Vulnerabilities

2013-06-19	otrs -- information disclosure
2013-06-18	FreeBSD -- Privilege escalation via mmap
2013-06-18	apache-xml-security-c -- heap overflow
2013-06-16	tor -- guard discovery
2013-06-14	linux-flashplugin -- multiple vulnerabilities
2013-06-13	dbus -- local dos
2013-06-11	owncloud -- Multiple security vulnerabilities
2013-06-07	php5 -- Heap based buffer overflow in quoted_printable_encode
2013-06-06	dns/bind9* -- A recursive resolver can be crashed by a query for a malformed zone
2013-06-05	phpMyAdmin -- XSS due to unescaped HTML output in Create View page
2013-06-05	telepathy-gabble -- TLS verification bypass
2013-06-04	chromium -- multiple vulnerabilities
2013-06-04	xorg -- protocol handling issues in X Window System client libraries
2013-06-03	krb5 -- UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443]
2013-06-03	net/openafs -- buffer overflow
2013-06-03	www/mod_security -- NULL pointer dereference DoS
2013-06-01	passenger -- security vulnerability
2013-05-31	devel/subversion -- svnserve remotely triggerable DoS
2013-05-31	devel/subversion -- contrib hook-scripts can allow arbitrary code execution
2013-05-31	devel/subversion -- fsfs repositories can be corrupted by newline characters in filenames
2013-05-31	irc/bitchx -- multiple vulnerabilities
2013-05-28	znc -- null pointer dereference in webadmin module
2013-05-26	socat -- FD leak
2013-05-26	ruby -- Object taint bypassing in DL and Fiddle in Ruby
2013-05-26	couchdb -- DOM based Cross-Site Scripting via Futon UI
2013-05-23	otrs -- information disclosure
2013-05-23	otrs -- XSS vulnerability
2013-05-23	RT -- multiple vulnerabilities
2013-05-22	chromium -- multiple vulnerabilities
2013-05-19	plib -- stack-based buffer overflow
2013-05-19	plib -- buffer overflow
2013-05-16	linux-flashplugin -- multiple vulnerabilities
2013-05-15	mozilla -- multiple vulnerabilities
2013-05-07	nginx -- multiple vulnerabilities
2013-05-03	strongSwan -- ECDSA signature verification issue
2013-05-03	jenkins -- multiple vulnerabilities
2013-04-29	FreeBSD -- NFS remote denial of service
2013-04-27	Joomla! -- XXS and DDoS vulnerabilities
2013-04-24	phpMyAdmin -- Multiple security vulnerabilities
2013-04-22	tinc -- Buffer overflow
2013-04-20	phpMyAdmin -- XSS due to unescaped HTML output in GIS visualisation page
2013-04-19	roundcube -- arbitrary file disclosure vulnerability
2013-04-18	jasper -- buffer overflow
2013-04-16	ModSecurity -- XML External Entity Processing Vulnerability
2013-04-15	sieve-connect -- TLS hostname verification was not occurring
2013-04-10	linux-flashplugin -- multiple vulnerabilities
2013-04-10	rubygem-rails -- multiple vulnerabilities
2013-04-08	NVIDIA UNIX driver -- ARGB cursor buffer overflow in "NoScanout" mode
2013-04-06	opera -- moderately severe issue
2013-04-05	Subversion -- multiple vulnerabilities
2013-04-05	otrs -- Information disclosure and Data manipulation
2013-04-04	PostgreSQL -- anonymous remote access data corruption vulnerability
2013-04-03	mozilla -- multiple vulnerabilities
2013-04-02	FreeBSD -- BIND remote denial of service
2013-04-02	FreeBSD -- OpenSSL multiple vulnerabilities
2013-03-31	OpenVPN -- potential side-channel/timing attack when comparing HMACs
2013-03-29	libxml2 -- cpu consumption Dos
2013-03-29	asterisk -- multiple vulnerabilities
2013-03-27	dns/bind9* -- Malicious Regex Can Cause Memory Exhaustion
2013-03-26	chromium -- multiple vulnerabilities
2013-03-21	optipng -- use-after-free vulnerability
2013-03-18	php5 -- Multiple vulnerabilities
2013-03-18	piwigo -- CSRF/Path Traversal
2013-03-13	libexif -- multiple remote vulnerabilities
2013-03-13	puppet27 and puppet -- multiple vulnerabilities
2013-03-13	puppet26 -- multiple vulnerabilities
2013-03-12	linux-flashplugin -- multiple vulnerabilities
2013-03-10	perl -- denial of service via algorithmic complexity attack on hashing routines
2013-03-10	libpurple -- multiple vulnerabilities
2013-03-08	mozilla -- Use-after-free in HTML Editor
2013-03-08	chromium -- WebKit vulnerability
2013-03-06	firebird -- Remote Stack Buffer Overflow
2013-03-06	typo3 -- Multiple vulnerabilities in TYPO3 Core
2013-03-06	chromium -- multiple vulnerabilities
2013-03-03	stunnel -- Remote Code Execution
2013-03-02	apache22 -- several vulnerabilities
2013-03-01	sudo -- Authentication bypass when clock is reset
2013-03-01	sudo -- Potential bypass of tty_tickets constraints
2013-02-28	rubygem-dragonfly -- arbitrary code execution
2013-02-27	linux-flashplugin -- multiple vulnerabilities
2013-02-25	otrs -- XSS vulnerability could lead to remote code execution
2013-02-25	otrs -- XSS vulnerability in Firefox and Opera could lead to remote code execution
2013-02-25	otrs -- XSS vulnerability in Internet Explorer could lead to remote code execution
2013-02-24	ruby -- DoS vulnerability in REXML
2013-02-24	rubygem-ruby_parser -- insecure tmp file usage
2013-02-24	django -- multiple vulnerabilities
2013-02-22	chromium -- multiple vulnerabilities
2013-02-22	krb5 -- null pointer dereference in the KDC PKINIT code [CVE-2013-1415]
2013-02-21	FreeBSD -- glob(3) related resource exhaustion
2013-02-21	FreeBSD -- BIND remote DoS with deliberately crafted DNS64 query
2013-02-21	drupal7 -- Denial of service
2013-02-20	nss-pam-ldapd -- file descriptor buffer overflow
2013-02-20	bugzilla -- multiple vulnerabilities
2013-02-19	mozilla -- multiple vulnerabilities
2013-02-17	Ruby Rack Gem -- Multiple Issues
2013-02-17	Ruby Activemodel Gem -- Circumvention of attr_protected
2013-02-17	jenkins -- multiple vulnerabilities
2013-02-16	poweradmin -- multiple XSS vulnerabilities
2013-02-16	Ruby -- Denial of Service and Unsafe Object Creation Vulnerability in JSON
2013-02-16	Ruby -- XSS exploit of RDoc documentation generated by rdoc
2013-02-08	linux-flashplugin -- multiple vulnerabilities
2013-02-06	OpenSSL -- TLS 1.1, 1.2 denial of service
2013-02-01	mysql/mariadb/percona server -- multiple vulnerabilities
2013-02-01	opera -- execution of arbitrary code
2013-01-30	upnp -- multiple vulnerabilities
2013-01-29	wordpress -- multiple vulnerabilities
2013-01-25	django-cms -- XSS Vulnerability
2013-01-23	chromium -- multiple vulnerabilities
2013-01-20	drupal -- multiple vulnerabilities
2013-01-16	ettercap -- buffer overflow in target list parsing
2013-01-14	java 7.x -- security manager bypass
2013-01-11	chromium -- multiple vulnerabilities
2013-01-10	nagios -- buffer overflow in history.cgi
2013-01-09	mozilla -- multiple vulnerabilities
2013-01-08	rubygem-rails -- multiple vulnerabilities
2013-01-08	jenkins -- HTTP access to the server to retrieve the master cryptographic key
2013-01-07	rubygem-rails -- SQL injection vulnerability
2013-01-06	django -- multiple vulnerabilities
2013-01-05	freetype -- Multiple vulnerabilities
2013-01-05	moinmoin -- Multiple vulnerabilities
2013-01-03	asterisk -- multiple vulnerabilities
2013-01-02	ircd-ratbox and charybdis -- remote DoS vulnerability
2012-12-30	puppet -- multiple vulnerabilities
2012-12-30	otrs -- XSS vulnerability
2012-12-30	otrs -- XSS vulnerability in Firefox and Opera
2012-12-30	otrs -- XSS vulnerability in Internet Explorer
2012-12-28	squid -- denial of service
2012-12-18	opera -- execution of arbitrary code
2012-12-14	linux-flashplugin -- multiple vulnerabilities
2012-12-12	chromium -- multiple vulnerabilities
2012-12-04	tomcat -- bypass of CSRF prevention filter
2012-12-04	tomcat -- denial of service
