Non Gamstop CasinosCasinos Not On GamstopOnline Casinos UKCasinos Not On GamstopNon Gamstop CasinoCasino Not On Gamstop

Contents
.Home
.News
.About
.Contacts
.Mirror sites
.Security tools
.Mailing lists
.Documents
.Exploits
.Links
Search
Exploits, bugs and info

Browse by Operating System

Older bugs AIX *BSD* Digital HPUX IRIX
Linux Most UNIXes Win NT Other Systems SCO SunOS & Solaris

mirrored from Security Bugware
What's new

Macromedia Flash Ads clickTAG - Other - Macromedia Flash ad user tracking field xss and session retrieval (Apr 16)
Instaboard - Other - Instaboard SQL injection (Apr 16)
FipsGuestbook - Other - FipsGuestbook script injection (Apr 16)
Progress Database - Other - Progress Database unchecked buffer in BINPATHX leads to overflow (Apr 16)
win2k.sys - NT - Windows 2003 win2k.sys vulnerability (Apr 16)
Netgear - Other - Netgear routers logging vulnerability (Apr 16)
Ez Publish - Other - Ez publish info & path disclosure and XSS (Apr 16)
eog - Other - Eye of GNOME (EOG) arbitrary code execution (Apr 16)
snort - Other - Snort TCP Stream Reassembly Integer Overflow Vulnerability (Apr 16)
NB 1300 modem/router - Other - NB 1300 modem/router password remotely accessible (Apr 16)
ps2epsi - Other - ps2epsi insecure temporary file creation (Apr 16)
gtkHTML - Other - gtkHTML misshandling of malformed messages (Apr 16)
ActivCard - Other - ActivCard password cache memory leakage (Apr 16)
SheerDNS - Other - SheerDNS Buffer Overflow and Directory Traversal (Apr 16)
lprng - mUNIXes - lprng insecure temporary file creation (Apr 16)
veritas backupExec - NT - Veritas BackupExec 9.0 is vulnerable to Slammer worm (Apr 16)
kernel - Linux - Linux local root exploit via ptrace (Mar 17)
DirectoryService - MacOS - DirectoryService privilege escalation and DoS attack (Apr 14)
Gaim-Encryption Plugin - Other - Gaim-Encryption Plugin heap corruption (Apr 14)
FileMaker Pro - Other - FileMaker Pro remote password retrieval (Apr 14)
Ocean12 Guestbook - Other - Ocean12 ASP Guestbook script injection (Apr 14)
Linsys BEFVP41 - Other - Linsys BEFVP41 VPN router information leakage (Apr 14)
MailMax - Other - MailMax Buffer Overflow (potential DoS) (Apr 14)
Progress Database - Other - Progress Database poor bounds checking (local root compromise) (Apr 14)
Oracle - Other - Oracle E-Business Suite FNDFS remotely file retrieval (Apr 14)
xfsdump - mUNIXes - xfsdump insecure file creation (Apr 14)
Apache - Other - Apache HTTP Server Denial of Service (Apr 9)
xfsdump - IRIX - xfsdump insecure file creation (Apr 11)
Microsoft VM - NT - Microsoft Virtual Machine Bytecode Verifier Vulnerability (Apr 11)
KDE - Linux - KDE arbitrary code execution using ghostscript (Apr 11)
phPay - Other - phPay XSS, path disclosure, phpinfo() (Apr 10)
ISC guestbook - Other - ISC guestbook script injection vulnerability (Apr 10)
Hyperion FTP Server - NT - Hyperion FTP Server Buffer Overflow (DoS & remote access) (Apr 10)
seti@home - Other - seti@home client & server Information leakage and remotely exploitable buffer overflow (Apr 10)
Microsoft Proxy Server / Internet Security and Acceleration Server - NT - Microsoft Proxy Server and Internet Security and Acceleration Server DoS (Apr 10)
heimdal - mUNIXes - heimdal Cryptographic weakness (Apr 10)
Portable Executable (PE) File Format For Win32 - NT - Portable Executable (PE) File Format For Win32 analysis and vulnerabilities (Apr 10)
PoPToP PPTP server - mUNIXes - PoPToP PPTP server remote buffer overflow (Apr 10)
samba - mUNIXes - Samba remote buffer overflow (Apr 7)
