Navigation Bar Top Applications Support Documentation Vendors Search Index Top Top

Vulnerabilities

2007-01-17 joomla -- multiple remote vulnerabilities
2007-01-15 sircd -- remote reverse DNS buffer overflow
2007-01-15 sircd -- remote operator privilege escalation vulnerability
2007-01-12 cacti -- Multiple vulnerabilities
2007-01-08 mplayer -- buffer overflow in the code for RealMedia RTSP streams.
2007-01-06 fetchmail -- crashes when refusing a message bound for an MDA
2007-01-06 fetchmail -- TLS enforcement problem/MITM attack/password exposure
2007-01-05 opera -- multiple vulnerabilities
2007-01-05 drupal -- multiple vulnerabilities
2007-01-03 w3m -- format string vulnerability
2006-12-27 plone -- user can masquerade as a group
2006-12-21 proftpd -- remote code execution vulnerabilities
2006-12-19 gzip -- multiple vulnerabilities
2006-12-19 bind9 -- Denial of Service in named(8)
2006-12-19 openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3)
2006-12-18 sql-ledger -- multiple vulnerabilities
2006-12-14 dbus -- match_rule_equal() Weakness
2006-12-14 evince -- Buffer Overflow Vulnerability
2006-12-13 tdiary -- injection vulnerability
2006-12-13 wv -- Multiple Integer Overflow Vulnerabilities
2006-12-13 wv2 -- Integer Overflow Vulnerability
2006-12-11 tnftpd -- Remote root Exploit
2006-12-07 libxine -- multiple buffer overflow vulnerabilities
2006-12-07 gnupg -- remotely controllable function pointer
2006-12-04 ruby -- cgi.rb library Denial of Service
2006-12-02 libmusicbrainz -- multiple buffer overflow vulnerabilities
2006-12-02 tdiary -- cross site scripting vulnerability
2006-12-02 ImageMagick -- SGI Image File heap overflow vulnerability
2006-11-30 gtar -- GNUTYPE_NAMES directory traversal vulnerability
2006-11-30 kronolith -- arbitrary local file inclusion vulnerability
2006-11-27 gnupg -- buffer overflow
2006-11-14 proftpd -- Remote Code Execution Vulnerability
2006-11-14 unzoo -- Directory Traversal Vulnerability
2006-11-11 bugzilla -- multiple vulnerabilities
2006-11-08 Imlib2 -- multiple image file processing vulnerabilities
2006-11-04 ruby -- cgi.rb library Denial of Service
2006-10-29 screen -- combined UTF-8 characters vulnerability
2006-10-29 mysql -- database suid privilege escalation
2006-10-29 mysql -- database "case-sensitive" privilege escalation
2006-10-22 kdelibs -- integer overflow in khtml
2006-10-21 Serendipity -- XSS Vulnerabilities
2006-10-20 opera -- URL parsing heap overflow vulnerability
2006-10-20 asterisk -- remote heap overwrite vulnerability
2006-10-19 plone -- unprotected MembershipTool methods
2006-10-18 drupal -- HTML attribute injection
2006-10-18 drupal -- cross site request forgeries
2006-10-18 drupal -- multiple XSS vulnerabilities
2006-10-18 ingo -- local arbitrary shell command execution
2006-10-16 nvidia-driver -- arbitrary root code execution vulnerability
2006-10-16 clamav -- CHM unpacker and PE rebuilding vulnerabilities
2006-10-15 tkdiff -- temporary file symlink privilege escalation
2006-10-15 vtiger -- multiple remote file inclusion vulnerabilities
2006-10-14 google-earth -- heap overflow in the KML engine
2006-10-12 clamav -- Multipart Nestings Denial of Service
2006-10-07 torrentflux -- User-Agent XSS Vulnerability
2006-10-07 python -- buffer overrun in repr() for unicode strings
2006-10-06 php -- _ecalloc Integer Overflow Vulnerability
2006-10-05 mambo -- multiple SQL injection vulnerabilities
2006-10-05 tin -- buffer overflow vulnerabilities
2006-10-05 openldap -- slapd acl selfwrite Security Issue
2006-10-05 mono -- "System.CodeDom.Compiler" Insecure Temporary Creation
2006-10-05 php -- open_basedir Race Condition Vulnerability
2006-10-04 phpbb -- NULL byte injection vulnerability
2006-10-03 postnuke -- admin section SQL injection
2006-10-02 freetype -- LWFN Files Buffer Overflow Vulnerability
2006-10-02 cscope -- Buffer Overflow Vulnerabilities
2006-10-02 gnutls -- RSA Signature Forgery Vulnerability
2006-10-02 MT -- Search Unspecified XSS
2006-10-02 phpmyadmin -- XSRF vulnerabilities
2006-09-30 openssh -- multiple vulnerabilities
2006-09-30 dokuwiki -- multiple vulnerabilities
2006-09-30 dokuwiki -- multiple vulnerabilities
2006-09-30 tikiwiki -- multiple vulnerabilities
2006-09-30 punbb -- NULL byte injection vulnerability
2006-09-26 freeciv -- Denial of Service Vulnerabilities
2006-09-26 freeciv -- Packet Parsing Denial of Service Vulnerability
2006-09-26 plans -- multiple vulnerabilities
2006-09-25 eyeOS -- multiple XSS security bugs
2006-09-22 zope -- restructuredText "csv_table" Information Disclosure
2006-09-22 libmms -- stack-based buffer overflow
2006-09-22 opera -- RSA Signature Forgery
2006-09-15 mozilla -- multiple vulnerabilities
2006-09-14 win32-codecs -- multiple vulnerabilities
2006-09-13 php -- multiple vulnerabilities
2006-09-13 drupal-pubcookie -- authentication may be bypassed
2006-09-12 linux-flashplugin7 -- arbitrary code execution vulnerabilities
2006-09-04 mailman -- Multiple Vulnerabilities
