Navigation Bar Top Applications Support Documentation Vendors Search Index Top Top

Vulnerabilities

2008-10-12 drupal -- multiple vulnerabilities
2008-10-10 cups -- multiple vulnerabilities
2008-10-10 opera -- multiple vulnerabilities
2008-10-01 mysql -- command line client input validation vulnerability
2008-10-01 mplayer -- multiple integer overflows
2008-09-27 lighttpd -- multiple vulnerabilities
2008-09-26 bitlbee -- account recreation security issues
2008-09-24 mozilla -- multiple vulnerabilities
2008-09-23 squirrelmail -- Session hijacking vulnerability
2008-09-23 proftpd -- Long Command Processing Vulnerability
2008-09-23 phpmyadmin -- Cross-Site Scripting Vulnerability
2008-09-19 gallery -- multiple vulnerabilities
2008-09-17 phpmyadmin -- Code execution vulnerability
2008-09-14 twiki -- Arbitrary code execution in session files
2008-09-12 neon -- NULL pointer dereference in Digest domain support
2008-09-12 clamav -- CHM Processing Denial of Service
2008-09-11 horde -- multiple vulnerabilities
2008-09-10 python -- multiple vulnerabilities
2008-09-10 mysql -- MyISAM table privileges security bypass vulnerability
2008-09-10 rubygem-rails -- SQL injection vulnerability
2008-09-10 wordpress -- remote privilege escalation
2008-09-05 FreeBSD -- Remote kernel panics on IPv6 connections
2008-09-05 FreeBSD -- nmount(2) local arbitrary code execution
2008-09-05 FreeBSD -- amd64 swapgs local privilege escalation
2008-08-25 opera -- multiple vulnerabilities
2008-08-21 gnutls -- "gnutls_handshake()" Denial of Service
2008-08-20 joomla -- flaw in the reset token validation
2008-08-19 cdf3 -- Buffer overflow vulnerability
2008-08-18 drupal -- multiple vulnerabilities
2008-08-16 ruby -- multiple vulnerabilities in safe level
2008-08-16 ruby -- DoS vulnerability in WEBrick
2008-08-16 ruby -- DNS spoofing vulnerability
2008-08-15 Bugzilla -- Directory Traversal in importxml.pl
2008-08-07 openvpn-devel -- arbitrary code execution
2008-07-18 phpmyadmin -- cross site request forgery vulnerabilites
2008-07-13 drupal -- multiple vulnerabilities
2008-07-13 FreeBSD -- DNS cache poisoning
2008-07-09 poppler -- uninitialized pointer
2008-07-04 py-pylons -- Path traversal bug
2008-07-03 FreeType 2 -- Multiple Vulnerabilities
2008-07-01 fetchmail -- potential crash in -v -v verbose mode (revised patch)
2008-06-28 phpmyadmin -- Cross Site Scripting Vulnerabilities
2008-06-24 apache -- multiple vulnerabilities
2008-06-22 php -- input validation error in safe_mode
2008-06-21 vim -- Vim Shell Command Injection Vulnerabilities
2008-06-21 ruby -- multiple integer and buffer overflow vulnerabilities
2008-06-20 fetchmail -- potential crash in -v -v verbose mode
2008-06-15 xorg -- multiple vulnerabilities
2008-06-14 moinmoin -- superuser privilege escalation
2008-06-13 Courier Authentication Library -- SQL Injection
2008-06-01 ikiwiki -- cleartext passwords
2008-05-31 ikiwiki -- empty password security hole
2008-05-30 linux-flashplugin -- unspecified remote code execution vulnerability
2008-05-28 Nagios -- Cross Site Scripting Vulnerability
2008-05-27 spamdyke -- open relay
2008-05-21 peercast -- arbitrary code execution
2008-05-17 libvorbis -- various security issues
2008-05-14 django -- XSS vulnerability
2008-05-11 vorbis-tools -- Speex header processing vulnerability
2008-05-08 qemu -- "drive_init()" Disk Format Security Bypass
2008-05-07 swfdec -- exposure of sensitive information
2008-05-02 mt-daapd -- integer overflow
2008-05-02 sdl_image -- buffer overflow vulnerabilities
2008-04-26 gnupg -- memory corruption vulnerability
2008-04-25 extman -- password bypass vulnerability
2008-04-25 mailman -- script insertion vulnerability
2008-04-25 mksh -- TTY attachment privilege escalation
2008-04-25 serendipity -- multiple cross site scripting vulnerabilities
2008-04-25 firefox -- javascript garbage collector vulnerability
2008-04-25 png -- unknown chunk processing uninitialized memory access
2008-04-25 openfire -- unspecified denial of service
2008-04-25 php -- integer overflow vulnerability
2008-04-25 python -- Integer Signedness Error in zlib Module
2008-04-24 postgresql -- multiple vulnerabilities
2008-04-24 phpmyadmin -- Shared Host Information Disclosure
2008-04-24 phpmyadmin -- Username/Password Session File Information Disclosure
2008-04-24 libxine -- array index vulnerability
2008-04-15 clamav -- Multiple Vulnerabilities
2008-04-13 lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability
2008-04-13 ikiwiki -- cross site request forging
2008-04-06 postfix-policyd-weight -- working directory symlink vulnerability
2008-04-05 powerdns-recursor -- DNS cache poisoning
2008-04-05 suphp -- multiple local privilege escalation vulnerabilities
2008-04-05 opera -- multiple vulnerabilities
2008-03-30 mozilla -- multiple vulnerabilities
2008-03-26 silc -- pkcs_decode buffer overflow
2008-03-20 bzip2 -- crash with certain malformed archive files
2008-03-11 qemu -- unchecked block read/write vulnerability
2008-03-10 dovecot -- security hole in blocking passdbs