2012-12-04	tomcat -- bypass of security constraints
2012-12-04	dns/bind9* -- servers using DNS64 can be crashed by a crafted query
2012-12-03	bogofilter -- heap corruption by invalid base64 input
2012-11-30	chromium -- multiple vulnerabilities
2012-11-27	YUI JavaScript library -- JavaScript injection exploits in Flash components
2012-11-27	chromium -- multiple vulnerabilities
2012-11-24	FreeBSD -- Linux compatibility layer input validation error
2012-11-24	FreeBSD -- Insufficient message length validation for EAP-TLS messages
2012-11-24	FreeBSD -- Multiple Denial of Service vulnerabilities with named(8)
2012-11-22	opera -- execution of arbitrary code
2012-11-21	lighttpd -- remote DoS in header parsing
2012-11-20	mozilla -- multiple vulnerabilities
2012-11-18	weechat -- Arbitrary shell command execution via scripts
2012-11-14	bugzilla -- multiple vulnerabilities
2012-11-12	typo3 -- Multiple vulnerabilities in TYPO3 Core
2012-11-12	DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust
2012-11-10	weechat -- Crash or freeze when decoding IRC colors in strings
2012-11-10	ruby -- Hash-flooding DoS vulnerability for ruby 1.9
2012-11-08	tomcat -- authentication weaknesses
2012-11-08	tomcat -- Denial of Service
2012-11-07	chromium -- multiple vulnerabilities
2012-11-06	opera -- multiple vulnerabilities
2012-11-02	linux-flashplugin -- multiple vulnerabilities
2012-11-02	linux-flashplugin -- multiple vulnerabilities
2012-11-02	apache22 -- several vulnerabilities
2012-11-02	webmin -- potential XSS attack via real name field
2012-11-01	ruby -- Unintentional file creation caused by inserting an illegal NUL character
2012-11-01	ruby -- $SAFE escaping vulnerability about Exception#to_s/NameError#to_s
2012-11-01	RT -- Multiple Vulnerabilities
2012-10-31	drupal7 -- multiple vulnerabilities
2012-10-27	mozilla -- multiple vulnerabilities
2012-10-26	Exim -- remote code execution
2012-10-24	django -- multiple vulnerabilities
2012-10-22	Wireshark -- Multiple Vulnerabilities
2012-10-17	xlockmore -- local exploit
2012-10-17	xinetd -- attackers can bypass access restrictions if tcpmux-servers service enabled
2012-10-16	Zend Framework -- Multiple vulnerabilities via XXE injection
2012-10-15	gitolite -- path traversal vulnerability
2012-10-14	phpMyAdmin -- Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack
2012-10-10	chromium -- multiple vulnerabilities
2012-10-10	mozilla -- multiple vulnerabilities
2012-10-10	dns/bind9* -- crash on deliberately constructed combination of records
2012-10-08	chromium -- multiple vulnerabilities
2012-09-27	OpenX -- SQL injection vulnerability
2012-09-26	chromium -- multiple vulnerabilities
2012-09-26	eperl -- Remote code execution
2012-09-20	ImageMagick and GraphicsMagick -- DoS via specially crafted PNG file
2012-09-19	php5-sqlite -- open_basedir bypass
2012-09-19	php5 -- Denial of Service in php_date_parse_tzfile()
2012-09-18	dns/bind9* -- Several vulnerabilities
2012-09-17	jenkins -- multiple vulnerabilities
2012-09-15	vlc -- arbitrary code execution in Real RTSP and MMS support
2012-09-15	bacula -- Console ACL Bypass
2012-09-12	mod_pagespeed -- multiple vulnerabilities
2012-09-11	freeradius -- arbitrary code execution for TLS-based authentication
2012-09-08	emacs -- remote code execution vulnerability
2012-09-07	wordpress -- multiple unspecified privilege escalation bugs
2012-09-05	moinmoin -- cross-site scripting via RST parser
2012-09-05	moinmoin -- wrong processing of group membership
2012-09-05	php5 -- header splitting attack via carriage-return character
2012-09-02	bitcoin -- denial of service
2012-09-01	bugzilla -- multiple vulnerabilities
2012-09-01	GNU gatekeeper -- denial of service
2012-09-01	mediawiki -- multiple vulnerabilities
2012-08-31	wireshark -- denial of service in DRDA dissector
2012-08-30	chromium -- multiple vulnerabilities
2012-08-30	asterisk -- multiple vulnerabilities
2012-08-30	mozilla -- multiple vulnerabilities
2012-08-30	coppermine -- Multiple vulnerabilites
2012-08-30	Java 1.7 -- security manager bypass
2012-08-30	fetchmail -- chosen plaintext attack against SSL CBC initialization vectors
2012-08-27	roundcube -- cross-site scripting in HTML email messages
2012-08-26	Calligra, KOffice -- input validation failure
2012-08-25	squidclamav -- cross-site scripting in default virus warning pages
2012-08-25	squidclamav -- Denial of Service
2012-08-25	inn -- plaintext command injection into encrypted channel
2012-08-23	jabberd -- domain spoofing in server dialback protocol
2012-08-22	rssh -- configuration restrictions bypass
2012-08-22	rssh -- arbitrary command execution
2012-08-18	libotr -- buffer overflows
2012-08-18	OpenTTD -- Denial of Service
2012-08-18	Wireshark -- Multiple vulnerabilities
2012-08-17	databases/postgresql*-server -- multiple vulnerabilities
2012-08-17	phpMyAdmin -- Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages
2012-08-15	typo3 -- Multiple vulernabilities in TYPO3 Core
2012-08-14	fetchmail -- two vulnerabilities in NTLM authentication
2012-08-13	Several vulnerabilities found in IcedTea-Web
2012-08-11	libcloud -- possible SSL MITM due to invalid regexp used to validate target server hostname
2012-08-11	phpMyAdmin -- Path disclosure due to missing library
2012-08-10	chromium -- multiple vulnerabilities
2012-08-10	chromium -- multiple vulnerabilities
2012-08-10	www/chromium -- multiple vulnerabilities
2012-08-10	rubygem-rails -- multiple vulnerabilities
2012-08-09	sudosh -- buffer overflow
2012-08-07	FreeBSD -- named(8) DNSSEC validation Denial of Service
2012-08-06	automake -- Insecure 'distcheck' recipe granted world-writable distdir
2012-08-02	mozilla -- multiple vulnerabilities
2012-08-01	Apache -- Insecure LD_LIBRARY_PATH handling
2012-07-31	django -- multiple vulnerabilities
2012-07-27	bugzilla -- multiple vulnerabilities
2012-07-27	nsd -- Denial of Service
2012-07-26	rubygem-actionpack -- Denial of Service
2012-07-26	p5-RT-Authen-ExternalAuth -- privilege escalation
2012-07-25	isc-dhcp -- multiple vulnerabilities
2012-07-24	dns/bind9* -- Heavy DNSSEC Validation Load Can Cause a 'Bad Cache' Assertion Failure
2012-07-23	rubygem-activerecord -- multiple vulnerabilities
2012-07-23	php -- potential overflow in _php_stream_scandir
2012-07-20	dns/nsd -- DoS vulnerability from non-standard DNS packet
2012-07-18	libjpeg-turbo -- heap-based buffer overflow
2012-07-18	Dokuwiki -- cross site scripting vulnerability
2012-07-10	puppet -- multiple vulnerabilities
2012-07-06	asterisk -- multiple vulnerabilities
2012-07-06	typo3 -- Cross-Site Scripting Vulnerability in TYPO3 Core
2012-07-02	phpList -- SQL injection and XSS vulnerability
2012-06-27	chromium -- multiple vulnerabilities
2012-06-27	FreeBSD -- Privilege escalation when returning from kernel
2012-06-27	FreeBSD -- Incorrect handling of zero-length RDATA fields in named(8)
2012-06-27	FreeBSD -- Incorrect crypt() hashing
2012-06-27	FreeBSD -- OpenSSL multiple vulnerabilities
2012-06-24	pycrypto -- vulnerable ElGamal key generation
2012-06-19	joomla -- Privilege Escalation
2012-06-16	clamav -- multiple vulnerabilities
2012-06-14	asterisk -- remote crash vulnerability
2012-06-14	ImageMagick -- multiple vulnerabilities
2012-06-12	mantis -- multiple vulnerabilities
2012-06-09	linux-flashplugin -- multiple vulnerabilities
2012-06-05	mozilla -- multiple vulnerabilities
2012-06-05	quagga -- BGP OPEN denial of service vulnerability