2006-09-02 hlstats -- multiple cross site scripting vulnerabilities
2006-09-02 gtetrinet -- remote code execution
2006-08-30 joomla -- multiple vulnerabilities
2006-08-23 sppp -- buffer overflow vulnerability
2006-08-17 horde -- Phishing and Cross-Site Scripting Vulnerabilities
2006-08-15 globus -- Multiple tmpfile races
2006-08-13 x11vnc -- authentication bypass vulnerability
2006-08-13 alsaplayer -- multiple vulnerabilities
2006-08-13 postgresql -- encoding based SQL injection
2006-08-13 postgresql -- multiple vulnerabilities
2006-08-13 mysql -- format string vulnerability
2006-08-12 squirrelmail -- random variable overwrite vulnerability
2006-08-10 rubygem-rails -- evaluation of ruby code
2006-08-08 clamav -- heap overflow vulnerability
2006-08-02 drupal -- XSS vulnerability
2006-08-02 gnupg -- 2 more possible memory allocation attacks
2006-07-29 ruby - multiple vulnerabilities
2006-07-28 apache -- mod_rewrite buffer overflow vulnerability
2006-07-27 mozilla -- multiple vulnerabilities
2006-07-14 zope -- information disclosure vulnerability
2006-07-13 drupal -- multiple vulnerabilities
2006-07-11 shoutcast -- cross-site scripting, information exposure
2006-07-10 samba -- memory exhaustion DoS in smbd
2006-07-10 twiki -- multiple file extensions file upload vulnerability
2006-07-07 trac -- reStructuredText breach of privacy and denial of service vulnerability
2006-07-05 horde -- various problems in dereferrer
2006-07-05 mambo -- SQL injection vulnerabilities
2006-07-03 phpmyadmin -- cross site scripting vulnerability
2006-07-02 webmin, usermin -- arbitrary file disclosure vulnerability
2006-06-30 mutt -- Remote Buffer Overflow Vulnerability
2006-06-30 Joomla -- multiple vulnerabilities
2006-06-27 hashcash -- heap overflow vulnerability
2006-06-25 gnupg -- user id integer overflow vulnerability
2006-06-17 horde -- multiple parameter cross site scripting vulnerabilities
2006-06-16 webcalendar -- information disclosure vulnerability
2006-06-14 sendmail -- Incorrect multipart message handling
2006-06-11 dokuwiki -- multiple vulnerabilities
2006-06-11 libxine -- buffer overflow vulnerability
2006-06-09 smbfs -- chroot escape
2006-06-09 ypserv -- Inoperative access controls in ypserv
2006-06-08 freeradius -- multiple vulnerabilities
2006-06-08 freeradius -- authentication bypass vulnerability
2006-06-05 squirrelmail -- plugin.php local file inclusion vulnerability
2006-06-05 dokuwiki -- spellchecker remote PHP code execution
2006-06-05 drupal -- multiple vulnerabilities
2006-06-01 MySQL -- SQL-injection security vulnerability
2006-06-01 MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities
2006-05-23 frontpage -- cross site scripting vulnerability
2006-05-23 cscope -- buffer overflow vulnerabilities
2006-05-22 coppermine -- Multiple File Extensions Vulnerability
2006-05-22 coppermine -- "file" Local File Inclusion Vulnerability
2006-05-22 coppermine -- File Inclusion Vulnerabilities
2006-05-21 phpmyadmin -- XSRF vulnerabilities
2006-05-18 vnc - authentication bypass vulnerability
2006-05-14 phpldapadmin -- Cross-Site Scripting and Script Insertion vulnerabilities
2006-05-06 fswiki -- XSS vulnerability
2006-05-06 mysql50-server -- COM_TABLE_DUMP arbitrary code execution
2006-05-05 awstats -- arbitrary command execution vulnerability
2006-05-03 phpwebftp -- "language" Local File Inclusion
2006-05-03 firefox -- denial of service vulnerability
2006-05-03 clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability
2006-05-02 trac -- Wiki Macro Script Insertion Vulnerability
2006-05-01 jabberd -- SASL Negotiation Denial of Service Vulnerability
2006-04-27 cacti -- ADOdb "server.php" Insecure Test Script Security Issue
2006-04-27 amaya -- Attribute Value Buffer Overflow Vulnerabilities
2006-04-27 lifetype -- ADOdb "server.php" Insecure Test Script Security Issue
2006-04-27 ethereal -- Multiple Protocol Dissector Vulnerabilities
2006-04-25 asterisk -- denial of service vulnerability, local system access
2006-04-23 zgv, xzgv -- heap overflow vulnerability
2006-04-23 crossfire-server -- denial of service and remote code execution vulnerability
2006-04-23 p5-DBI -- insecure temporary file creation vulnerability
2006-04-23 wordpress -- full path disclosure
2006-04-23 xine -- multiple remote string vulnerabilities
2006-04-22 cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service
2006-04-19 FreeBSD -- FPU information disclosure
2006-04-18 plone -- "member_id" Parameter Portrait Manipulation Vulnerability
2006-04-16 mozilla -- multiple vulnerabilities
2006-04-16 mailman -- Private Archive Script Cross-Site Scripting
2006-04-10 f2c -- insecure temporary files
2006-04-07 mplayer -- Multiple integer overflows
2006-04-07 kaffeine -- buffer overflow vulnerability
2006-04-07 thunderbird -- javascript execution
2006-04-06 phpmyadmin -- XSS vulnerabilities
2006-04-06 phpmyadmin -- 'set_theme' Cross-Site Scripting
2006-04-06 clamav -- Multiple Vulnerabilities