2008-03-06 mplayer -- multiple vulnerabilities
2008-03-05 ghostscript -- zseticcspace() function buffer overflow vulnerability
2008-03-04 phpmyadmin -- SQL injection vulnerability
2008-02-29 pcre -- buffer overflow vulnerability
2008-02-26 libxine -- buffer overflow vulnerability
2008-02-25 coppermine - multiple vulnerabilities
2008-02-25 moinmoin - multiple vulnerabilities
2008-02-22 opera -- multiple vulnerabilities
2008-02-22 mozilla -- multiple vulnerabilities
2008-02-22 openldap -- modrdn Denial of Service vulnerability
2008-02-15 clamav -- ClamAV libclamav PE File Integer Overflow Vulnerability
2008-02-12 cacti -- Multiple security vulnerabilities have been discovered
2008-02-11 ikiwiki -- javascript insertion via uris
2008-02-09 zenphoto -- XSS vulnerability
2008-02-04 jetty -- multiple vulnerability
2008-01-29 libxine -- buffer overflow vulnerability
2008-01-23 xorg -- multiple vulnerabilities
2008-01-22 xfce -- multiple vulnerabilities
2008-01-22 claws-mail -- insecure temporary file creation
2008-01-19 IRC Services-- Denial of Service Vulnerability
2008-01-19 libxine -- buffer overflow vulnerability
2008-01-15 geeklog xss vulnerability
2008-01-11 drupal -- cross site request forgery
2008-01-11 drupal -- cross site scripting (utf8)
2008-01-11 drupal -- cross site scripting (register_globals)
2008-01-10 maradns -- CNAME record resource rotation denial of service
2008-01-04 linux-realplayer -- multiple vulnerabilities
2008-01-03 linux-flashplugin -- multiple vulnerabilities
2007-12-29 dovecot -- Specific LDAP + auth cache configuration may mix up user logins
2007-12-25 gallery2 -- multiple vulnerabilities
2007-12-20 e2fsprogs -- heap buffer overflow
2007-12-19 wireshark -- multiple vulnerabilities
2007-12-19 opera -- multiple vulnerabilities
2007-12-19 peercast -- buffer overflow vulnerability
2007-12-17 ganglia-webfrontend -- XSS vulnerabilities
2007-12-12 qemu -- Translation Block Local Denial of Service Vulnerability
2007-12-12 drupal -- SQL injection vulnerability
2007-12-12 samba -- buffer overflow vulnerability
2007-12-12 smbftpd -- format string vulnerability
2007-12-10 jetty -- multiple vulnerabilities
2007-12-08 liveMedia -- DoS vulnerability
2007-12-05 GNU finger vulnerability
2007-12-04 Squid -- Denial of Service Vulnerability
2007-11-28 rubygem-rails -- JSON XSS vulnerability
2007-11-27 rubygem-rails -- session-fixation vulnerability
2007-11-27 ikiwiki -- improper symlink verification vulnerability
2007-11-27 firefox -- multiple remote unspecified memory corruption vulnerabilities
2007-11-21 phpmyadmin -- Cross Site Scripting
2007-11-21 samba -- multiple vulnerabilities
2007-11-16 php -- multiple security vulnerabilities
2007-11-13 net-snmp -- denial of service via GETBULK request
2007-11-13 flac -- media file processing integer overflow vulnerabilities
2007-11-12 mt-daapd -- denial of service vulnerability
2007-11-12 xpdf -- multiple remote Stream.CC vulnerabilities
2007-11-12 plone -- unsafe data interpreted as pickles
2007-11-11 phpmyadmin -- cross-site scripting vulnerability
2007-11-09 gallery2 -- multiple vulnerabilities
2007-11-09 tikiwiki -- multiple vulnerabilities
2007-11-09 cups -- off-by-one buffer overflow
2007-11-06 perl -- regular expressions unicode data buffer overflow
2007-11-06 pcre -- arbitrary code execution
2007-11-05 perdition -- str_vwrite format string vulnerability
2007-11-05 gftp -- multiple vulnerabilities
2007-11-04 dircproxy -- remote denial of service
2007-11-01 wordpress -- cross-site scripting
2007-10-30 openldap -- multiple remote denial of service vulnerabilities
2007-10-27 py-django -- denial of service vulnerability
2007-10-25 opera -- multiple vulnerabilities
2007-10-24 drupal --- multiple vulnerabilities
2007-10-23 ldapscripts -- Command Line User Credentials Disclosure
2007-10-22 firefox -- OnUnload Javascript browser entrapment vulnerability
2007-10-17 phpmyadmin -- cross-site scripting vulnerability
2007-10-16 phpmyadmin -- cross-site scripting vulnerability
2007-10-11 nagios-plugins -- Long Location Header Buffer Overflow Vulnerability
2007-10-11 png -- multiple vulnerabilities
2007-10-10 ImageMagick -- multiple vulnerabilities
2007-10-08 jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented
2007-10-08 xfs -- multiple vulnerabilites
2007-10-05 tcl/tk -- buffer overflow in ReadImage function
2007-10-04 firebird -- multiple remote buffer overflow vulnerabilities
2007-10-01 id3lib -- insecure temporary file creation
2007-09-21 mediawiki -- cross site scripting vulnerability
2007-09-21 wordpress -- remote sql injection vulnerability
2007-09-21 samba -- nss_info plugin privilege escalation vulnerability
2007-09-21 bugzilla -- multiple vulnerabilities
2007-09-21 clamav -- multiple remote Denial of Service vulnerabilities
2007-09-20 coppermine -- multiple vulnerabilities
2007-09-20 openoffice -- arbitrary command execution vulnerability
2007-09-20 bugzilla -- "createmailregexp" security bypass vulnerability
2007-09-19 konquerer -- address bar spoofing