2012-06-05	mail/sympa* -- Multiple vulnerabilities in Sympa archive management
2012-06-04	dns/bind9* -- zero-length RDATA can cause named to terminate, reveal memory
2012-05-30	databases/postgresql*-server -- crypt vulnerabilities
2012-05-30	nut -- upsd can be remotely crashed
2012-05-29	asterisk -- multiple vulnerabilities
2012-05-28	chromium -- multiple vulnerabilities
2012-05-24	haproxy -- buffer overflow
2012-05-23	RT -- Multiple Vulnerabilities
2012-05-21	sympa -- Multiple Security Bypass Vulnerabilities
2012-05-21	foswiki -- Script Insertion Vulnerability via unchecked user registration fields
2012-05-18	libxml2 -- An off-by-one out-of-bounds write by XPointer
2012-05-17	inspircd -- buffer overflow
2012-05-16	pidgin-otr -- format string vulnerability
2012-05-16	sudo -- netmask vulnerability
2012-05-15	chromium -- multiple vulnerabilities
2012-05-14	socat -- Heap-based buffer overflow
2012-05-12	php -- multiple vulnerabilities
2012-05-12	libpurple -- Invalid memory dereference in the XMPP protocol plug-in by processing serie of specially-crafted file transfer requests
2012-05-12	PivotX -- 'ajaxhelper.php' Cross Site Scripting Vulnerability
2012-05-10	OpenSSL -- DTLS and TLS 1.1, 1.2 denial of service
2012-05-10	NVIDIA UNIX driver -- access to arbitrary system memory
2012-05-09	rubygem-mail -- multiple vulnerabilities
2012-05-07	node -- private information disclosure
2012-05-07	p5-Config-IniFiles -- unsafe temporary file creation
2012-05-05	php -- vulnerability in certain CGI-based setups
2012-05-02	WebCalendar -- multiple vulnerabilities
2012-05-01	chromium -- multiple vulnerabilities
2012-04-30	samba -- incorrect permission checks vulnerability
2012-04-30	portupgrade-devel -- lack of distfile checksums
2012-04-28	php -- multiple vulnerabilities
2012-04-27	net-snmp -- Remote DoS
2012-04-24	mozilla -- multiple vulnerabilities
2012-04-23	Dokuwiki -- cross site scripting vulnerability
2012-04-23	asterisk -- multiple vulnerabilities
2012-04-23	wordpress -- multiple vulnerabilities
2012-04-21	OpenSSL -- integer conversions result in memory corruption
2012-04-21	bugzilla -- multiple vulnerabilities
2012-04-18	typo -- Cross-Site Scripting
2012-04-16	nginx -- Buffer overflow in the ngx_http_mp4_module
2012-04-14	phpmyfaq -- Remote PHP Code Execution Vulnerability
2012-04-10	puppet -- Multiple Vulnerabilities
2012-04-10	samba -- "root" credential remote code execution
2012-04-10	bugzilla Cross-Site Request Forgery
2012-04-10	linux-flashplugin -- multiple vulnerabilities
2012-04-08	png -- memory corruption/possible remote code execution
2012-04-06	freetype -- multiple vulnerabilities
2012-04-06	mutt-devel -- failure to check SMTP TLS server certificate
2012-04-05	chromium -- multiple vulnerabilities
2012-04-01	libpurple -- Remote DoS via an MSN OIM message that lacks UTF-8 encoding
2012-03-28	phpMyAdmin -- Path disclosure due to missing verification of file presence
2012-03-28	chromium -- multiple vulnerabilities
2012-03-25	raptor/raptor2 -- XXE in RDF/XML File Interpretation
2012-03-24	quagga -- multiple vulnerabilities
2012-03-24	Apache Traffic Server -- heap overflow vulnerability
2012-03-22	chromium -- multiple vulnerabilities
2012-03-21	libtasn1 -- ASN.1 length decoding vulnerability
2012-03-21	gnutls -- possible overflow/Denial of service vulnerabilities
2012-03-15	asterisk -- multiple vulnerabilities
2012-03-15	OpenSSL -- CMS and S/MIME Bleichenbacher attack
2012-03-15	nginx -- potential information leak
2012-03-14	mozilla -- multiple vulnerabilities
2012-03-11	portaudit -- auditfile remote code execution
2012-03-11	chromium -- Errant plug-in load and GPU process memory corruption
2012-03-09	linux-flashplugin -- multiple vulnerabilities
2012-03-09	chromium -- cross-site scripting vulnerability
2012-03-07	jenkins -- XSS vulnerability
2012-03-05	chromium -- multiple vulnerabilities
2012-03-04	dropbear -- arbitrary code execution
2012-03-02	openx -- undisclosed security issue
2012-02-28	databases/postgresql*-client -- multiple vulnerabilities
2012-02-27	linux-flashplugin -- multiple vulnerabilities
2012-02-27	libxml2 -- heap buffer overflow
2012-02-19	plib -- remote code execution via buffer overflow
2012-02-18	phpMyAdmin -- XSS in replication setup
2012-02-17	mozilla -- heap-buffer overflow
2012-02-16	piwik -- xss and click-jacking issues
2012-02-15	chromium -- multiple vulnerabilities
2012-02-14	Python -- DoS via malformed XML-RPC / HTTP POST request
2012-02-12	WebCalendar -- Persistent XSS
2012-02-11	mozilla -- use after free in nsXBLDocumentInfo::ReadPrototypeBindings
2012-02-11	bip -- buffer overflow
2012-02-11	surf -- private information disclosure
2012-02-10	glpi -- remote attack via crafted POST request
2012-02-09	chromium -- multiple vulnerabilities
2012-02-07	drupal -- multiple vulnerabilities
2012-02-06	bugzilla -- multiple vulnerabilities
2012-02-04	php -- arbitrary remote code execution vulnerability
2012-02-03	mathopd -- directory traversal vulnerability
2012-02-01	mozilla -- multiple vulnerabilities
2012-01-31	apache -- multiple vulnerabilities
2012-01-30	sudo -- format string vulnerability
2012-01-29	FreeBSD -- pam_ssh() does not validate service names
2012-01-29	FreeBSD -- pam_ssh improperly grants access when user account has unencrypted SSH private keys
2012-01-29	FreeBSD -- Buffer overflow in handling of UNIX socket addresses
2012-01-29	FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1)
2012-01-29	FreeBSD -- Network ACL mishandling in mountd(8)
2012-01-27	postfixadmin -- Multiple Vulnerabilities
2012-01-26	mpack -- Information disclosure
2012-01-26	acroread9 -- Multiple Vulnerabilities
2012-01-24	chromium -- multiple vulnerabilities
2012-01-23	Wireshark -- Multiple vulnerabilities
2012-01-23	spamdyke -- Buffer Overflow Vulnerabilities
2012-01-20	OpenSSL -- DTLS Denial of Service
2012-01-20	asterisk -- SRTP Video Remote Crash Vulnerability
2012-01-17	tomcat -- Denial of Service
2012-01-16	OpenTTD -- Denial of service (server) via slow read attack
2012-01-16	Multiple implementations -- DoS via hash algorithm collision
2012-01-14	ffmpeg -- multiple vulnerabilities
2012-01-14	OpenSSL -- multiple vulnerabilities
2012-01-13	isc-dhcp-server -- DoS in DHCPv6
2012-01-12	PowerDNS -- Denial of Service Vulnerability
2012-01-11	php -- multiple vulnerabilities
2012-01-09	torcs -- untrusted local library loading
2012-01-08	spamdyke -- STARTTLS Plaintext Injection Vulnerability
2012-01-06	chromium -- multiple vulnerabilities
2012-01-05	bugzilla -- multiple vulnerabilities
2012-01-03	WordPress -- cross site scripting vulnerability
2011-12-29	zabbix-frontend -- multiple XSS vulnerabilities
2011-12-28	lighttpd -- remote DoS in HTTP authentication
2011-12-26	krb5-appl -- telnetd code execution vulnerability
2011-12-23	proftpd -- arbitrary code execution vulnerability with chroot
2011-12-22	phpMyAdmin -- Multiple XSS
2011-12-21	mozilla -- multiple vulnerabilities
2011-12-19	unbound -- denial of service vulnerabilities from nonstandard redirection and denial of existence
2011-12-18	typo3 -- Remote Code Execution
2011-12-14	krb5 -- KDC null pointer dereference in TGS handling
2011-12-13	opera -- multiple vulnerabilities
2011-12-13	chromium -- multiple vulnerabilities
2011-12-12	PuTTY -- Password vulnerability
2011-12-09	asterisk -- Multiple Vulnerabilities
2011-12-07	isc-dhcp-server -- Remote DoS
2011-12-01	phpMyAdmin -- Multiple XSS