AMaViS-ng - mUNIXes - AMaViS-ng possible open relay and mail loss (Apr 9)
Orplex - Other - Orplex guestbook script injection (Apr 9)
mIRC - NT - mIRC dcc filename spoofing (Apr 9)
Opera - Other - Opera Buffer Overflow (Apr 9)
mgetty - Linux - mgetty buffer overflow and permissions problem (Apr 9)
JpegX - Other - JpegX password bypass (Apr 8)
Vignette Story Server - Other - Vignette Story Server sensitive informations leakage (Apr 8)
Coppermine Photo Gallery - Other - Coppermine Photo Gallery remote command execution (Apr 8)
metrics - mUNIXes - metrics insecure temporary file creation (Apr 8)
Lotus Notes - Other - Java Agent freezes Lotus Notes and Domino 6.0.1 (Apr 7)
Usbview - Linux - Usbview exploit (Apr 6)
D-Link Modem/Router - Other - D-Link Broadband Modem/Router (Apr 6)
RealPlayer - Other - RealPlayer PNG deflate heap corruption vulnerability (Apr 6)
QuickTime - NT - Buffer Overflow in Windows QuickTime Player (Apr 6)
IkonBoard - Other - IkonBoard arbitrary command execution (Apr 6)
Netgear FM114P - Other - Netgear FM114P ProSafe Wireless Router upnp hole (Apr 6)
OsCommerce - Other - OsCommerce CVS Security Analysis (Apr 6)
openssl - Other - openssl timming attack to obtain plaintext of SSL/TLS communication (Feb 20)
OpenSSL - Other - OpenSSL and other crypto library timming attack vulenrability (Mar 15)
Sambar - Other - Sambar Server buffer overflow and sample cgi / script vulnerabilities (Apr 6)
kernel - NT - Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability (Apr 6)
passlogd - Other - passlogd sniffer remote buffer overflow root exploit (Apr 6)
kernel - mUNIXes - Syscall implementation could lead to whether or not a file exists (Apr 6)
EZ Server - Other - Remote Denial of Service Vulnerability in EZ Server (Apr 6)
XMB Forum - Other - XMB Forum XSS (Apr 6)
Sendmail - Other - Sendmail remote heap overflow in address parser code (Apr 6)
Ceilidh - Other - Cross Site Scripting vulnerability in Ceilidh testcgi.exe (Apr 6)
Browsers - Other - Java and Javascript script executions and DoS in Netscape and Opera (Apr 6)
Verity - Other - XSS Bug In Verity Information Server (Apr 6)
- none - - Other - SBW team takes some time off - news will get updated, but on a slower rate - (Mar 29)
JWALK - NT - JWALK application server Directory Traversal Vulnerability (Mar 26)
Emule - NT - Emule 0.27b remote crash (Mar 26)
Axis - Other - Axis Video and Camera Servers system log & file access/overwrite via HTTP/CGI (Mar 26)
Symantec - NT - Symantec Enterprise Firewall (SEF) HTTP URL pattern evasion issue (Mar 26)
Adobe Acrobat - Other - Digital signature for Adobe Acrobat/Reader plug-in can be forged (Mar 26)
PHP - Other - PHP Integer overflow in socket_iovec_alloc() function and memory allocator (Mar 26)
MAILsweeper - NT - MAILsweeper MIME attachment evasion (Mar 9)
kernel - NT - IIS remote buffer overflow due to WebDAV/ntdll.dll (Mar 18)
PHP-Arena - Other - PHP-Arena XSS (Mar 26)
Verity - Other - Verity Information Server XSS (Mar 26)
3com - Other - 3com Remote vulnerabilities (Mar 24)
PHP Arena - Other - paFileDB SQL Injection Vulnerability (Mar 24)
Check Point - mUNIXes - Check Point DoS attack against syslog daemon (Mar 22)
ActiveSync - NT - ActiveSync DoS (Mar 22)
PHP-Nuke - Other - PHP-Nuke SQL Injection (Mar 22)
kernel - NT - NT Service Killer (Mar 22)
PostNuke - Other - PostNuke path disclosure (Mar 21)
apcupsd - Linux - apcupsd local buffer overflow (Mar 21)
mutt - Linux - mutt buffer overflow in IMAP client (Mar 20)