2007-09-19 kdm -- passwordless login vulnerability
2007-09-19 flyspray -- authentication bypass
2007-09-19 mozilla -- code execution via Quicktime media-link files
2007-09-11 php -- multiple vulnerabilities
2007-09-11 apache -- multiple vulnerabilities
2007-09-10 lighttpd -- FastCGI header overrun in mod_fastcgi
2007-09-05 rkhunter -- insecure temporary file creation
2007-09-05 lsh -- multiple vulnerabilities
2007-09-02 fetchmail -- denial of service on reject of local warning message
2007-09-01 gtar -- Directory traversal vulnerability
2007-08-27 claws-mail -- POP3 Format String Vulnerability
2007-08-21 rsync -- off by one stack overflow
2007-08-15 opera -- Vulnerability in javascript handling
2007-08-02 fsplib -- multiple vulnerabilities
2007-08-02 joomla -- multiple vulnerabilities
2007-08-02 FreeBSD -- Buffer overflow in tcpdump(1)
2007-08-02 FreeBSD -- Predictable query ids in named(8)
2007-07-31 xpdf -- stack based buffer overflow
2007-07-29 mutt -- buffer overflow vulnerability
2007-07-28 p5-Net-DNS -- multiple Vulnerabilities
2007-07-28 phpsysinfo -- url Cross-Site Scripting
2007-07-28 drupal -- Cross site request forgeries
2007-07-28 drupal -- Multiple cross-site scripting vulnerabilities
2007-07-27 vim -- Command Format String Vulnerability
2007-07-26 libvorbis -- Multiple memory corruption flaws
2007-07-24 tomcat -- XSS vulnerability in sample applications
2007-07-24 tomcat -- multiple vulnerabilities
2007-07-24 dokuwiki -- XSS vulnerability in spellchecker backend
2007-07-21 lighttpd -- multiple vulnerabilities
2007-07-19 opera -- multiple vulnerabilities
2007-07-19 mozilla -- multiple vulnerabilities
2007-07-18 linux-flashplugin -- critical vulnerabilities
2007-07-06 wireshark -- Multiple problems
2007-07-03 typespeed -- arbitrary code execution
2007-06-29 gd -- multiple vulnerabilities
2007-06-28 flac123 -- stack overflow in comment parsing
2007-06-25 evolution-data-server -- remote execution of arbitrary code vulnerability
2007-06-21 xpcd -- buffer overflow
2007-06-19 clamav -- multiple vulnerabilities
2007-06-18 vlc -- format string vulnerability and integer overflow
2007-06-18 p5-Mail-SpamAssassin -- local user symlink-attack DoS vulnerability
2007-06-12 cups -- Incomplete SSL Negotiation Denial of Service
2007-06-09 c-ares -- DNS Cache Poisoning Vulnerability
2007-06-09 wordpress -- XMLRPC SQL Injection
2007-06-09 wordpress -- unmoderated comments disclosure
2007-06-09 webmin -- cross site scripting vulnerability
2007-06-07 mplayer -- cddb stack overflow
2007-06-05 mod_jk -- information disclosure
2007-06-04 typo3 -- email header injection
2007-06-04 phppgadmin -- cross site scripting vulnerability
2007-06-01 findutils -- GNU locate heap buffer overrun
2007-05-24 FreeType 2 -- Heap overflow vulnerability
2007-05-23 FreeBSD -- heap overflow in file(1)
2007-05-21 squirrelmail -- Cross site scripting in HTML filter
2007-05-16 png -- DoS crash vulnerability
2007-05-16 samba -- multiple vulnerabilities
2007-05-07 php -- multiple vulnerabilities
2007-05-01 qemu - several vulnerabilities
2007-04-30 p5-Imager - possibly exploitable buffer overflow
2007-04-28 FreeBSD -- IPv6 Routing Header 0 is dangerous
2007-04-24 mod_perl -- remote DoS in PATH_INFO parsing
2007-04-19 claws-mail -- APOP vulnerability
2007-04-14 lighttpd -- DOS when access files with mtime 0
2007-04-14 lighttpd -- Remote DOS in CRLF parsing
2007-04-13 freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability
2007-04-09 fetchmail -- insecure APOP authentication
2007-04-08 mcweject -- exploitable buffer overflow
2007-04-08 webcalendar -- "noSet" variable overwrite vulnerability
2007-04-05 zope -- cross-site scripting vulnerability
2007-03-21 Squid -- TRACE method handling denial of service
2007-03-16 sql-ledger -- security bypass vulnerability
2007-03-16 samba -- potential Denial of Service bug in smbd
2007-03-16 samba -- format string bug in afsacl.so VFS plugin
2007-03-11 ktorrent -- multiple vulnerabilities
2007-03-09 mplayer -- DMO File Parsing Buffer Overflow Vulnerability
2007-03-09 trac -- cross site scripting vulnerability
2007-03-05 mod_jk -- long URL stack overflow vulnerability
2007-02-27 bind -- Multiple Denial of Service vulnerabilities
2007-02-27 FreeBSD -- Jail rc.d script privilege escalation
2007-02-27 gtar -- name mangling symlink vulnerability
2007-02-27 FreeBSD -- Kernel memory disclosure in firewire(4)
2007-02-26 libarchive -- Infinite loop in corrupt archives handling in libarchive
2007-02-26 OpenSSL -- Multiple problems in crypto(3)
2007-02-24 mozilla -- multiple vulnerabilities
2007-02-21 snort -- DCE/RPC preprocessor vulnerability
2007-02-17 rar -- password prompt buffer overflow vulnerability
2007-02-17 php -- multiple vulnerabilities
2007-01-17 joomla -- multiple remote vulnerabilities
2007-01-15 sircd -- remote reverse DNS buffer overflow
2007-01-15 sircd -- remote operator privilege escalation vulnerability
2007-01-12 cacti -- Multiple vulnerabilities
2007-01-08 mplayer -- buffer overflow in the code for RealMedia RTSP streams.