2006-04-05 mediawiki -- hardcoded placeholder string security bypass vulnerability
2006-04-05 netpbm -- buffer overflow in pnmtopng
2006-04-05 zoo -- stack based buffer overflow
2006-04-05 mediawiki -- cross site scripting vulnerability
2006-04-05 dia -- XFig Import Plugin Buffer Overflow
2006-04-05 openvpn -- LD_PRELOAD code execution on client through malicious or compromised server
2006-04-05 samba -- Exposure of machine account credentials in winbind log files
2006-04-05 mod_pubcookie -- cross site scripting vulnerability
2006-04-05 pubcookie-login-server -- cross site scripting vulnerability
2006-03-29 freeradius -- EAP-MSCHAPv2 Authentication Bypass
2006-03-28 horde -- remote code execution vulnerability in the help viewer
2006-03-27 linux-realplayer -- buffer overrun
2006-03-27 linux-realplayer -- heap overflow
2006-03-24 sendmail -- race condition vulnerability
2006-03-24 OPIE -- arbitrary password change
2006-03-24 ipsec -- reply attack vulnerability
2006-03-21 xorg-server -- privilege escalation
2006-03-20 heimdal -- Multiple vulnerabilities
2006-03-20 curl -- TFTP packet buffer overflow vulnerability
2006-03-17 drupal -- multiple vulnerabilities
2006-03-15 horde -- "url" disclosure of sensitive information vulnerability
2006-03-15 linux-flashplugin -- arbitrary code execution vulnerability
2006-03-12 nfs -- remote denial of service
2006-03-12 openssh -- remote denial of service
2006-03-10 GnuPG does not detect injection of unsigned data
2006-03-09 mplayer -- heap overflow in the ASF demuxer
2006-03-04 SSH.COM SFTP server -- format string vulnerability
2006-03-03 gtar -- invalid headers buffer overflow
2006-02-27 bugzilla -- multiple vulnerabilities
2006-02-24 squirrelmail -- multiple vulnerabilities
2006-02-20 gedit -- format string vulnerability
2006-02-20 WebCalendar -- unauthorized access vulnerability
2006-02-20 abiword, koffice -- stack based buffer overflow vulnerabilities
2006-02-18 postgresql81-server -- SET ROLE privilege escalation
2006-02-17 gnupg -- false positive signature verification
2006-02-16 rssh -- privilege escalation vulnerability
2006-02-16 tor -- malicious tor server can locate a hidden service
2006-02-16 sudo -- arbitrary command execution
2006-02-16 libtomcrypt -- weak signature scheme with ECC keys
2006-02-16 mantis -- "view_filters_page.php" cross site scripting vulnerability
2006-02-16 phpbb -- multiple vulnerabilities
2006-02-16 postgresql -- character conversion and tsearch2 vulnerabilities
2006-02-16 heartbeat -- insecure temporary file creation vulnerability
2006-02-15 kpdf -- heap based buffer overflow
2006-02-15 perl, webmin, usermin -- perl format string integer wrap vulnerability
2006-02-15 phpicalendar -- cross site scripting vulnerability
2006-02-15 phpicalendar -- file disclosure vulnerability
2006-02-14 FreeBSD -- Infinite loop in SACK handling
2006-02-14 pf -- IP fragment handling panic
2006-02-14 FreeBSD -- Local kernel memory disclosure
2006-02-14 IEEE 802.11 -- buffer overflow
2006-02-14 ipfw -- IP fragment denial of service
2006-02-07 kpopup -- local root exploit and local denial of service
2006-01-27 cpio -- multiple vulnerabilities
2006-01-27 ee -- temporary file privilege escalation
2006-01-27 texindex -- temporary file privilege escalation
2006-01-27 cvsbug -- race condition
2006-01-23 sge -- local root exploit in bundled rsh executable
2006-01-23 fetchmail -- crash when bouncing a message
2006-01-10 clamav -- possible heap overflow in the UPX code
2006-01-09 milter-bogom -- headerless message crash
2006-01-07 bogofilter -- heap corruption through excessively long words
2006-01-07 bogofilter -- heap corruption through malformed input
2006-01-04 rxvt-unicode -- restore permissions on tty devices
2006-01-01 apache -- mod_imap cross-site scripting flaw
2005-12-22 nbd-server -- buffer overflow vulnerability
2005-12-22 scponly -- local privilege escalation exploits
2005-12-19 fetchmail -- null pointer dereference in multidrop mode with headerless email
2005-12-14 mantis -- "t_core_path" file inclusion vulnerability
2005-12-14 mantis -- "view_filters_page.php" cross-site scripting vulnerability
2005-12-11 mnemo -- Cross site scripting vulnerabilities in several of the notepad name and note data fields
2005-12-11 nag -- Cross site scripting vulnerabilities in several of the tasklist name and task data fields
2005-12-11 turba -- Cross site scripting vulnerabilities in several of the address book name and contact data fields
2005-12-11 kronolith -- Cross site scripting vulnerabilities in several of the calendar name and event data fields
2005-12-11 horde -- Cross site scripting vulnerabilities in several of Horde's templates
2005-12-09 curl -- URL buffer overflow vulnerability
2005-12-07 phpmyadmin -- register_globals emulation "import_blacklist" manipulation
2005-12-07 phpmyadmin -- XSS vulnerabilities
2005-12-07 ffmpeg -- libavcodec buffer overflow vulnerability
2005-12-07 trac -- search module SQL injection vulnerability