2011-11-18	hiawatha -- memory leak in PreventSQLi routine
2011-11-16	BIND -- Remote DOS
2011-11-14	Apache 1.3 -- mod_proxy reverse proxy exposure
2011-11-14	kdeutils4 -- Directory traversal vulnerability
2011-11-13	Apache APR -- DoS vulnerabilities
2011-11-12	phpmyadmin -- Local file inclusion
2011-11-11	linux-flashplugin -- multiple vulnerabilities
2011-11-10	libxml -- Integer overflow
2011-11-10	libxml -- Multiple use-after-free vulnerabilities
2011-11-10	libxml -- Stack consumption vulnerability
2011-11-10	gnutls -- client session resumption vulnerability
2011-11-08	mozilla -- multiple vulnerabilities
2011-11-06	caml-light -- insecure use of temporary files
2011-11-01	freetype -- Some type 1 fonts handling vulnerabilities
2011-10-26	cacti -- Multiple vulnabilites
2011-10-26	phpmyfaq -- Remote PHP Code Injection Vulnerability
2011-10-24	phpLDAPadmin -- Remote PHP code injection vulnerability
2011-10-23	kdelibs4, rekonq -- input validation failure
2011-10-20	piwik -- unknown critical vulnerabilities
2011-10-18	Xorg server -- two vulnerabilities in X server lock handling code
2011-10-17	asterisk -- remote crash vulnerability in SIP channel driver
2011-10-17	PivotX -- Remote File Inclusion Vulnerability of TimThumb
2011-10-16	OpenTTD -- Multiple buffer overflows in validation of external data
2011-10-16	OpenTTD -- Buffer overflows in savegame loading
2011-10-16	OpenTTD -- Denial of service via improperly validated commands
2011-10-05	quagga -- multiple vulnerabilities
2011-09-28	Mozilla -- multiple vulnerabilities
2011-09-22	linux-flashplugin -- multiple vulnerabilities
2011-09-14	phpMyAdmin -- multiple XSS vulnerabilities
2011-09-13	django -- multiple vulnerabilities
2011-09-13	roundcube -- XSS vulnerability
2011-09-12	libsndfile -- PAF file processing integer overflow
2011-09-07	OpenSSL -- multiple vulnerabilities
2011-09-05	XSS issue in MantisBT
2011-09-04	security/cfs -- buffer overflow
2011-09-04	ca_root_nss -- extraction of explicitly-untrusted certificates into trust bundle
2011-09-03	nss/ca_root_nss -- fraudulent certificates issued by DigiNotar.nl
2011-08-30	apache -- Range header DoS vulnerability
2011-08-26	stunnel -- heap corruption vulnerability
2011-08-24	phpMyAdmin -- multiple XSS vulnerabilities
2011-08-23	PHP -- crypt() returns only the salt for MD5
2011-08-20	php -- multiple vulnerabilities
2011-08-19	rubygem-rails -- multiple vulnerabilities
2011-08-19	dovecot -- denial of service vulnerability
2011-08-18	OTRS -- Vulnerabilities in OTRS-Core allows read access to any file on local file system
2011-08-16	mozilla -- multiple vulnerabilities
2011-08-16	Samba -- cross site scripting and request forgery vulnerabilities
2011-08-13	isc-dhcp-server -- server halt upon processing certain packets
2011-08-13	bugzilla -- multiple vulnerabilities
2011-08-13	dtc -- multiple vulnerabilities
2011-08-11	libXfont -- possible local privilege escalation
2011-08-11	freetype2 -- execute arbitrary code or cause denial of service
2011-08-10	linux-flashplugin -- multiple vulnerabilities
2011-07-28	libsoup -- unintentionally allow access to entire local filesystem
2011-07-25	opensaml2 -- unauthenticated login
2011-07-24	phpmyadmin -- multiple vulnerabilities
2011-07-20	rsync -- incremental recursion memory corruption vulnerability
2011-07-05	BIND -- Remote DoS against authoritative and recursive servers
2011-07-05	BIND -- Remote DoS with certain RPZ configurations
2011-07-03	phpmyadmin -- multiple vulnerabilities
2011-06-25	Asterisk -- multiple vulnerabilities
2011-06-24	ejabberd -- remote denial of service vulnerability
2011-06-21	mozilla -- multiple vulnerabilities
2011-06-21	Samba -- Denial of service - memory corruption
2011-06-21	Piwik -- remote command execution vulnerability
2011-06-20	Dokuwiki -- cross site scripting vulnerability
2011-06-15	linux-flashplugin -- remote code execution vulnerability
2011-06-15	ikiwiki -- tty hijacking via ikiwiki-mass-rebuild
2011-06-08	linux-flashplugin -- cross-site scripting vulnerability
2011-06-06	fetchmail -- STARTTLS denial of service
2011-06-04	BIND -- Large RRSIG RRsets and Negative Caching DoS
2011-06-02	asterisk -- Remote crash vulnerability
2011-06-02	Subversion -- multiple vulnerabilities
2011-05-26	drupal6 -- multiple vulnerabilities
2011-05-25	Erlang -- ssh library uses a weak random number generator
2011-05-25	Unbound -- an empty error packet handling assertion failure
2011-05-23	Pubcookie Login Server -- XSS vulnerability
2011-05-23	mod_pubcookie -- Empty Authentication Security Advisory
2011-05-23	ViewVC -- user-reachable override of cvsdb row limit
2011-05-23	Apache APR -- DoS vulnerabilities
2011-05-23	linux-flashplugin -- multiple vulnerabilities
2011-05-23	Opera -- code injection vulnerability through broken frameset handling
2011-05-23	pureftpd -- multiple vulnerabilities
2011-05-14	Exim -- remote code execution and information disclosure
2011-05-13	Zend Framework -- potential SQL injection when using PDO_MySql
2011-05-12	Apache APR -- DoS vulnerabilities
2011-05-12	mediawiki -- multiple vulnerabilities
2011-05-09	Postfix -- memory corruption vulnerability
2011-04-29	Mozilla -- multiple vulnerabilities
2011-04-21	Asterisk -- multiple vulnerabilities
2011-04-17	VLC -- Heap corruption in MP4 demultiplexer
2011-04-17	linux-flashplugin -- remote code execution vulnerability
2011-04-17	rt -- multiple vulnerabilities
2011-04-14	krb5 -- MITKRB5-SA-2011-004, kadmind invalid pointer free() [CVE-2011-0285]
2011-04-14	krb5 -- MITKRB5-SA-2011-003, KDC vulnerable to double-free when PKINIT enabled
2011-04-14	krb5 -- MITKRB5-SA-2011-002, KDC vulnerable to hang when using LDAP back end
2011-04-14	krb5 -- MITKRB5-SA-2011-001, kpropd denial of service
2011-04-14	xrdb -- root hole via rogue hostname
2011-04-12	OTRS -- Several XSS attacks possible
2011-04-10	isc-dhcp-client -- dhclient does not strip or escape shell meta-characters
2011-04-08	tinyproxy -- ACL lists ineffective when range is configured
2011-04-01	quagga -- two DoS vulnerabilities
2011-03-29	gdm -- privilege escalation vulnerability
2011-03-25	php -- ZipArchive segfault with FL_UNCHANGED on empty archive
2011-03-25	php -- crash on crafted tag in exif
2011-03-24	linux-flashplugin -- remote code execution vulnerability
2011-03-24	mozilla -- update to HTTPS certificate blacklist
2011-03-19	postfix -- plaintext command injection with SMTP over TLS
2011-03-17	hiawatha -- integer overflow in Content-Length header parsing
2011-03-16	asterisk -- Multiple Vulnerabilities
2011-03-13	avahi -- denial of service
2011-03-10	mailman -- XSS vulnerability
2011-03-07	redmine -- XSS vulnerability
2011-03-05	subversion -- remote HTTP DoS vulnerability
2011-03-01	mozilla -- multiple vulnerabilities
2011-02-25	openldap -- two security bypass vulnerabilities
2011-02-22	asterisk -- Exploitable Stack and Heap Array Overflows
2011-02-20	PivotX -- administrator password reset vulnerability
2011-02-15	tomcat -- Cross-site scripting vulnerability
2011-02-11	phpMyAdmin -- multiple vulnerabilities
2011-02-11	linux-flashplugin -- multiple vulnerabilities
2011-02-10	mupdf -- Remote System Access
2011-02-10	rubygem-mail -- Remote Arbitrary Shell Command Injection Vulnerability
2011-02-10	plone -- Remote Security Bypass
2011-02-10	exim -- local privilege escalation
2011-02-10	openoffice.org -- Multiple vulnerabilities
2011-02-10	webkit-gtk2 -- Multiple vurnabilities.