2007-01-06 fetchmail -- crashes when refusing a message bound for an MDA
2007-01-06 fetchmail -- TLS enforcement problem/MITM attack/password exposure
2007-01-05 opera -- multiple vulnerabilities
2007-01-05 drupal -- multiple vulnerabilities
2007-01-03 w3m -- format string vulnerability
2006-12-27 plone -- user can masquerade as a group
2006-12-21 proftpd -- remote code execution vulnerabilities
2006-12-19 gzip -- multiple vulnerabilities
2006-12-19 bind9 -- Denial of Service in named(8)
2006-12-19 openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3)
2006-12-18 sql-ledger -- multiple vulnerabilities
2006-12-14 dbus -- match_rule_equal() Weakness
2006-12-14 evince -- Buffer Overflow Vulnerability
2006-12-13 tdiary -- injection vulnerability
2006-12-13 wv -- Multiple Integer Overflow Vulnerabilities
2006-12-13 wv2 -- Integer Overflow Vulnerability
2006-12-11 tnftpd -- Remote root Exploit
2006-12-07 libxine -- multiple buffer overflow vulnerabilities
2006-12-07 gnupg -- remotely controllable function pointer
2006-12-04 ruby -- cgi.rb library Denial of Service
2006-12-02 libmusicbrainz -- multiple buffer overflow vulnerabilities
2006-12-02 tdiary -- cross site scripting vulnerability
2006-12-02 ImageMagick -- SGI Image File heap overflow vulnerability
2006-11-30 gtar -- GNUTYPE_NAMES directory traversal vulnerability
2006-11-30 kronolith -- arbitrary local file inclusion vulnerability
2006-11-27 gnupg -- buffer overflow
2006-11-14 proftpd -- Remote Code Execution Vulnerability
2006-11-14 unzoo -- Directory Traversal Vulnerability
2006-11-11 bugzilla -- multiple vulnerabilities
2006-11-08 Imlib2 -- multiple image file processing vulnerabilities
2006-11-04 ruby -- cgi.rb library Denial of Service
2006-10-29 screen -- combined UTF-8 characters vulnerability
2006-10-29 mysql -- database suid privilege escalation
2006-10-29 mysql -- database "case-sensitive" privilege escalation
2006-10-22 kdelibs -- integer overflow in khtml
2006-10-21 Serendipity -- XSS Vulnerabilities
2006-10-20 opera -- URL parsing heap overflow vulnerability
2006-10-20 asterisk -- remote heap overwrite vulnerability
2006-10-19 plone -- unprotected MembershipTool methods
2006-10-18 drupal -- HTML attribute injection
2006-10-18 drupal -- cross site request forgeries
2006-10-18 drupal -- multiple XSS vulnerabilities
2006-10-18 ingo -- local arbitrary shell command execution
2006-10-16 nvidia-driver -- arbitrary root code execution vulnerability
2006-10-16 clamav -- CHM unpacker and PE rebuilding vulnerabilities
2006-10-15 tkdiff -- temporary file symlink privilege escalation
2006-10-15 vtiger -- multiple remote file inclusion vulnerabilities
2006-10-14 google-earth -- heap overflow in the KML engine
2006-10-12 clamav -- Multipart Nestings Denial of Service
2006-10-07 torrentflux -- User-Agent XSS Vulnerability
2006-10-07 python -- buffer overrun in repr() for unicode strings
2006-10-06 php -- _ecalloc Integer Overflow Vulnerability
2006-10-05 mambo -- multiple SQL injection vulnerabilities
2006-10-05 tin -- buffer overflow vulnerabilities
2006-10-05 openldap -- slapd acl selfwrite Security Issue
2006-10-05 mono -- "System.CodeDom.Compiler" Insecure Temporary Creation
2006-10-05 php -- open_basedir Race Condition Vulnerability
2006-10-04 phpbb -- NULL byte injection vulnerability
2006-10-03 postnuke -- admin section SQL injection
2006-10-02 freetype -- LWFN Files Buffer Overflow Vulnerability
2006-10-02 cscope -- Buffer Overflow Vulnerabilities
2006-10-02 gnutls -- RSA Signature Forgery Vulnerability
2006-10-02 MT -- Search Unspecified XSS
2006-10-02 phpmyadmin -- XSRF vulnerabilities
2006-09-30 openssh -- multiple vulnerabilities
2006-09-30 dokuwiki -- multiple vulnerabilities
2006-09-30 dokuwiki -- multiple vulnerabilities
2006-09-30 tikiwiki -- multiple vulnerabilities
2006-09-30 punbb -- NULL byte injection vulnerability
2006-09-26 freeciv -- Denial of Service Vulnerabilities
2006-09-26 freeciv -- Packet Parsing Denial of Service Vulnerability
2006-09-26 plans -- multiple vulnerabilities
2006-09-25 eyeOS -- multiple XSS security bugs
2006-09-22 zope -- restructuredText "csv_table" Information Disclosure
2006-09-22 libmms -- stack-based buffer overflow
2006-09-22 opera -- RSA Signature Forgery
2006-09-15 mozilla -- multiple vulnerabilities
2006-09-14 win32-codecs -- multiple vulnerabilities
2006-09-13 php -- multiple vulnerabilities
2006-09-13 drupal-pubcookie -- authentication may be bypassed
2006-09-12 linux-flashplugin7 -- arbitrary code execution vulnerabilities
2006-09-04 mailman -- Multiple Vulnerabilities
2006-09-02 hlstats -- multiple cross site scripting vulnerabilities
2006-09-02 gtetrinet -- remote code execution
2006-08-30 joomla -- multiple vulnerabilities
2006-08-23 sppp -- buffer overflow vulnerability