2005-12-01 drupal -- multiple vulnerabilities
2005-11-30 opera -- multiple vulnerabilities
2005-11-30 opera -- command line URL shell command injection
2005-11-30 mambo -- "register_globals" emulation layer overwrite vulnerability
2005-11-27 ghostscript -- insecure temporary file creation vulnerability
2005-11-22 horde -- Cross site scripting vulnerabilities in MIME viewers
2005-11-16 phpmyadmin -- HTTP Response Splitting vulnerability
2005-11-13 phpSysInfo -- "register_globals" emulation layer overwrite vulnerability
2005-11-13 Macromedia flash player -- swf file handling arbitrary code
2005-11-10 flyspray -- cross-site scripting vulnerabilities
2005-11-10 p5-Mail-SpamAssassin -- long message header denial of service
2005-11-07 qpopper -- multiple privilege escalation vulnerabilities
2005-11-04 pear-PEAR -- PEAR installer arbitrary code execution vulnerability
2005-11-01 openvpn -- potential denial-of-service on servers in TCP mode
2005-11-01 openvpn -- arbitrary code execution on client through malicious or compromised server
2005-11-01 PHP -- multiple vulnerabilities
2005-11-01 skype -- multiple buffer overflow vulnerabilities
2005-11-01 squid -- FTP server response handling denial of service
2005-10-31 base -- PHP SQL injection vulnerability
2005-10-30 fetchmail -- fetchmailconf local password exposure
2005-10-30 lynx -- remote buffer overflow
2005-10-27 ruby -- vulnerability in the safe level settings
2005-10-20 xloadimage -- buffer overflows in NIFF image title handling
2005-10-18 snort -- Back Orifice preprocessor buffer overflow vulnerability
2005-10-15 webcalendar -- remote file inclusion vulnerability
2005-10-15 gallery2 -- file disclosure vulnerability
2005-10-12 openssl -- potential SSL 2.0 rollback
2005-10-11 phpmyadmin -- local file inclusion vulnerability
2005-10-11 zope -- expose RestructuredText functionality to untrusted users
2005-10-09 libxine -- format string vulnerability
2005-10-05 imap-uw -- mailbox name handling remote buffer vulnerability
2005-10-02 weex -- remote format string vulnerability
2005-10-02 picasm -- buffer overflow vulnerability
2005-10-01 uim -- privilege escalation vulnerability
2005-10-01 cfengine -- arbitrary file overwriting vulnerability
2005-09-29 phpmyfaq -- SQL injection, takeover, path disclosure, remote code execution
2005-09-24 clamav -- arbitrary code execution and DoS vulnerabilities
2005-09-23 firefox & mozilla -- multiple vulnerabilities
2005-09-22 firefox & mozilla -- command line URL shell command injection
2005-09-17 apache -- Certificate Revocation List (CRL) off-by-one vulnerability
2005-09-17 squirrelmail -- _$POST variable handling allows for various attacks
2005-09-15 X11 server -- pixmap allocation vulnerability
2005-09-15 squid -- possible denial of service condition regarding NTLM authentication
2005-09-13 unzip -- permission race vulnerability
2005-09-10 firefox & mozilla -- buffer overflow vulnerability
2005-09-04 htdig -- cross site scripting vulnerability
2005-09-04 squid -- Denial Of Service Vulnerability in sslConnectTimeout
2005-09-04 squid -- Possible Denial Of Service Vulnerability in store.c
2005-09-03 bind9 -- denial of service
2005-09-03 bind -- buffer overrun vulnerability
2005-09-02 urban -- stack overflow vulnerabilities
2005-08-29 fswiki - command injection vulnerability
2005-08-27 evolution -- remote format string vulnerabilities
2005-08-27 pam_ldap -- authentication bypass vulnerability
2005-08-26 pcre -- regular expression buffer overflow
2005-08-23 elm -- remote buffer overflow in Expires header
2005-08-19 openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server
2005-08-19 openvpn -- denial of service: malicious authenticated "tap" client can deplete server virtual memory
2005-08-19 openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients
2005-08-19 openvpn -- denial of service: client certificate validation can disconnect unrelated clients
2005-08-17 tor -- diffie-hellman handshake flaw
2005-08-16 acroread -- plug-in buffer overflow vulnerability
2005-08-15 pear-XML_RPC -- remote PHP code injection vulnerability
2005-08-14 awstats -- arbitrary code execution vulnerability
2005-08-12 libgadu -- multiple vulnerabilities
2005-08-12 gaim -- AIM/ICQ non-UTF-8 filename crash
2005-08-12 gaim -- AIM/ICQ away message buffer overflow
2005-08-12 xpdf -- disk fill DoS vulnerability
2005-08-09 gforge -- XSS and email flood vulnerabilities
2005-08-08 postnuke -- multiple vulnerabilities
2005-08-05 mambo -- multiple vulnerabilities
2005-08-05 ipsec -- Incorrect key usage in AES-XCBC-MAC
2005-08-05 zlib -- buffer overflow vulnerability
2005-08-05 devfs -- ruleset bypass
2005-08-03 proftpd -- format string vulnerabilities
2005-08-01 nbsmtp -- format string vulnerability
2005-07-31 sylpheed -- MIME-encoded file name buffer overflow vulnerability
2005-07-31 phpmyadmin -- cross site scripting vulnerability
2005-07-31 gnupg -- OpenPGP symmetric encryption vulnerability
