triggered by transmission abort/timeout |
| 2005-05-12 |
mozilla -- "Wrapped" javascript: urls bypass security checks |
| mozilla -- privilege escalation via non-DOM property overrides |
| 2005-05-11 |
mozilla -- code execution via javascript: IconURL vulnerability |
| 2005-05-09 |
groff -- groffer uses temporary files unsafely |
| groff -- pic2graph and eqn2graph are vulnerable to symlink attack through temporary files |
| 2005-05-01 |
coppermine -- IP spoofing and XSS vulnerability |
| rsnapshot -- local privilege escalation |
| sharutils -- unshar insecure temporary file creation |
|