2006-08-17 horde -- Phishing and Cross-Site Scripting Vulnerabilities
2006-08-15 globus -- Multiple tmpfile races
2006-08-13 x11vnc -- authentication bypass vulnerability
2006-08-13 alsaplayer -- multiple vulnerabilities
2006-08-13 postgresql -- encoding based SQL injection
2006-08-13 postgresql -- multiple vulnerabilities
2006-08-13 mysql -- format string vulnerability
2006-08-12 squirrelmail -- random variable overwrite vulnerability
2006-08-10 rubygem-rails -- evaluation of ruby code
2006-08-08 clamav -- heap overflow vulnerability
2006-08-02 drupal -- XSS vulnerability
2006-08-02 gnupg -- 2 more possible memory allocation attacks
2006-07-29 ruby - multiple vulnerabilities
2006-07-28 apache -- mod_rewrite buffer overflow vulnerability
2006-07-27 mozilla -- multiple vulnerabilities
2006-07-14 zope -- information disclosure vulnerability
2006-07-13 drupal -- multiple vulnerabilities
2006-07-11 shoutcast -- cross-site scripting, information exposure
2006-07-10 samba -- memory exhaustion DoS in smbd
2006-07-10 twiki -- multiple file extensions file upload vulnerability
2006-07-07 trac -- reStructuredText breach of privacy and denial of service vulnerability
2006-07-05 horde -- various problems in dereferrer
2006-07-05 mambo -- SQL injection vulnerabilities
2006-07-03 phpmyadmin -- cross site scripting vulnerability
2006-07-02 webmin, usermin -- arbitrary file disclosure vulnerability
2006-06-30 mutt -- Remote Buffer Overflow Vulnerability
2006-06-30 Joomla -- multiple vulnerabilities
2006-06-27 hashcash -- heap overflow vulnerability
2006-06-25 gnupg -- user id integer overflow vulnerability
2006-06-17 horde -- multiple parameter cross site scripting vulnerabilities
2006-06-16 webcalendar -- information disclosure vulnerability
2006-06-14 sendmail -- Incorrect multipart message handling
2006-06-11 dokuwiki -- multiple vulnerabilities
2006-06-11 libxine -- buffer overflow vulnerability
2006-06-09 smbfs -- chroot escape
2006-06-09 ypserv -- Inoperative access controls in ypserv
2006-06-08 freeradius -- multiple vulnerabilities
2006-06-08 freeradius -- authentication bypass vulnerability
2006-06-05 squirrelmail -- plugin.php local file inclusion vulnerability
2006-06-05 dokuwiki -- spellchecker remote PHP code execution
2006-06-05 drupal -- multiple vulnerabilities
2006-06-01 MySQL -- SQL-injection security vulnerability
2006-06-01 MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities
2006-05-23 frontpage -- cross site scripting vulnerability
2006-05-23 cscope -- buffer overflow vulnerabilities
2006-05-22 coppermine -- Multiple File Extensions Vulnerability
2006-05-22 coppermine -- "file" Local File Inclusion Vulnerability
2006-05-22 coppermine -- File Inclusion Vulnerabilities
2006-05-21 phpmyadmin -- XSRF vulnerabilities
2006-05-18 vnc - authentication bypass vulnerability
2006-05-14 phpldapadmin -- Cross-Site Scripting and Script Insertion vulnerabilities
2006-05-06 fswiki -- XSS vulnerability
2006-05-06 mysql50-server -- COM_TABLE_DUMP arbitrary code execution
2006-05-05 awstats -- arbitrary command execution vulnerability
2006-05-03 phpwebftp -- "language" Local File Inclusion
2006-05-03 firefox -- denial of service vulnerability
2006-05-03 clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability
2006-05-02 trac -- Wiki Macro Script Insertion Vulnerability
2006-05-01 jabberd -- SASL Negotiation Denial of Service Vulnerability
2006-04-27 cacti -- ADOdb "server.php" Insecure Test Script Security Issue
2006-04-27 amaya -- Attribute Value Buffer Overflow Vulnerabilities
2006-04-27 lifetype -- ADOdb "server.php" Insecure Test Script Security Issue
2006-04-27 ethereal -- Multiple Protocol Dissector Vulnerabilities
2006-04-25 asterisk -- denial of service vulnerability, local system access
2006-04-23 zgv, xzgv -- heap overflow vulnerability
2006-04-23 crossfire-server -- denial of service and remote code execution vulnerability
2006-04-23 p5-DBI -- insecure temporary file creation vulnerability
2006-04-23 wordpress -- full path disclosure
2006-04-23 xine -- multiple remote string vulnerabilities
2006-04-22 cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service
2006-04-19 FreeBSD -- FPU information disclosure
2006-04-18 plone -- "member_id" Parameter Portrait Manipulation Vulnerability
2006-04-16 mozilla -- multiple vulnerabilities
2006-04-16 mailman -- Private Archive Script Cross-Site Scripting
2006-04-10 f2c -- insecure temporary files
2006-04-07 mplayer -- Multiple integer overflows
2006-04-07 kaffeine -- buffer overflow vulnerability
2006-04-07 thunderbird -- javascript execution
2006-04-06 phpmyadmin -- XSS vulnerabilities
2006-04-06 phpmyadmin -- 'set_theme' Cross-Site Scripting
2006-04-06 clamav -- Multiple Vulnerabilities
2006-04-05 mediawiki -- hardcoded placeholder string security bypass vulnerability