2005-07-31 vim -- vulnerabilities in modeline handling: glob, expand
2005-07-30 tiff -- buffer overflow vulnerability
2005-07-30 opera -- image dragging vulnerability
2005-07-30 opera -- download dialog spoofing vulnerability
2005-07-30 ethereal -- multiple protocol dissectors vulnerabilities
2005-07-30 jabberd -- 3 buffer overflows
2005-07-26 apache -- http request smuggling
2005-07-25 clamav -- multiple remote buffer overflows
2005-07-23 isc-dhcpd -- format string vulnerabilities
2005-07-23 egroupware -- multiple cross-site scripting (XSS) and SQL injection vulnerabilities
2005-07-22 fetchmail -- denial of service/crash from malicious POP3 server
2005-07-21 dnrd -- remote buffer and stack overflow vulnerabilities
2005-07-21 PowerDNS -- LDAP backend fails to escape all queries
2005-07-20 fetchmail -- remote root/code injection from malicious POP3 server
2005-07-18 kdebase -- Kate backup file permission leak
2005-07-16 firefox & mozilla -- multiple vulnerabilities
2005-07-16 drupal -- PHP code execution vulnerabilities
2005-07-09 phpSysInfo -- cross site scripting vulnerability
2005-07-09 mysql-server -- insecure temporary file creation
2005-07-09 net-snmp -- fixproc insecure temporary file creation
2005-07-09 phpbb -- multiple vulnerabilities
2005-07-09 shtool -- insecure temporary file creation
2005-07-08 phppgadmin -- "formLanguage" local file inclusion vulnerability
2005-07-08 pear-XML_RPC -- information disclosure vulnerabilities
2005-07-08 ekg -- insecure temporary file creation
2005-07-08 bugzilla -- multiple vulnerabilities
2005-07-08 nwclient -- multiple vulnerabilities
2005-07-06 acroread -- insecure temporary file creation
2005-07-06 clamav -- cabinet file handling DoS vulnerability
2005-07-06 clamav -- MS-Expand file handling DoS vulnerability
2005-07-06 zlib -- buffer overflow vulnerability
2005-07-06 acroread -- buffer overflow vulnerability
2005-07-05 net-snmp -- remote DoS vulnerability
2005-07-05 cacti -- multiple vulnerabilities
2005-07-05 wordpress -- multiple vulnerabilities
2005-07-05 wordpress -- multiple vulnerabilities
2005-07-03 phpbb -- remote PHP code execution vulnerability
2005-07-03 pear-XML_RPC -- arbitrary remote code execution
2005-06-29 kernel -- ipfw packet matching errors with address tables
2005-06-29 bzip2 -- denial of service and permission race vulnerabilities
2005-06-29 kernel -- TCP connection stall denial of service
2005-06-24 ethereal -- multiple protocol dissectors vulnerabilities
2005-06-24 tor -- information disclosure
2005-06-24 linux-realplayer -- RealText parsing heap overflow
2005-06-23 ruby -- arbitrary command execution on XMLRPC server
2005-06-21 cacti -- potential SQL injection and cross site scripting attacks
2005-06-20 opera -- XMLHttpRequest security bypass
2005-06-20 opera -- "javascript:" URL cross-site scripting vulnerability
2005-06-20 opera -- redirection cross-site scripting vulnerability
2005-06-20 sudo -- local race condition vulnerability
2005-06-20 trac -- file upload/download vulnerability
2005-06-20 razor-agents -- denial of service vulnerability
2005-06-18 p5-Mail-SpamAssassin -- denial of service vulnerability
2005-06-18 squirrelmail -- Several cross site scripting vulnerabilities
2005-06-18 acroread -- XML External Entity vulnerability
2005-06-18 gzip -- directory traversal and permission race vulnerabilities
2005-06-18 tcpdump -- infinite loops in protocol decoding
2005-06-17 gaim -- Yahoo! remote crash vulnerability
2005-06-17 gaim -- MSN Remote DoS vulnerability
2005-06-17 gallery -- remote code injection via HTTP_POST_VARS
2005-06-17 gallery -- cross-site scripting
2005-06-17 kstars -- exploitable set-user-ID application fliccd
2005-06-17 fd_set -- bitmap index overflow in multiple applications
2005-06-09 leafnode -- denial of service vulnerability
2005-06-03 gforge -- directory traversal vulnerability
2005-06-03 imap-uw -- authentication bypass when CRAM-MD5 is enabled
2005-06-03 squid -- denial-of-service vulnerabilities
2005-06-03 racoon -- remote denial-of-service
2005-06-03 xli -- integer overflows in image size calculations
2005-06-03 xloadimage -- arbitrary command execution when handling compressed files
2005-06-03 xloadimage -- buffer overflow in FACES image handling
2005-06-03 yamt -- buffer overflow and directory traversal issues
2005-06-01 xview -- multiple buffer overflows in xv_parse_one
2005-06-01 xtrlock -- X display locking bypass
2005-06-01 linux_base -- vulnerabilities in Red Hat 7.1 libraries
2005-06-01 squirrelmail -- XSS and remote code injection vulnerabilities
2005-06-01 sympa -- buffer overflow in "queue"
2005-06-01 mailman -- generated passwords are poor quality
2005-06-01 mailman -- password disclosure
2005-06-01 tomcat -- Tomcat Manager cross-site scripting
2005-05-29 fswiki -- XSS problem in file upload form
2005-05-22 freeradius -- sql injection and denial of service vulnerability
2005-05-22 ppxp -- local root exploit
2005-05-22 oops -- format string vulnerability