2011-02-10	awstats -- arbitrary commands execution vulnerability
2011-02-10	opera -- multiple vulnerabilities
2011-02-09	django -- multiple vulnerabilities
2011-02-09	mediawiki -- multiple vulnerabilities
2011-02-05	wordpress -- SQL injection vulnerability
2011-02-02	vlc -- Insufficient input validation in MKV demuxer
2011-01-31	maradns -- denial of service when resolving a long DNS hostname
2011-01-28	isc-dhcp-server -- DHCPv6 crash
2011-01-25	bugzilla -- multiple serious vulnerabilities
2011-01-24	dokuwiki -- multiple privilege escalation vulnerabilities
2011-01-19	asterisk -- Exploitable Stack Buffer Overflow
2011-01-19	tarsnap -- cryptographic nonce reuse
2011-01-17	tor -- remote code execution and crash
2011-01-13	sudo -- local privilege escalation
2011-01-13	subversion -- multiple DoS
2011-01-13	php-zip -- multiple Denial of Service vulnerabilities
2011-01-13	php-filter -- Denial of Service
2011-01-13	php-imap -- Denial of Service
2011-01-13	pecl-phar -- format string vulnerability
2011-01-13	php -- NULL byte poisoning
2011-01-13	php -- open_basedir bypass
2011-01-13	php -- corruption of $GLOBALS and $this variables via extract() method
2011-01-11	MoinMoin -- cross-site scripting vulnerabilities
2011-01-09	php -- multiple vulnerabilities
2011-01-08	exim -- local privilege escalation
2011-01-06	mediawiki -- Clickjacking vulnerabilities
2010-12-30	webkit-gtk2 -- Multiple vulnabilities
2010-12-29	django -- multiple vulnerabilities
2010-12-28	Drupal Views plugin -- cross-site scripting
2010-12-23	redmine -- multiple vulnerabilities
2010-12-22	tor -- remote crash and potential remote code execution
2010-12-15	YUI JavaScript library -- JavaScript injection exploits in Flash components
2010-12-10	mozilla -- multiple vulnerabilities
2010-12-09	krb5 -- client impersonation vulnerability
2010-12-09	krb5 -- RFC 3961 key-derivation checksum handling vulnerability
2010-12-09	krb5 -- unkeyed PAC checksum handling vulnerability
2010-12-09	krb5 -- multiple checksum handling vulnerabilities
2010-12-09	krb5 -- multiple checksum handling vulnerabilities
2010-12-07	chromium -- multiple vulnerabilities
2010-12-04	proftpd -- Compromised source packages backdoor
2010-11-30	phpMyAdmin -- XSS attack in database search
2010-11-24	isc-dhcp-server -- Empty link-address denial of service
2010-11-23	OpenTTD -- Denial of service (server/client) via invalid read
2010-11-23	horde-base -- XSS: VCARD attachments vulnerability
2010-11-23	proftpd -- remote code execution vulnerability
2010-11-17	openssl -- TLS extension parsing race condition
2010-11-06	linux-flashplugin -- multiple vulnerabilities
2010-11-05	Wireshark -- DoS in the BER-based dissectors
2010-11-03	Mailman -- cross-site scripting in web interface
2010-11-03	OTRS -- Multiple XSS and denial of service vulnerabilities
2010-10-28	mozilla -- Heap buffer overflow mixing document.write and DOM insertion
2010-10-26	opera -- multiple vulnerabilities
2010-10-25	bzip2 -- integer overflow vulnerability
2010-10-24	FreeBSD -- Integer overflow in bzip2 decompression
2010-10-24	FreeBSD -- Lost mbuf flag resulting in data corruption
2010-10-24	FreeBSD -- Unvalidated input in nfsclient
2010-10-24	FreeBSD -- OPIE off-by-one stack overflow
2010-10-24	FreeBSD -- Insufficient environment sanitization in jail(8)
2010-10-24	FreeBSD -- ZFS ZIL playback with insecure permissions
2010-10-24	FreeBSD -- ntpd mode 7 denial of service
2010-10-24	FreeBSD -- BIND named(8) cache poisoning with DNSSEC validation
2010-10-24	FreeBSD -- Inappropriate directory permissions in freebsd-update(8)
2010-10-24	FreeBSD -- Improper environment sanitization in rtld(1)
2010-10-24	FreeBSD -- SSL protocol flaw
2010-10-24	monotone -- remote denial of service in default setup
2010-10-20	mozilla -- multiple vulnerabilities
2010-10-19	Webkit-gtk2 -- Multiple Vulnabilities
2010-10-06	apr -- multiple vunerabilities
2010-10-02	phpmyfaq -- cross site scripting vulnerabilities
2010-09-28	horde-gollem -- XSS vulnerability
2010-09-28	horde-imp -- XSS vulnerability
2010-09-28	horde-base -- XSS and CSRF vulnerabilities
2010-09-26	openx -- remote code execution vulnerability
2010-09-24	squid -- Denial of service vulnerability in request handling
2010-09-22	linux-flashplugin -- remote code execution
2010-09-17	django -- cross-site scripting vulnerability
2010-09-10	webkit-gtk2 -- Multiple vulnabilities
2010-09-09	vim6 -- heap-based overflow while parsing shell metacharacters
2010-09-08	mozilla -- multiple vulnerabilities
2010-09-07	sudo -- Flaw in Runas group matching
2010-09-03	lftp -- multiple HTTP client download filename vulnerability
2010-09-03	wget -- multiple HTTP client download filename vulnerability
2010-08-31	p5-libwww -- possibility to remote servers to create file with a .(dot) character
2010-08-25	quagga -- stack overflow and DoS vulnerabilities
2010-08-24	bugzilla -- information disclosure, denial of service
2010-08-22	OpenTTD -- Denial of service (server) via infinite loop
2010-08-21	corkscrew -- buffer overflow vulnerability
2010-08-21	phpmyadmin -- Several XSS vulnerabilities
2010-08-19	slim -- insecure PATH assignment
2010-08-17	ruby -- UTF-7 encoding XSS vulnerability in WEBrick
2010-08-14	vlc -- invalid id3v2 tags may lead to invalid memory dereferencing
2010-08-13	isolate -- local root exploit
2010-08-13	linux-flashplugin -- multiple vulnerabilities
2010-08-13	opera -- multiple vulnerabilities
2010-08-09	firefox -- Dangling pointer crash regression from plugin parameter array fix
2010-08-04	Piwik -- Local File Inclusion Vulnerability
2010-07-30	libmspack -- infinite loop denial of service
2010-07-26	apache -- Remote DoS bug in mod_cache and mod_dav
2010-07-23	git -- buffer overflow vulnerability
2010-07-21	codeigniter -- file upload class vulnerability
2010-07-21	mozilla -- multiple vulnerabilities
2010-07-18	vte -- Classic terminal title set+query attack
2010-07-18	webkit-gtk2 -- Multiple vulnabilities
2010-07-10	redmine -- multiple vulnerabilities
2010-07-06	bogofilter -- heap underrun on malformed base64 input
2010-07-05	bugzilla -- information disclosure
2010-06-30	kvirc -- multiple vulnerabilities
2010-06-28	png -- libpng decompression buffer overflow
2010-06-28	moodle -- multiple vulnerabilities
2010-06-27	mDNSResponder -- corrupted stack crash when parsing bad resolv.conf
2010-06-25	opera -- Data URIs can be used to allow cross-site scripting
2010-06-24	cacti -- multiple vulnerabilities
2010-06-23	mozilla -- multiple vulnerabilities
2010-06-16	tiff -- Multiple integer overflows
2010-06-15	ziproxy -- security vulnerability in PNG decoder
2010-06-14	linux-flashplugin -- multiple vulnerabilities
2010-06-12	tiff -- buffer overflow vulnerability
2010-06-02	sudo -- Secure path vulnerability
2010-06-02	mediawiki -- two security vulnerabilities
2010-05-28	ziproxy -- atypical huge picture files vulnerability
2010-05-14	redmine -- multiple vulnerabilities
2010-05-07	wireshark -- DOCSIS dissector denial of service
2010-05-07	piwik -- cross site scripting vulnerability
2010-05-06	spamass-milter -- remote command execution vulnerability
2010-05-05	mediawiki -- authenticated CSRF vulnerability
2010-05-05	lxr -- multiple XSS vulnerabilities
2010-05-01	vlc -- unintended code execution with specially crafted data
2010-04-26	joomla -- multiple vulnerabilities
2010-04-24	cacti -- SQL injection and command execution vulnerabilities
2010-04-24	moodle -- multiple vulnerabilities
2010-04-24	tomcat -- information disclosure vulnerability
2010-04-21	krb5 -- KDC double free vulnerability
2010-04-20	e107 -- code execution and XSS vulnerabilities
2010-04-20	fetchmail -- denial of service vulnerability
2010-04-20	pidgin -- multiple remote denial of service vulnerabilities
2010-04-20	png -- libpng decompression denial of service
2010-04-19	curl -- libcurl buffer overflow vulnerability
2010-04-19	ejabberd -- queue overload denial of service vulnerability
2010-04-19	irssi -- multiple vulnerabilities