2006-04-05 netpbm -- buffer overflow in pnmtopng
2006-04-05 zoo -- stack based buffer overflow
2006-04-05 mediawiki -- cross site scripting vulnerability
2006-04-05 dia -- XFig Import Plugin Buffer Overflow
2006-04-05 openvpn -- LD_PRELOAD code execution on client through malicious or compromised server
2006-04-05 samba -- Exposure of machine account credentials in winbind log files
2006-04-05 mod_pubcookie -- cross site scripting vulnerability
2006-04-05 pubcookie-login-server -- cross site scripting vulnerability
2006-03-29 freeradius -- EAP-MSCHAPv2 Authentication Bypass
2006-03-28 horde -- remote code execution vulnerability in the help viewer
2006-03-27 linux-realplayer -- buffer overrun
2006-03-27 linux-realplayer -- heap overflow
2006-03-24 sendmail -- race condition vulnerability
2006-03-24 OPIE -- arbitrary password change
2006-03-24 ipsec -- reply attack vulnerability
2006-03-21 xorg-server -- privilege escalation
2006-03-20 heimdal -- Multiple vulnerabilities
2006-03-20 curl -- TFTP packet buffer overflow vulnerability
2006-03-17 drupal -- multiple vulnerabilities
2006-03-15 horde -- "url" disclosure of sensitive information vulnerability
2006-03-15 linux-flashplugin -- arbitrary code execution vulnerability
2006-03-12 nfs -- remote denial of service
2006-03-12 openssh -- remote denial of service
2006-03-10 GnuPG does not detect injection of unsigned data
2006-03-09 mplayer -- heap overflow in the ASF demuxer
2006-03-04 SSH.COM SFTP server -- format string vulnerability
2006-03-03 gtar -- invalid headers buffer overflow
2006-02-27 bugzilla -- multiple vulnerabilities
2006-02-24 squirrelmail -- multiple vulnerabilities
2006-02-20 gedit -- format string vulnerability
2006-02-20 WebCalendar -- unauthorized access vulnerability
2006-02-20 abiword, koffice -- stack based buffer overflow vulnerabilities
2006-02-18 postgresql81-server -- SET ROLE privilege escalation
2006-02-17 gnupg -- false positive signature verification
2006-02-16 rssh -- privilege escalation vulnerability
2006-02-16 tor -- malicious tor server can locate a hidden service
2006-02-16 sudo -- arbitrary command execution
2006-02-16 libtomcrypt -- weak signature scheme with ECC keys
2006-02-16 mantis -- "view_filters_page.php" cross site scripting vulnerability
2006-02-16 phpbb -- multiple vulnerabilities
2006-02-16 postgresql -- character conversion and tsearch2 vulnerabilities
2006-02-16 heartbeat -- insecure temporary file creation vulnerability
2006-02-15 kpdf -- heap based buffer overflow
2006-02-15 perl, webmin, usermin -- perl format string integer wrap vulnerability
2006-02-15 phpicalendar -- cross site scripting vulnerability
2006-02-15 phpicalendar -- file disclosure vulnerability
2006-02-14 FreeBSD -- Infinite loop in SACK handling
2006-02-14 pf -- IP fragment handling panic
2006-02-14 FreeBSD -- Local kernel memory disclosure
2006-02-14 IEEE 802.11 -- buffer overflow
2006-02-14 ipfw -- IP fragment denial of service
2006-02-07 kpopup -- local root exploit and local denial of service
2006-01-27 cpio -- multiple vulnerabilities
2006-01-27 ee -- temporary file privilege escalation
2006-01-27 texindex -- temporary file privilege escalation
2006-01-27 cvsbug -- race condition
2006-01-23 sge -- local root exploit in bundled rsh executable
2006-01-23 fetchmail -- crash when bouncing a message
2006-01-10 clamav -- possible heap overflow in the UPX code
2006-01-09 milter-bogom -- headerless message crash
2006-01-07 bogofilter -- heap corruption through excessively long words
2006-01-07 bogofilter -- heap corruption through malformed input
2006-01-04 rxvt-unicode -- restore permissions on tty devices
2006-01-01 apache -- mod_imap cross-site scripting flaw
2005-12-22 nbd-server -- buffer overflow vulnerability
2005-12-22 scponly -- local privilege escalation exploits
2005-12-19 fetchmail -- null pointer dereference in multidrop mode with headerless email
2005-12-14 mantis -- "t_core_path" file inclusion vulnerability
2005-12-14 mantis -- "view_filters_page.php" cross-site scripting vulnerability
2005-12-11 mnemo -- Cross site scripting vulnerabilities in several of the notepad name and note data fields
2005-12-11 nag -- Cross site scripting vulnerabilities in several of the tasklist name and task data fields
2005-12-11 turba -- Cross site scripting vulnerabilities in several of the address book name and contact data fields
2005-12-11 kronolith -- Cross site scripting vulnerabilities in several of the calendar name and event data fields
2005-12-11 horde -- Cross site scripting vulnerabilities in several of Horde's templates
2005-12-09 curl -- URL buffer overflow vulnerability
2005-12-07 phpmyadmin -- register_globals emulation "import_blacklist" manipulation
2005-12-07 phpmyadmin -- XSS vulnerabilities