2005-05-19 cdrdao -- unspecified privilege escalation vulnerability
2005-05-19 squid -- possible abuse of cachemgr.cgi
2005-05-19 squid -- DNS lookup spoofing vulnerability
2005-05-14 gaim -- MSN remote DoS vulnerability
2005-05-14 gaim -- remote crash on some protocols
2005-05-13 kernel -- information disclosure when using HTT
2005-05-13 leafnode -- fetchnews denial-of-service triggered by transmission abort/timeout
2005-05-12 mozilla -- privilege escalation via non-DOM property overrides
2005-05-12 mozilla -- "Wrapped" javascript: urls bypass security checks
2005-05-11 mozilla -- code execution via javascript: IconURL vulnerability
2005-05-09 groff -- pic2graph and eqn2graph are vulnerable to symlink attack through temporary files
2005-05-09 groff -- groffer uses temporary files unsafely
2005-05-01 sharutils -- unshar insecure temporary file creation
2005-05-01 rsnapshot -- local privilege escalation
2005-05-01 coppermine -- IP spoofing and XSS vulnerability
2005-04-27 ImageMagick -- ReadPNMImage() heap overflow vulnerability
2005-04-25 mplayer & libxine -- MMS and Real RTSP buffer overflow vulnerabilities
2005-04-25 gaim -- AIM/ICQ remote denial of service vulnerability
2005-04-25 gaim -- remote DoS on receiving malformed HTML
2005-04-23 kdewebdev -- kommander untrusted code execution vulnerability
2005-04-22 junkbuster -- heap corruption vulnerability and configuration modification vulnerability
2005-04-22 kdelibs -- kimgio input validation errors
2005-04-19 gld -- format string and buffer overflow vulnerabilities
2005-04-17 axel -- remote buffer overflow
2005-04-16 firefox -- PLUGINSPAGE privileged javascript execution
2005-04-16 jdk -- jar directory traversal vulnerability
2005-04-16 mozilla -- privilege escalation via DOM property overrides
2005-04-16 mozilla -- code execution through javascript: favicons
2005-04-16 mozilla -- javascript "lambda" replace exposes memory contents
2005-04-16 firefox -- arbitrary code execution in sidebar panel
2005-04-13 openoffice -- DOC document heap overflow vulnerability
2005-04-12 portupgrade -- insecure temporary file handling vulnerability
2005-04-10 gaim -- jabber remote crash
2005-04-10 gaim -- remote DoS on receiving certain messages over IRC
2005-04-10 gaim -- remote DoS on receiving malformed HTML
2005-04-10 php -- readfile() DoS vulnerability
2005-04-10 squid -- DoS on failed PUT/POST requests vulnerability
2005-04-05 horde -- Horde Page Title Cross-Site Scripting Vulnerability
2005-04-04 wu-ftpd -- remote globbing DoS vulnerability
2005-04-02 hashcash -- format string vulnerability
2005-03-26 clamav -- zip handling DoS vulnerability
2005-03-24 wine -- information disclosure due to insecure temporary file handling
2005-03-24 firefox -- arbitrary code execution from sidebar panel
2005-03-24 mozilla -- heap buffer overflow in GIF image processing
2005-03-23 sylpheed -- buffer overflow in header processing
2005-03-21 xv -- filename handling format string vulnerability
2005-03-21 kdelibs -- local DCOP denial of service vulnerability
2005-03-15 phpmyadmin -- increased privilege vulnerability
2005-03-14 ethereal -- multiple protocol dissectors vulnerabilities
2005-03-14 grip -- CDDB response multiple matches buffer overflow vulnerability
2005-03-14 mysql-server -- multiple remote vulnerabilities
2005-03-13 rxvt-unicode -- buffer overflow vulnerability
2005-03-08 phpmyadmin -- information disclosure vulnerability
2005-03-08 phpmyadmin -- arbitrary file include and XSS vulnerabilities
2005-03-08 libexif -- buffer overflow vulnerability
2005-03-05 phpbb - Insuffient check against HTML code in usercp_register.php
2005-03-04 postnuke -- SQL injection vulnerabilities
2005-03-04 postnuke -- cross-site scripting (XSS) vulnerabilities
2005-03-04 realplayer -- remote heap overflow
2005-03-03 ImageMagick -- format string vulnerability
2005-03-01 uim -- privilege escalation vulnerability
2005-03-01 lighttpd -- script source disclosure vulnerability
2005-02-28 phpbb -- privilege elevation and path disclosure
2005-02-27 curl -- authentication buffer overflow vulnerability
2005-02-27 cyrus-imapd -- multiple buffer overflow vulnerabilities
2005-02-27 sup -- format string vulnerability
2005-02-26 mozilla -- insecure temporary directory vulnerability
2005-02-26 mozilla -- arbitrary code execution vulnerability
2005-02-24 mkbold-mkitalic -- format string vulnerability
2005-02-23 phpbb -- multiple information disclosure vulnerabilities
2005-02-22 unace -- multiple vulnerabilities
2005-02-20 putty -- pscp/psftp heap corruption vulnerabilities
2005-02-18 kdelibs -- insecure temporary file creation
2005-02-18 bidwatcher -- format string vulnerability
2005-02-18 gftp -- directory traversal vulnerability
2005-02-18 opera -- "data:" URI handler spoofing vulnerability
2005-02-18 opera -- kfmclient exec command execution vulnerability
2005-02-17 postgresql -- multiple buffer overflows in PL/PgSQL parser
2005-02-16 awstats -- arbitrary command execution