2010-04-19	krb5 -- multiple denial of service vulnerabilities
2010-04-18	krb5 -- remote denial of service vulnerability
2010-04-18	mahara -- sql injection vulnerability
2010-04-15	sudo -- Privilege escalation with sudoedit
2010-04-14	KDM -- local privilege escalation vulnerability
2010-04-06	dojo -- cross-site scripting and other vulnerabilities
2010-04-06	Zend Framework -- security issues in bundled Dojo library
2010-04-05	firefox -- Re-use of freed object due to scope confusion
2010-03-30	mozilla -- multiple vulnerabilities
2010-03-25	postgresql -- bitsubstr overflow
2010-03-24	gtar -- buffer overflow in rmt client
2010-03-23	firefox -- WOFF heap corruption due to integer overflow
2010-03-19	mozilla -- multiple vulnerabilities
2010-03-11	egroupware -- two vulnerabilities
2010-03-08	drupal -- multiple vulnerabilities
2010-03-01	sudo -- Privilege escalation with sudoedit
2010-02-25	openoffice.org -- multiple vulnerabilities
2010-02-18	mozilla -- multiple vulnerabilities
2010-02-16	lighttpd -- denial of service vulnerability
2010-02-14	squid -- Denial of Service vulnerability in HTCP
2010-02-13	linux-flashplugin -- multiple vulnerabilities
2010-02-13	gnome-screensaver -- Multiple monitor hotplug issues
2010-02-12	fetchmail -- heap overflow on verbose X.509 display
2010-02-10	wireshark -- LWRES vulnerability
2010-02-08	otrs -- SQL injection
2010-02-03	apache -- Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long)
2010-02-01	squid -- Denial of Service vulnerability in DNS handling
2010-02-01	bugzilla -- information leak
2010-01-28	irc-ratbox -- multiple vulnerabilities
2010-01-18	dokuwiki -- multiple vulnerabilities
2010-01-11	Zend Framework -- multiple vulnerabilities
2010-01-09	powerdns-recursor -- multiple vulnerabilities
2010-01-04	PEAR -- Net_Ping and Net_Traceroute remote arbitrary command injection
2009-12-25	drupal -- multiple cross-site scripting
2009-12-21	fuser -- missing user's privileges check
2009-12-21	monkey -- improper input validation vulnerability
2009-12-17	php -- multiple vulnerabilities
2009-12-17	postgresql -- multiple vulnerabilities
2009-12-17	tptest -- pwd Remote Stack Buffer Overflow
2009-12-16	mozilla -- multiple vulnerabilities
2009-12-14	freeradius -- remote packet of death vulnerability
2009-12-12	pligg -- Cross-Site Scripting and Cross-Site Request Forgery
2009-12-11	piwik -- php code execution
2009-12-10	dovecot -- Insecure directory permissions
2009-12-09	linux-flashplugin -- multiple vulnerabilities
2009-12-09	ruby -- heap overflow vulnerability
2009-12-09	rt -- Session fixation vulnerability
2009-12-08	expat2 -- Parser crash with specially formatted UTF-8 sequences
2009-12-08	expat2 -- buffer over-read and crash
2009-12-01	opera -- multiple vulnerabilities
2009-11-28	libtool -- Library Search Path Privilege Escalation Issue
2009-11-24	libvorbis -- multiple vulnerabilities
2009-11-23	bugzilla -- information leak
2009-11-23	cacti -- cross-site scripting issues
2009-11-14	wordpress -- multiple vulnerabilities
2009-11-06	p5-HTML-Parser -- denial of service
2009-11-05	gd -- '_gdGetColors' remote buffer overflow vulnerability
2009-11-05	typo3 -- multiple vulnerabilities in TYPO3 Core
2009-11-03	vlc -- stack overflow in MPA, AVI and ASF demuxer
2009-11-02	KDE -- multiple vulnerabilities
2009-10-31	opera -- multiple vulnerabilities
2009-10-28	Enhanced cTorrent -- stack-based overflow
2009-10-28	mozilla -- multiple vulnerabilities
2009-10-25	elinks -- buffer overflow vulnerability
2009-10-22	squidGuard -- multiple vulnerabilities
2009-10-20	Xpdf -- Multiple Vulnerabilities
2009-10-16	django -- denial-of-service attack
2009-10-13	phpmyadmin -- XSS and SQL injection vulnerabilities
2009-10-12	php5 -- Multiple security issues
2009-10-07	virtualbox -- privilege escalation
2009-10-06	FreeBSD -- Devfs / VFS NULL pointer race condition
2009-10-06	FreeBSD -- kqueue pipe race conditions
2009-09-30	mybb -- multiple vulnerabilities
2009-09-22	drupal -- multiple vulnerabilities
2009-09-18	fwbuilder -- security issue in temporary file handling
2009-09-17	bugzilla -- two SQL injections, sensitive data exposure
2009-09-14	horde-base -- multiple vulnerabilities
2009-09-14	nginx -- remote denial of service vulnerability
2009-09-13	ikiwiki -- insufficient blacklisting in teximg plugin
2009-09-13	xapian-omega -- cross-site scripting vulnerability
2009-09-10	mozilla firefox -- multiple vulnerabilities
2009-09-09	cyrus-imapd -- Potential buffer overflow in Sieve
2009-09-08	silc-toolkit -- Format string vulnerabilities
2009-09-04	opera -- multiple vulnerabilities
2009-09-02	dnsmasq -- TFTP server remote code injection vulnerability
2009-08-25	apache22 -- several vulnerabilities
2009-08-20	pidgin -- MSN overflow parsing SLP messages
2009-08-17	GnuTLS -- multiple vulnerabilities
2009-08-17	GnuTLS -- improper SSL certificate verification
2009-08-17	memcached -- memcached stats maps Information Disclosure Weakness
2009-08-12	wordpress -- remote admin password reset vulnerability
2009-08-11	fetchmail -- improper SSL certificate subject verification
2009-08-07	joomla15 -- com_mailto Timeout Issue
2009-08-06	subversion -- heap overflow vulnerability
2009-08-05	bugzilla -- product name information leak
2009-08-04	mozilla -- multiple vulnerabilities
2009-08-04	silc-client -- Format string vulnerability
2009-08-02	SquirrelMail -- Plug-ins compromise
2009-08-01	BIND -- Dynamic update message remote DoS
2009-07-29	mono -- XML signature HMAC truncation spoofing
2009-07-27	squid -- several remote denial of service vulnerabilities
2009-07-17	mozilla -- corrupt JIT state after deep return from native function
2009-07-15	isc-dhcp-client -- Stack overflow vulnerability
2009-07-13	drupal -- multiple vulnerabilities
2009-07-03	nfsen -- remote command execution
2009-06-30	phpmyadmin -- XSS vulnerability
2009-06-30	nagios -- Command Injection Vulnerability
2009-06-23	tor-devel -- DNS resolution vulnerabiliity
2009-06-16	cscope -- multiple buffer overflows
2009-06-16	cscope -- buffer overflow
2009-06-16	joomla -- multiple vulnerabilities
2009-06-16	pidgin -- multiple vulnerabilities
2009-06-15	git -- denial of service vulnerability
2009-06-13	ruby -- BigDecimal denial of service vulnerability
2009-06-12	mozilla -- multiple vulnerabilities
2009-06-08	apr -- multiple vulnerabilities
2009-06-04	dokuwiki -- Local File Inclusion with register_globals on
2009-05-30	openssl -- denial of service in DTLS implementation
2009-05-30	eggdrop -- denial of service vulnerability
2009-05-30	wireshark -- PCNFSD Dissector Denial of Service Vulnerability
2009-05-30	libsndfile -- multiple vulnerabilities
2009-05-30	slim -- local disclosure of X authority magic cookie
2009-05-21	imap-uw -- University of Washington IMAP c-client Remote Format String Vulnerability
2009-05-20	ntp -- stack-based buffer overflow
2009-05-19	nsd -- buffer overflow vulnerability
2009-05-17	libxine -- multiple vulnerabilities
2009-05-17	libxine -- multiple vulnerabilities
2009-05-16	php -- ini database truncation inside dba_replace() function
2009-05-16	libwmf -- embedded GD library Use-After-Free vulnerability
2009-05-16	libwmf -- integer overflow vulnerability
2009-05-16	moinmoin -- cross-site scripting vulnerabilities
2009-05-16	mod_perl -- cross-site scripting
2009-05-15	cyrus-sasl -- buffer overflow vulnerability
2009-05-14	drupal -- cross-site scripting
2009-05-13	moinmoin -- multiple cross site scripting vulnerabilities
2009-05-13	ghostscript -- buffer overflow vulnerability
2009-05-13	pango -- integer overflow
2009-05-09	wireshark -- multiple vulnerabilities
2009-05-07	cups -- remote code execution and DNS rebinding
2009-05-07	FreeBSD -- remotely exploitable crash in OpenSSL
2009-05-06	quagga -- Denial of Service
2009-05-04	openfire -- Openfire No Password Changes Security Bypass
2009-04-30	drupal -- cross site scripting
2009-04-22	mozilla -- multiple vulnerabilities
2009-04-18	poppler -- Poppler Multiple Vulnerabilities
2009-04-18	xpdf -- multiple vulnerabilities