2005-12-07 ffmpeg -- libavcodec buffer overflow vulnerability
2005-12-07 trac -- search module SQL injection vulnerability
2005-12-01 drupal -- multiple vulnerabilities
2005-11-30 opera -- multiple vulnerabilities
2005-11-30 opera -- command line URL shell command injection
2005-11-30 mambo -- "register_globals" emulation layer overwrite vulnerability
2005-11-27 ghostscript -- insecure temporary file creation vulnerability
2005-11-22 horde -- Cross site scripting vulnerabilities in MIME viewers
2005-11-16 phpmyadmin -- HTTP Response Splitting vulnerability
2005-11-13 phpSysInfo -- "register_globals" emulation layer overwrite vulnerability
2005-11-13 Macromedia flash player -- swf file handling arbitrary code
2005-11-10 flyspray -- cross-site scripting vulnerabilities
2005-11-10 p5-Mail-SpamAssassin -- long message header denial of service
2005-11-07 qpopper -- multiple privilege escalation vulnerabilities
2005-11-04 pear-PEAR -- PEAR installer arbitrary code execution vulnerability
2005-11-01 openvpn -- potential denial-of-service on servers in TCP mode
2005-11-01 openvpn -- arbitrary code execution on client through malicious or compromised server
2005-11-01 PHP -- multiple vulnerabilities
2005-11-01 skype -- multiple buffer overflow vulnerabilities
2005-11-01 squid -- FTP server response handling denial of service
2005-10-31 base -- PHP SQL injection vulnerability
2005-10-30 fetchmail -- fetchmailconf local password exposure
2005-10-30 lynx -- remote buffer overflow
2005-10-27 ruby -- vulnerability in the safe level settings
2005-10-20 xloadimage -- buffer overflows in NIFF image title handling
2005-10-18 snort -- Back Orifice preprocessor buffer overflow vulnerability
2005-10-15 webcalendar -- remote file inclusion vulnerability
2005-10-15 gallery2 -- file disclosure vulnerability
2005-10-12 openssl -- potential SSL 2.0 rollback
2005-10-11 phpmyadmin -- local file inclusion vulnerability
2005-10-11 zope -- expose RestructuredText functionality to untrusted users
2005-10-09 libxine -- format string vulnerability
2005-10-05 imap-uw -- mailbox name handling remote buffer vulnerability
2005-10-02 weex -- remote format string vulnerability
2005-10-02 picasm -- buffer overflow vulnerability
2005-10-01 uim -- privilege escalation vulnerability
2005-10-01 cfengine -- arbitrary file overwriting vulnerability
2005-09-29 phpmyfaq -- SQL injection, takeover, path disclosure, remote code execution
2005-09-24 clamav -- arbitrary code execution and DoS vulnerabilities
2005-09-23 firefox & mozilla -- multiple vulnerabilities
2005-09-22 firefox & mozilla -- command line URL shell command injection
2005-09-17 apache -- Certificate Revocation List (CRL) off-by-one vulnerability
2005-09-17 squirrelmail -- _$POST variable handling allows for various attacks
2005-09-15 X11 server -- pixmap allocation vulnerability
2005-09-15 squid -- possible denial of service condition regarding NTLM authentication
2005-09-13 unzip -- permission race vulnerability
2005-09-10 firefox & mozilla -- buffer overflow vulnerability
2005-09-04 htdig -- cross site scripting vulnerability
2005-09-04 squid -- Denial Of Service Vulnerability in sslConnectTimeout
2005-09-04 squid -- Possible Denial Of Service Vulnerability in store.c
2005-09-03 bind9 -- denial of service
2005-09-03 bind -- buffer overrun vulnerability
2005-09-02 urban -- stack overflow vulnerabilities
2005-08-29 fswiki - command injection vulnerability
2005-08-27 evolution -- remote format string vulnerabilities
2005-08-27 pam_ldap -- authentication bypass vulnerability
2005-08-26 pcre -- regular expression buffer overflow
2005-08-23 elm -- remote buffer overflow in Expires header
2005-08-19 openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server
2005-08-19 openvpn -- denial of service: malicious authenticated "tap" client can deplete server virtual memory
2005-08-19 openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients
2005-08-19 openvpn -- denial of service: client certificate validation can disconnect unrelated clients
2005-08-17 tor -- diffie-hellman handshake flaw
2005-08-16 acroread -- plug-in buffer overflow vulnerability
2005-08-15 pear-XML_RPC -- remote PHP code injection vulnerability
2005-08-14 awstats -- arbitrary code execution vulnerability
2005-08-12 libgadu -- multiple vulnerabilities
2005-08-12 gaim -- AIM/ICQ non-UTF-8 filename crash
2005-08-12 gaim -- AIM/ICQ away message buffer overflow
2005-08-12 xpdf -- disk fill DoS vulnerability
2005-08-09 gforge -- XSS and email flood vulnerabilities
2005-08-08 postnuke -- multiple vulnerabilities
2005-08-05 mambo -- multiple vulnerabilities
2005-08-05 ipsec -- Incorrect key usage in AES-XCBC-MAC
2005-08-05 zlib -- buffer overflow vulnerability
2005-08-05 devfs -- ruleset bypass