2005-02-14 powerdns -- DoS vulnerability
2005-02-14 emacs -- movemail format string vulnerability
2005-02-13 ngircd -- format string vulnerability
2005-02-13 ngircd -- buffer overflow vulnerability
2005-02-13 mod_python -- information leakage vulnerability
2005-02-12 mailman -- directory traversal vulnerability
2005-02-11 enscript -- multiple vulnerabilities
2005-02-08 postgresql -- privilege escalation vulnerability
2005-02-08 ethereal -- multiple protocol dissectors vulnerabilities
2005-02-08 squid -- correct handling of oversized HTTP reply headers
2005-02-03 python -- SimpleXMLRPCServer.py allows unrestricted traversal
2005-02-02 perl -- vulnerabilities in PERLIO_DEBUG handling
2005-02-01 newsgrab -- insecure file and directory creation
2005-02-01 newsgrab -- directory traversal vulnerability
2005-02-01 newspost -- server response buffer overflow vulnerability
2005-02-01 newsfetch -- server response buffer overflow vulnerability
2005-01-28 squid -- buffer overflow in WCCP recvfrom() call
2005-01-26 xpdf -- makeFileKey2() buffer overflow vulnerability
2005-01-25 zhcon -- unauthorized file access
2005-01-25 evolution -- arbitrary code execution vulnerability
2005-01-24 mod_dosevasive -- insecure temporary file creation
2005-01-24 squid -- possible cache-poisoning via malformed HTTP responses
2005-01-24 bugzilla -- cross-site scripting vulnerability
2005-01-24 web browsers -- window injection vulnerabilities
2005-01-24 opera -- multiple vulnerabilities in Java implementation
2005-01-23 yamt -- arbitrary command execution vulnerability
2005-01-22 squid -- HTTP response splitting cache pollution attack
2005-01-22 horde -- XSS vulnerabilities
2005-01-21 mc -- multiple vulnerabilities
2005-01-21 perl -- File::Path insecure file/directory permissions
2005-01-21 sudo -- environmental variable CDPATH is not cleared
2005-01-21 fcron -- multiple vulnerabilities
2005-01-21 realplayer -- arbitrary file deletion and other vulnerabilities
2005-01-21 imlib -- xpm heap buffer overflows and integer overflows
2005-01-21 egroupware -- arbitrary file download in JiNN
2005-01-21 quake2 -- multiple critical vulnerabilities
2005-01-19 konversation -- shell script command injection
2005-01-19 squid -- no sanity check of usernames in squid_ldap_auth
2005-01-18 cups-base -- CUPS server remote DoS vulnerability
2005-01-18 tiff -- divide-by-zero denial-of-service
2005-01-18 zgv -- exploitable heap overflows
2005-01-18 mozilla -- insecure permissions for some downloaded files
2005-01-18 awstats -- remote command execution vulnerability
2005-01-18 ImageMagick -- PSD handler heap overflow vulnerability
2005-01-17 cups-lpr -- lppasswd multiple vulnerabilities
2005-01-17 cups-base -- HPGL buffer overflow vulnerability
2005-01-16 mysql-scripts -- mysqlaccess insecure temporary file creation
2005-01-16 unrtf -- buffer overflow vulnerability
2005-01-13 mozilla -- heap overflow in NNTP handler
2005-01-13 mpg123 -- buffer overflow vulnerability
2005-01-12 squid -- denial of service with forged WCCP messages
2005-01-12 squid -- buffer overflow vulnerability in gopherToHTML
2005-01-12 libxine -- DVD subpicture decoder heap overflow
2005-01-12 libxine -- multiple vulnerabilities in VideoCD handling
2005-01-12 libxine -- multiple buffer overflows in RTSP
2005-01-11 hylafax -- unauthorized login vulnerability
2005-01-11 xshisen -- local buffer overflows
2005-01-10 helvis -- arbitrary file deletion problem
2005-01-10 helvis -- information leak vulnerabilities
2005-01-08 dillo -- format string vulnerability
2005-01-07 tnftp -- mget does not check for directory escapes
2005-01-06 tiff -- tiffdump integer overflow vulnerability
2005-01-06 tiff -- directory entry count integer overflow vulnerability
2005-01-06 vim -- vulnerabilities in modeline handling
2005-01-06 pcal -- buffer overflow vulnerabilities
2005-01-05 exim -- two buffer overflow vulnerabilities
2005-01-03 mpg123 -- playlist processing buffer overflow vulnerability
2005-01-03 greed -- insecure GRX file processing
2005-01-03 golddig -- local buffer overflow vulnerabilities
2005-01-02 up-imapproxy -- multiple vulnerabilities
2005-01-01 kdelibs3 -- konqueror FTP command injection vulnerability
2004-12-30 a2ps -- insecure temporary file creation
2004-12-29 libxine -- buffer-overflow vulnerability in aiff support
2004-12-26 jabberd -- denial-of-service vulnerability
2004-12-23 squid -- confusing results on empty acl declarations
2004-12-23 ethereal -- multiple vulnerabilities
2004-12-23 xpdf -- buffer overflow vulnerability
2004-12-22 phpbb -- arbitrary command execution and other vulnerabilities
2004-12-21 acroread5 -- mailListIsPdf() buffer overflow vulnerability
2004-12-21 ecartis -- unauthorised access to admin interface
2004-12-21 mplayer -- multiple vulnerabilities
2004-12-21 krb5 -- heap buffer overflow vulnerability in libkadm5srv
2004-12-21 samba -- integer overflow vulnerability
2004-12-17 php -- multiple vulnerabilities
2004-12-16 mysql -- GRANT access restriction problem