dtprintinfo - SCO - dtprintinfo buffer overflow in various Unix systems (Sep 26)
snort - Other - snort bypass using fragroute (Sep 26)
Netscape - Other - Netscape & Mozilla multiple remote vulns (file access, buffer overflow ...) (Sep 26)
ISA - NT - ISA Server DNS Intrusion DoS (Mar 20)
osCommerce - Other - osCommerce multiple XSS vulnerabilities (Mar 20)
Internet Explorer - NT - IE allows universal Cross Site Scripting (Sep 26)
Script - NT - Windows Script Engine Heap Overflow (Mar 20)
Evolution - Linux - Ximian 's Evolution Multiple vulnerabilities (Mar 20)
XOOPS - Other - XOOPS path disclosure (Mar 20)
XDR/RPC - mUNIXes - XDR Integer Overflow (Mar 20)
php - Other - Various Content Managing Systems XSS (Mar 19)
McAfee ePolicy - NT - McAfee ePolicy Orchestrator Format String Vulnerability (Mar 17)
Java - Other - JDK Denial-Of-Service holes (Mar 16)
samba - mUNIXes - samba remote buffer overflow (Mar 16)
kernel - NT - Windows explorer DoS with cross-referenced shortcuts (link(a) <-> link(b)) (Mar 16)
ircII - Linux - ircII-based clients buffer overflows (Mar 15)
DeleGate - Other - DeleGate Pointer Array Overflow May Let Remote Users Execute Arbitrary Code (Mar 14)
iPlanet - NT - Sun ONE (iPlanet) Application Server Connector Module Overflow (Mar 14)
Lotus Notes - Other - Lotus Notes/Domino R6-beta PROTOS LDAP Denial of Service Regression (Mar 14)
Lotus Notes - Other - Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow (Mar 14)
Lotus Notes - Other - Lotus Notes Protocol Authentication Buffer Overflow (Mar 14)
pgp4pine - Linux - pgp4pine stack overflow vulnerability (Mar 12)
PHP-Nuke - Other - PHP-Nuke Serious SQL Injection Security Holes (Mar 6)
Internet Explorer - NT - .MHT Buffer Overflow in Internet Explorer (Mar 12)
MySQL - Other - MySQL configuration injection makes it runs as root (Mar 12)
sudo - mUNIXes - sudo heap overflow exploit via expand_prompt() function (Nov 25)
VPOPMail - mUNIXes - VPOPMail Account Administration (squirrel mail) arbitrary remote command execution (Mar 12)
man - mUNIXes - man arbitrary code execution (Mar 12)
PostgreSQL - Other - PostgreSQL Remote DoS condition (Mar 12)
Opera - Other - Opera long filename download buffer overflow (Mar 12)
802.11b - Other - 802.11b Denial of Service (Mar 12)
SOHO Routefinder 550 VPN - Other - SOHO Routefinder 550 VPN Denial of Service and Buffer Overflow (Mar 12)
qpopper - mUNIXes - Qpopper buffer overflow (Mar 12)
securitybugware - Other - SecurityBugware software news : PacketExcalibur, LibnetGUI (By Louis Botterill) (Mar 11)
lprm - BSD - lprm local exploit (Mar 8)
xscreensaver - Linux - xscreensaver local buffer overflow via XLOCALEDIR var (Mar 8)
DNS - Other - DNS and global Internet security (Mar 7)
file - mUNIXes - file local buffer overflow (Mar 4)
PHP Ping - Other - PHP Ping Remote Command Execution (Mar 6)
ShopFactory - Other - ShopFactory shopping cart price manipulation (Dec 3)
DNS - Other - Log corruption via specially crafted reverse DNS data (Mar 4)
ftp - SCO - ftp client remote command injection with pipe symbols in filenames (Mar 4)
PY-Livredor - Other - PY-Livredor Cross Site Scripting & Script Injection Vulnerability (Mar 4)
Adobe - Other - Implementation flaws in Adobe Document Server for Reader Extensions (Mar 4)
Pastel accounting - NT - Pastel accounting potential user compromise (Mar 4)
Snort - Other - Buffer overflow in Snort RPC preprocessor (Mar 4)
sendmail - Other - sendmail remote buffer overflow with mail header parsing code bug (Mar 4)
Jetdirect - Other - HP Jetdirect SNMP password vulnerability when using Web JetAdmin (Mar 4)