2009-04-18	freetype2 -- multiple vulnerabilities
2009-04-17	ejabberd -- cross-site scripting vulnerability
2009-04-15	ziproxy -- multiple vulnerability
2009-04-15	phpmyadmin -- insufficient output sanitizing when generating configuration file
2009-04-11	drupal6-cck -- cross-site scripting
2009-03-27	pivot-weblog -- file deletion vulnerability
2009-03-25	phpmyadmin -- insufficient output sanitizing when generating configuration file
2009-03-23	amarok -- multiple vulnerabilities
2009-03-22	wireshark -- multiple vulnerabilities
2009-03-18	netatalk -- arbitrary command execution in papd daemon
2009-03-16	gstreamer-plugins-good -- multiple memory overflows
2009-03-16	libsndfile -- CAF processing integer overflow vulnerability
2009-03-16	ffmpeg -- 4xm processing memory corruption vulnerability
2009-03-16	roundcube -- webmail script insertion and php code injection
2009-03-16	proftpd -- multiple sql injection vulnerabilities
2009-03-16	zabbix -- php frontend multiple vulnerabilities
2009-03-16	php-mbstring -- php mbstring buffer overflow vulnerability
2009-03-16	phppgadmin -- directory traversal with register_globals enabled
2009-03-15	opera -- multiple vulnerabilities
2009-03-11	epiphany -- untrusted search path vulnerability
2009-03-11	apache -- Cross-site scripting vulnerability
2009-03-04	pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability
2009-03-04	curl -- cURL/libcURL Location: Redirect URLs Security Bypass
2009-02-18	Zend Framework -- Local File Inclusion vulnerability in Zend_View::render()
2009-02-17	dia -- remote command execution vulnerability
2009-02-15	pycrypto -- ARC2 module buffer overflow
2009-02-14	varnish -- Varnish HTTP Request Parsing Denial of Service
2009-02-13	tor -- multiple vulnerabilites
2009-02-11	firefox -- multiple vulnerabilities
2009-02-11	codeigniter -- arbitrary script execution in the new Form Validation class
2009-02-11	pyblosxom -- atom flavor multiple XML injection vulnerabilities
2009-02-11	typo3 -- cross-site scripting and information disclosure
2009-02-09	amaya -- multiple buffer overflow vulnerabilities
2009-02-09	websvn -- multiple vulnerabilities
2009-02-09	phplist -- local file inclusion vulnerability
2009-02-09	squid -- remote denial of service vulnerability
2009-02-09	typo3 -- multiple vulnerabilities
2009-02-06	sudo -- certain authorized users could run commands as any user
2009-02-04	drupal -- multiple vulnerabilities
2009-02-03	perl -- Directory Permissions Race Condition
2009-01-30	moinmoin -- multiple cross site scripting vulnerabilities
2009-01-30	ganglia -- buffer overflow vulnerability
2009-01-29	tor -- unspecified memory corruption vulnerability
2009-01-28	glpi -- SQL Injection
2009-01-25	openfire -- multiple vulnerabilities
2009-01-21	ipset-tools -- Denial of Service Vulnerabilities
2009-01-20	Teamspeak Server -- Directory Traversal Vulnerability
2009-01-19	optipng -- arbitrary code execution via crafted BMP image
2009-01-19	git -- gitweb privilege escalation
2009-01-15	gtar -- GNU TAR safer_name_suffix Remote Denial of Service Vulnerability
2009-01-15	mplayer -- vulnerability in STR files processor
2009-01-13	cgiwrap -- XSS Vulnerability
2009-01-12	nagios -- web interface privilege escalation vulnerability
2009-01-11	pdfjam -- insecure temporary files
2009-01-11	verlihub -- insecure temporary file usage and arbitrary command execution
2009-01-11	mysql -- empty bit-string literal denial of service
2009-01-11	mysql -- privilege escalation and overwrite of the system table information
2009-01-11	mysql -- remote dos via malformed password packet
2009-01-11	mysql -- renaming of arbitrary tables by authenticated users
2009-01-11	imap-uw -- imap c-client buffer overflow
2009-01-11	imap-uw -- local buffer overflow vulnerabilities
2009-01-11	libcdaudio -- remote buffer overflow and code execution
2009-01-05	FreeBSD -- netgraph / bluetooth privilege escalation
2009-01-05	FreeBSD -- Cross-site request forgery in ftpd(8)
2009-01-05	FreeBSD -- IPv6 Neighbor Discovery Protocol routing vulnerability
2009-01-05	FreeBSD -- arc4random(9) predictable sequence vulnerability
2009-01-05	xterm -- DECRQSS remote command execution vulnerability
2009-01-05	php5-gd -- uninitialized memory information disclosure vulnerability
2009-01-04	awstats -- multiple XSS vulnerabilities
2009-01-03	p5-File-Path -- rmtree allows creation of setuid files
2009-01-02	vim -- multiple vulnerabilities in the netrw module
2008-12-31	vinagre -- format string vulnerability
2008-12-30	twiki -- multiple vulnerabilities
2008-12-30	roundcube -- remote execution of arbitrary code
2008-12-30	mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths
2008-12-30	mplayer -- twinvq processing buffer overflow vulnerability
2008-12-26	ampache -- insecure temporary file usage
2008-12-19	opera -- multiple vulnerabilities
2008-12-19	mediawiki -- multiple vulnerabilities
2008-12-19	drupal -- multiple vulnerabilities
2008-12-19	mozilla -- multiple vulnerabilities
2008-12-11	phpmyadmin -- cross-site request forgery vulnerability
2008-12-08	php5 -- potential magic_quotes_gpc vulnerability
2008-12-07	wireshark -- SMTP Processing Denial of Service Vulnerability
2008-12-07	php -- multiple vulnerabilities
2008-12-07	mgetty+sendfax -- symlink attack via insecure temporary files
2008-12-07	dovecot-managesieve -- Script Name Directory Traversal Vulnerability
2008-12-07	habari -- Cross-Site Scripting Vulnerability
2008-12-06	vlc -- arbitrary code execution in the RealMedia processor
2008-12-06	mantis -- php code execution vulnerability
2008-12-06	mantis -- multiple vulnerabilities
2008-12-04	squirrelmail -- Cross site scripting vulnerability
2008-11-29	openoffice -- arbitrary code execution vulnerabilities
2008-11-29	wordpress -- header rss feed script insertion vulnerability
2008-11-29	samba -- potential leakage of arbitrary memory contents
2008-11-29	hplip -- hpssd Denial of Service
2008-11-29	cups -- potential buffer overflow in PNG reading code
2008-11-24	imlib2 -- XPM processing buffer overflow vulnerability
2008-11-23	streamripper -- multiple buffer overflows
2008-11-22	mantis -- session hijacking vulnerability
2008-11-19	dovecot -- ACL plugin bypass vulnerabilities
2008-11-19	libxml2 -- multiple vulnerabilities
2008-11-19	openfire -- multiple vulnerabilities
2008-11-18	syslog-ng2 -- startup directory leakage in the chroot environment
2008-11-18	enscript -- arbitrary code execution vulnerability
2008-11-16	gnutls -- X.509 certificate chain validation vulnerability
2008-11-14	net-snmp -- DoS for SNMP agent via crafted GETBULK request
2008-11-13	mozilla -- multiple vulnerabilities
2008-11-12	faad2 -- heap overflow vulnerability
2008-11-10	clamav -- off-by-one heap overflow in VBA project parser
2008-11-09	trac -- potential DOS vulnerability
2008-11-08	vlc -- cue processing stack overflow
2008-11-07	emacs -- run-python vulnerability
2008-11-03	opera -- multiple vulnerabilities
2008-11-02	qemu -- Heap overflow in Cirrus emulation
2008-10-31	phpmyadmin -- Cross-Site Scripting Vulnerability
2008-10-28	opera -- multiple vulnerabilities
2008-10-27	libspf2 -- Buffer overflow
2008-10-25	openx -- sql injection vulnerability
2008-10-25	flyspray -- multiple vulnerabilities
2008-10-24	wordpress -- snoopy "_httpsrequest()" shell command execution vulnerability
2008-10-22	drupal -- multiple vulnerabilities
2008-10-22	wordpress -- remote privilege escalation
2008-10-19	libxine -- denial of service vulnerability
2008-10-17	linux-flashplugin -- multiple vulnerabilities
2008-10-15	libxml2 -- two vulnerabilities
2008-10-12	drupal -- multiple vulnerabilities
2008-10-10	cups -- multiple vulnerabilities
2008-10-10	opera -- multiple vulnerabilities
2008-10-01	mysql -- command line client input validation vulnerability
2008-10-01	mplayer -- multiple integer overflows
2008-09-27	lighttpd -- multiple vulnerabilities
2008-09-26	bitlbee -- account recreation security issues
2008-09-24	mozilla -- multiple vulnerabilities