2004-12-16 mysql -- ALTER MERGE denial of service vulnerability
2004-12-16 mysql -- FTS request denial of service vulnerability
2004-12-16 mysql -- mysql_real_connect buffer overflow vulnerability
2004-12-16 mysql -- erroneous access restrictions applied to table renames
2004-12-15 phpmyadmin -- command execution vulnerability
2004-12-15 phpmyadmin -- file disclosure vulnerability
2004-12-14 wget -- multiple vulnerabilities
2004-12-12 konqueror -- Password Disclosure for SMB Shares
2004-12-11 mod_access_referer -- null pointer dereference vulnerability
2004-12-09 squid -- possible information disclosure
2004-12-08 viewcvs -- information leakage
2004-12-07 cscope -- symlink attack vulnerability
2004-12-04 bnc -- remotely exploitable buffer overflow in getnickuserhost
2004-12-02 rssh & scponly -- arbitrary command execution
2004-12-02 rockdodger -- buffer overflows
2004-12-01 zip -- long path buffer overflow
2004-12-01 sudoscript -- signal delivery vulnerability
2004-11-30 jabberd -- remote buffer overflow vulnerability
2004-11-27 Open DC Hub -- remote buffer overflow vulnerability
2004-11-26 unarj -- long filename buffer overflow
2004-11-26 unarj -- directory traversal vulnerability
2004-11-25 jdk/jre -- Security Vulnerability With Java Plugin
2004-11-25 ProZilla -- server response buffer overflow vulnerabilities
2004-11-22 Cyrus IMAPd -- APPEND command uses undefined programming construct
2004-11-22 Cyrus IMAPd -- FETCH command out of bounds memory corruption
2004-11-22 Cyrus IMAPd -- PARTIAL command out of bounds memory corruption
2004-11-22 Cyrus IMAPd -- IMAPMAGICPLUS preauthentification overflow
2004-11-20 phpMyAdmin -- cross-site scripting vulnerabilities
2004-11-18 Overflow error in fetch
2004-11-17 smbd -- buffer-overrun vulnerability
2004-11-15 twiki -- arbitrary shell command execution
2004-11-15 proxytunnel -- format string vulnerability
2004-11-13 sudo -- privilege escalation with bash scripts
2004-11-13 ruby -- CGI DoS
2004-11-12 samba -- potential remote DoS vulnerability
2004-11-12 gnats -- format string vulnerability
2004-11-12 squirrelmail -- cross site scripting vulnerability
2004-11-11 hafiye -- lack of terminal escape sequence filtering
2004-11-11 ez-ipupdate -- format string vulnerability
2004-11-11 ImageMagick -- EXIF parser buffer overflow
2004-11-10 apache2 multiple space header denial-of-service vulnerability
2004-11-10 socat -- format string vulnerability
2004-11-09 libxml -- remote buffer overflows
2004-11-08 p5-Archive-Zip -- virus detection evasion
2004-11-06 apache mod_include buffer overflow vulnerability
2004-11-06 postgresql-contrib -- insecure temporary file creation
2004-11-05 gd -- integer overflow
2004-11-04 putty -- buffer overflow vulnerability in ssh2 support
2004-11-03 wzdftpd -- remote DoS
2004-10-27 horde -- cross-site scripting vulnerability in help window
2004-10-26 bogofilter -- RFC 2047 decoder denial-of-service vulnerability
2004-10-25 rssh -- format string vulnerability
2004-10-25 xpdf -- integer overflow vulnerabilities
2004-10-25 gaim -- MSN denial-of-service vulnerabilities
2004-10-25 gaim -- Content-Length header denial-of-service vulnerability
2004-10-25 gaim -- multiple buffer overflows
2004-10-25 gaim -- heap overflow exploitable by malicious GroupWise server
2004-10-25 gaim -- malicious smiley themes
2004-10-25 gaim -- buffer overflow in MSN protocol support
2004-10-23 mod_ssl -- SSLCipherSuite bypass
2004-10-23 mpg123 -- buffer overflow in URL handling
2004-10-21 apache2 -- SSL remote DoS
2004-10-20 phpmyadmin -- remote command execution vulnerability
2004-10-20 cabextract -- insecure directory handling
2004-10-20 a2ps -- insecure command line argument handling
2004-10-19 ifmail -- unsafe set-user-ID application
2004-10-19 imwheel -- insecure handling of PID file
2004-10-17 cacti -- SQL injection
2004-10-17 apache13-modssl -- format string vulnerability in proxy support
2004-10-15 tor -- remote DoS and loss of anonymity
2004-10-13 icecast -- Cross-Site Scripting Vulnerability
2004-10-13 icecast -- HTTP header overflow
2004-10-13 freeradius -- denial-of-service vulnerability
2004-10-13 xerces-c2 -- Attribute blowup denial-of-service
2004-10-13 wordpress -- XSS in administration panel
2004-10-13 tiff -- multiple integer overflows
2004-10-13 CUPS -- local information disclosure
2004-10-13 tiff -- RLE decoder heap overflows
2004-10-13 sharutils -- buffer overflows
2004-10-12 zinf -- potential buffer overflow playlist support
2004-10-12 mail-notification -- denial-of-service vulnerability
2004-10-12 squid -- SNMP module denial-of-service vulnerability
2004-10-12 cyrus-sasl -- potential buffer overflow in DIGEST-MD5 plugin
2004-10-08 cyrus-sasl -- dynamic library loading and set-user-ID applications
2004-10-05 imp3 -- XSS hole in the HTML viewer
2004-10-05 bmon -- unsafe set-user-ID application
2004-10-05 gnutls -- certificate chain verification DoS
2004-10-05 php -- php_variables memory disclosure