CoffeeCup - Other - CoffeeCup users password and config remotely accessible (Mar 2)
PHP-Nuke - Other - PHP-Nuke allows remote copy of arbitrary files (Jan 21)
Internet Explorer - NT - IE Self-Executing HTML (Feb 26)
Typo3 - Linux - Typo3 remote file disclosure, command execution ... (Mar 1)
QuickTime - MacOS - QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities (Feb 25)
netscape - mUNIXes - netscape (Nov 10)
Axis Webcam - Other - Axis Webcam remote DoS via web server (Feb 28)
ISMAIL - NT - ISMAIL remote buffer overrun (Feb 28)
ml85p - Linux - ml85p local root exploit (Feb 28)
Ecartis - Linux - Ecartis Password Reseting Vulnerability (Feb 28)
Kernel - NT - MS-Windows ME IE/Outlook/HelpCenter remote script execution (Feb 28)
AMX-Mod - Other - Half-Life AMX-Mod remote (root) hole (Feb 27)
Netscape - Other - Netscape crashes by a simple stylesheet... (Feb 25)
lynx - Linux - lynx CRLF injection vulnerability (Feb 25)
terminal - mUNIXes - Hacking terminal emulators (Feb 25)
zlib - Other - zlib buffer overrun in gzprintf() (Feb 24)
Mambo - Other - Mambo SiteServer exploit gains administrative privileges (Feb 25)
Internet Explorer - NT - IE Shared codebase of (eg. in Outlook) allows silent delivery and exec of code (Feb 24)
Platinum FTP - NT - Platinum FTP directory traversal (Feb 24)
Glftpd - Linux - Glftpd remote root and other vulnerabilities (Feb 24)
Webmin - mUNIXes - Webmin/Usermin Session ID Spoofing Vulnerability (Sep 26)
moxftp - BSD - moxftp remote overlfow (Feb 24)
sircd - BSD - sircd remote overflow (Feb 24)
WWWBoard - Other - WWWBoard XSS (Feb 24)
Telindus - Other - Telindus password recovery due to weak encryption scheme (Feb 24)
Cpanel - Other - Cpanel remote command execution and local root vulnerabilities (Feb 19)
kernel - NT - Bypassing Personal Firewalls with code injection , sample in C (Feb 22)
Myguestbook - Other - Myguestbook (PHP) XSS and admin page access (Feb 22)
Cisco SIP - Other - Cisco SIP remote crash (Feb 22)
Perl2Exe - NT - Perl2Exe EXEs Can Be Decompiled (Feb 22)
Cisco - Other - Cisco OSPF remote buffer overflow POC exploit (Feb 20)
PHPNuke - Other - PHPNuke SQL Injection (Feb 21)
phpBB - Other - phpBB Security Bugs (Feb 21)
Credit Cards - Other - Credit Cards security at risk (Feb 21)
myphpnuke - Other - myphpnuke xss (Feb 20)
Norton - NT - Symantec Norton AntiVirus buffer overflow in scanning compressed files (Feb 20)
kernel - NT - Priviledge escalation (Feb 20)
Proxomitron - Other - Proxomitron Naoko Long Path Buffer Overflow/DoS (Feb 20)
libIM.a - AIX - libIM.a Buffer Overflow (Feb 13)
PHP - Other - PHP CGI priviledge escalation and remote file compromise (Feb 17)
Oracle - Other - Oracle bfilename function buffer overflow vulnerability (Feb 17)
kernel - NT - Riched20.DLL attribute label buffer overflow vulnerability (Feb 17)
Lotus iNotes - Other - Lotus iNotes Client ActiveX Control Buffer Overrun (Feb 17)
Lotus Domino - Other - Lotus Domino Web Server iNotes Overflow (Feb 17)
Lotus Domino - Other - Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (Feb 17)
Oracle9i - Other - Oracle9i Application Server Format String Vulnerability (Feb 17)
Oracle - Other - Oracle TO_TIMESTAMP_TZ & TZ_OFFSET Remote System Buffer Overrun (Feb 17)
Oracle - Other - Oracle unauthenticated remote system compromise (Feb 17)
Lotus Domino - Other - Lotus Domino DOT Bug Allows for Source Code Viewing (Feb 13)
kernel - SunOS - Signal hooking allows to view process memory on badly configured hosts (Feb 13)