2005-08-03 proftpd -- format string vulnerabilities
2005-08-01 nbsmtp -- format string vulnerability
2005-07-31 sylpheed -- MIME-encoded file name buffer overflow vulnerability
2005-07-31 phpmyadmin -- cross site scripting vulnerability
2005-07-31 gnupg -- OpenPGP symmetric encryption vulnerability
2005-07-31 vim -- vulnerabilities in modeline handling: glob, expand
2005-07-30 tiff -- buffer overflow vulnerability
2005-07-30 opera -- image dragging vulnerability
2005-07-30 opera -- download dialog spoofing vulnerability
2005-07-30 ethereal -- multiple protocol dissectors vulnerabilities
2005-07-30 jabberd -- 3 buffer overflows
2005-07-26 apache -- http request smuggling
2005-07-25 clamav -- multiple remote buffer overflows
2005-07-23 isc-dhcpd -- format string vulnerabilities
2005-07-23 egroupware -- multiple cross-site scripting (XSS) and SQL injection vulnerabilities
2005-07-22 fetchmail -- denial of service/crash from malicious POP3 server
2005-07-21 dnrd -- remote buffer and stack overflow vulnerabilities
2005-07-21 PowerDNS -- LDAP backend fails to escape all queries
2005-07-20 fetchmail -- remote root/code injection from malicious POP3 server
2005-07-18 kdebase -- Kate backup file permission leak
2005-07-16 firefox & mozilla -- multiple vulnerabilities
2005-07-16 drupal -- PHP code execution vulnerabilities
2005-07-09 phpSysInfo -- cross site scripting vulnerability
2005-07-09 mysql-server -- insecure temporary file creation
2005-07-09 net-snmp -- fixproc insecure temporary file creation
2005-07-09 phpbb -- multiple vulnerabilities
2005-07-09 shtool -- insecure temporary file creation
2005-07-08 phppgadmin -- "formLanguage" local file inclusion vulnerability
2005-07-08 pear-XML_RPC -- information disclosure vulnerabilities
2005-07-08 ekg -- insecure temporary file creation
2005-07-08 bugzilla -- multiple vulnerabilities
2005-07-08 nwclient -- multiple vulnerabilities
2005-07-06 acroread -- insecure temporary file creation
2005-07-06 clamav -- cabinet file handling DoS vulnerability
2005-07-06 clamav -- MS-Expand file handling DoS vulnerability
2005-07-06 zlib -- buffer overflow vulnerability
2005-07-06 acroread -- buffer overflow vulnerability
2005-07-05 net-snmp -- remote DoS vulnerability
2005-07-05 cacti -- multiple vulnerabilities
2005-07-05 wordpress -- multiple vulnerabilities
2005-07-05 wordpress -- multiple vulnerabilities
2005-07-03 phpbb -- remote PHP code execution vulnerability
2005-07-03 pear-XML_RPC -- arbitrary remote code execution
2005-06-29 kernel -- ipfw packet matching errors with address tables
2005-06-29 bzip2 -- denial of service and permission race vulnerabilities
2005-06-29 kernel -- TCP connection stall denial of service
2005-06-24 ethereal -- multiple protocol dissectors vulnerabilities
2005-06-24 tor -- information disclosure
2005-06-24 linux-realplayer -- RealText parsing heap overflow
2005-06-23 ruby -- arbitrary command execution on XMLRPC server
2005-06-21 cacti -- potential SQL injection and cross site scripting attacks
2005-06-20 opera -- XMLHttpRequest security bypass
2005-06-20 opera -- "javascript:" URL cross-site scripting vulnerability
2005-06-20 opera -- redirection cross-site scripting vulnerability
2005-06-20 sudo -- local race condition vulnerability
2005-06-20 trac -- file upload/download vulnerability
2005-06-20 razor-agents -- denial of service vulnerability
2005-06-18 p5-Mail-SpamAssassin -- denial of service vulnerability
2005-06-18 squirrelmail -- Several cross site scripting vulnerabilities
2005-06-18 acroread -- XML External Entity vulnerability
2005-06-18 gzip -- directory traversal and permission race vulnerabilities
2005-06-18 tcpdump -- infinite loops in protocol decoding
2005-06-17 gaim -- Yahoo! remote crash vulnerability
2005-06-17 gaim -- MSN Remote DoS vulnerability
2005-06-17 gallery -- remote code injection via HTTP_POST_VARS
2005-06-17 gallery -- cross-site scripting
2005-06-17 kstars -- exploitable set-user-ID application fliccd
2005-06-17 fd_set -- bitmap index overflow in multiple applications
2005-06-09 leafnode -- denial of service vulnerability
2005-06-03 gforge -- directory traversal vulnerability
2005-06-03 imap-uw -- authentication bypass when CRAM-MD5 is enabled
2005-06-03 squid -- denial-of-service vulnerabilities
2005-06-03 racoon -- remote denial-of-service
2005-06-03 xli -- integer overflows in image size calculations
2005-06-03 xloadimage -- arbitrary command execution when handling compressed files
2005-06-03 xloadimage -- buffer overflow in FACES image handling
2005-06-03 yamt -- buffer overflow and directory traversal issues
2005-06-01 xview -- multiple buffer overflows in xv_parse_one
2005-06-01 xtrlock -- X display locking bypass
2005-06-01 linux_base -- vulnerabilities in Red Hat 7.1 libraries
2005-06-01