CGI::Lite - Other - CGI::Lite::escape_dangerous_chars() permits remote compromise (Feb 12)
Java - Other - Many Java Virtual Machine implementations failures leads to remote compromise (Nov 23)
SQLBase - Other - SQLBase Buffer OverFlow (Feb 11)
NOD32 - Other - NOD32 Antivirus Software for Unix Buffer Overflow (Feb 11)
Opera - Other - Opera Java-Applet crash (Feb 11)
Netgear - Other - Netgear configuration accessible to unauthentified users (Feb 11)
Kaspersky - NT - Kaspersky Antivirus DoS (Feb 11)
kernel - NT - Windows cmd.exe long path buffer overflow/DoS (Feb 11)
Far - NT - Far buffer overflow (Feb 11)
kernel - NT - Preventing buffer exploits discussion (Feb 4)
PKzip - NT - Pkzip encryption random seed attack (Feb 8)
Wall - HpUX - Wall Buffer Overflow (Feb 7)
OpenLDAP - Linux - openldap setuid .ldaprc buffer overflow (Feb 6)
Unreal - Other - Unreal engine whitepaper analysis (Feb 6)
Opera - Other - Opera mutiple vulnerabilities (Feb 5)
qt-dcgui - Linux - qt-dcgui remote file compromise (Feb 5)
Majordomo - mUNIXes - Majordomo info leakage (mailing list exposure), all versions (Feb 5)
Network - Other - Block-Based Protocol Analysis (Feb 5)
sh-utils - Linux - Insecure default pam_xauth for sh-utils priviledge escalation (Feb 4)
MySQL - Other - MySQL DoS via double-free() bug (Feb 4)
Internet Explorer - NT - Internet Explorer local file reading (Feb 4)
PHP-Nuke - Other - PHP-Nuke Avatar Code injection vulnerability (Feb 3)
Blade encoder - NT - Blade encoder overflow in wave file parsing (Feb 3)
phpMyShop - Other - phpMyShop SQL Injection (Feb 3)
Kazaa - NT - Kazaa crash with downloading of ad banners (Feb 3)
CVS - Other - CVS remote compromise (Jan 23)
Apache Jakarta Tomcat - Other - Apache Jakarta Tomcat 3 URL parsing vulnerability (Jan 31)
3DM - Other - 3Ware 3DM denial of service attack (Jan 31)
kernel - NT - RPC Locator Buffer Overflow (Jan 31)
Kerberos - mUNIXes - Multiple vulnerabilities in MIT Kerberos 5 releases (Jan 30)
Apache Tomcat - Other - Tomcat information exposure and cross site scripting (Jan 30)
ProxyView - NT - ProxyView default undocumented password (Jan 28)
Java - Other - Java Secure Socket Extension Incorrect Certificate Validation (Jan 28)
at - SunOS - at -r job name handling and race condition (Jan 27)
Nuked-Klan - Other - Multiple Cross Site Scripting Vulnerabilities in Nuked-Klan (Jan 27)
slocate - Linux - slocate buffer overflow (Jan 25)
SpamAssassin - Linux - SpamAssassin's spamc program in BSMTP mode could be tricked for remote execution (Jan 25)
YabbSE - Other - YabbSE remote code execution (Jan 23)
List Site - Other - List Site user account Hijacking (Jan 25)
msgina.dll - NT - Windows 2000 Terminal Server DoS attack (Jan 24)
WinRAR - NT - WinRAR buffer overflow (Jan 23)
Apache - Other - Apache HTTP Server Path Parsing Errata (Jan 23)
Blackboard - NT - Blackboard Password Retrieval (Jan 23)
PeopleTools - Other - PeopleSoft PeopleTools XML External Entities vulnerability (Jan 23)
Internet Explorer - NT - IE HttpOnly circumvention via http TRACE (that requires already elaborate access) (Jan 23)
PHPLink - Other - PHPLinks multiple vulnerabilties (Jan 21)
EFS - NT - Attacking EFS through cached domain logon credentials (Jan 21)
kernel - NT - Windows SMB implementation local and remote overflow (Aug 23)
phpBB - Other - phpBB SQL Injection vulnerability (Jan 20)
phpPass - Other - phpPass sql injection (Jan 20)
CuteFTP - NT - CuteFTP buffer overflow (Jan 20)
Outreach - Linux - Outreach Project Tool issues (Jan 20)
mpg123 - Linux - mpg123 Local/remote exploit (Jan 14)