2008-09-23	squirrelmail -- Session hijacking vulnerability
2008-09-23	proftpd -- Long Command Processing Vulnerability
2008-09-23	phpmyadmin -- Cross-Site Scripting Vulnerability
2008-09-19	gallery -- multiple vulnerabilities
2008-09-17	phpmyadmin -- Code execution vulnerability
2008-09-14	twiki -- Arbitrary code execution in session files
2008-09-12	neon -- NULL pointer dereference in Digest domain support
2008-09-12	clamav -- CHM Processing Denial of Service
2008-09-11	horde -- multiple vulnerabilities
2008-09-10	python -- multiple vulnerabilities
2008-09-10	mysql -- MyISAM table privileges security bypass vulnerability
2008-09-10	rubygem-rails -- SQL injection vulnerability
2008-09-05	FreeBSD -- Remote kernel panics on IPv6 connections
2008-09-05	FreeBSD -- nmount(2) local arbitrary code execution
2008-09-05	FreeBSD -- amd64 swapgs local privilege escalation
2008-08-25	opera -- multiple vulnerabilities
2008-08-21	gnutls -- "gnutls_handshake()" Denial of Service
2008-08-20	joomla -- flaw in the reset token validation
2008-08-19	cdf3 -- Buffer overflow vulnerability
2008-08-18	drupal -- multiple vulnerabilities
2008-08-16	ruby -- multiple vulnerabilities in safe level
2008-08-16	ruby -- DoS vulnerability in WEBrick
2008-08-16	ruby -- DNS spoofing vulnerability
2008-08-15	Bugzilla -- Directory Traversal in importxml.pl
2008-08-07	openvpn-devel -- arbitrary code execution
2008-07-18	phpmyadmin -- cross site request forgery vulnerabilites
2008-07-13	drupal -- multiple vulnerabilities
2008-07-13	FreeBSD -- DNS cache poisoning
2008-07-09	poppler -- uninitialized pointer
2008-07-04	py-pylons -- Path traversal bug
2008-07-03	FreeType 2 -- Multiple Vulnerabilities
2008-07-01	fetchmail -- potential crash in -v -v verbose mode (revised patch)
2008-06-28	phpmyadmin -- Cross Site Scripting Vulnerabilities
2008-06-24	apache -- multiple vulnerabilities
2008-06-22	php -- input validation error in safe_mode
2008-06-21	vim -- Vim Shell Command Injection Vulnerabilities
2008-06-21	ruby -- multiple integer and buffer overflow vulnerabilities
2008-06-20	fetchmail -- potential crash in -v -v verbose mode
2008-06-15	xorg -- multiple vulnerabilities
2008-06-14	moinmoin -- superuser privilege escalation
2008-06-13	Courier Authentication Library -- SQL Injection
2008-06-01	ikiwiki -- cleartext passwords
2008-05-31	ikiwiki -- empty password security hole
2008-05-30	linux-flashplugin -- unspecified remote code execution vulnerability
2008-05-28	Nagios -- Cross Site Scripting Vulnerability
2008-05-27	spamdyke -- open relay
2008-05-21	peercast -- arbitrary code execution
2008-05-17	libvorbis -- various security issues
2008-05-14	django -- XSS vulnerability
2008-05-11	vorbis-tools -- Speex header processing vulnerability
2008-05-08	qemu -- "drive_init()" Disk Format Security Bypass
2008-05-07	swfdec -- exposure of sensitive information
2008-05-02	mt-daapd -- integer overflow
2008-05-02	sdl_image -- buffer overflow vulnerabilities
2008-04-26	gnupg -- memory corruption vulnerability
2008-04-25	extman -- password bypass vulnerability
2008-04-25	mailman -- script insertion vulnerability
2008-04-25	mksh -- TTY attachment privilege escalation
2008-04-25	serendipity -- multiple cross site scripting vulnerabilities
2008-04-25	firefox -- javascript garbage collector vulnerability
2008-04-25	png -- unknown chunk processing uninitialized memory access
2008-04-25	openfire -- unspecified denial of service
2008-04-25	php -- integer overflow vulnerability
2008-04-25	python -- Integer Signedness Error in zlib Module
2008-04-24	postgresql -- multiple vulnerabilities
2008-04-24	phpmyadmin -- Shared Host Information Disclosure
2008-04-24	phpmyadmin -- Username/Password Session File Information Disclosure
2008-04-24	libxine -- array index vulnerability
2008-04-15	clamav -- Multiple Vulnerabilities
2008-04-13	lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability
2008-04-13	ikiwiki -- cross site request forging
2008-04-06	postfix-policyd-weight -- working directory symlink vulnerability
2008-04-05	powerdns-recursor -- DNS cache poisoning
2008-04-05	suphp -- multiple local privilege escalation vulnerabilities
2008-04-05	opera -- multiple vulnerabilities
2008-03-30	mozilla -- multiple vulnerabilities
2008-03-26	silc -- pkcs_decode buffer overflow
2008-03-20	bzip2 -- crash with certain malformed archive files
2008-03-11	qemu -- unchecked block read/write vulnerability
2008-03-10	dovecot -- security hole in blocking passdbs
2008-03-06	mplayer -- multiple vulnerabilities
2008-03-05	ghostscript -- zseticcspace() function buffer overflow vulnerability
2008-03-04	phpmyadmin -- SQL injection vulnerability
2008-02-29	pcre -- buffer overflow vulnerability
2008-02-26	libxine -- buffer overflow vulnerability
2008-02-25	coppermine -- multiple vulnerabilities
2008-02-25	moinmoin -- multiple vulnerabilities
2008-02-22	opera -- multiple vulnerabilities
2008-02-22	mozilla -- multiple vulnerabilities
2008-02-22	openldap -- modrdn Denial of Service vulnerability
2008-02-15	clamav -- ClamAV libclamav PE File Integer Overflow Vulnerability
2008-02-12	cacti -- Multiple security vulnerabilities have been discovered
2008-02-11	ikiwiki -- javascript insertion via uris
2008-02-09	zenphoto -- XSS vulnerability
2008-02-04	jetty -- multiple vulnerability
2008-01-29	libxine -- buffer overflow vulnerability
2008-01-23	xorg -- multiple vulnerabilities
2008-01-22	xfce -- multiple vulnerabilities
2008-01-22	claws-mail -- insecure temporary file creation
2008-01-19	IRC Services-- Denial of Service Vulnerability
2008-01-19	libxine -- buffer overflow vulnerability
2008-01-15	geeklog xss vulnerability
2008-01-11	drupal -- cross site request forgery
2008-01-11	drupal -- cross site scripting (utf8)
2008-01-11	drupal -- cross site scripting (register_globals)
2008-01-10	maradns -- CNAME record resource rotation denial of service
2008-01-04	linux-realplayer -- multiple vulnerabilities
2008-01-03	linux-flashplugin -- multiple vulnerabilities
2007-12-29	dovecot -- Specific LDAP + auth cache configuration may mix up user logins
2007-12-25	gallery2 -- multiple vulnerabilities
2007-12-20	e2fsprogs -- heap buffer overflow
2007-12-19	wireshark -- multiple vulnerabilities
2007-12-19	opera -- multiple vulnerabilities
2007-12-19	peercast -- buffer overflow vulnerability
2007-12-17	ganglia-webfrontend -- XSS vulnerabilities
2007-12-12	qemu -- Translation Block Local Denial of Service Vulnerability
2007-12-12	drupal -- SQL injection vulnerability
2007-12-12	samba -- buffer overflow vulnerability
2007-12-12	smbftpd -- format string vulnerability
2007-12-10	jetty -- multiple vulnerabilities
2007-12-08	liveMedia -- DoS vulnerability
2007-12-05	GNU finger vulnerability
2007-12-04	Squid -- Denial of Service Vulnerability
2007-11-28	rubygem-rails -- JSON XSS vulnerability
2007-11-27	rubygem-rails -- session-fixation vulnerability
2007-11-27	ikiwiki -- improper symlink verification vulnerability
2007-11-27	firefox -- multiple remote unspecified memory corruption vulnerabilities
2007-11-21	phpmyadmin -- Cross Site Scripting
2007-11-21	samba -- multiple vulnerabilities
2007-11-16	php -- multiple security vulnerabilities
2007-11-13	net-snmp -- denial of service via GETBULK request
2007-11-13	flac -- media file processing integer overflow vulnerabilities
2007-11-12	mt-daapd -- denial of service vulnerability
2007-11-12	xpdf -- multiple remote Stream.CC vulnerabilities
2007-11-12	plone -- unsafe data interpreted as pickles
2007-11-11	phpmyadmin -- cross-site scripting vulnerability
2007-11-09	gallery2 -- multiple vulnerabilities
2007-11-09	tikiwiki -- multiple vulnerabilities
2007-11-09	cups -- off-by-one buffer overflow
2007-11-06	perl -- regular expressions unicode data buffer overflow
2007-11-06	pcre -- arbitrary code execution
2007-11-05	perdition -- str_vwrite format string vulnerability
2007-11-05	gftp -- multiple vulnerabilities
2007-11-04	dircproxy -- remote denial of service
2007-11-01	wordpress -- cross-site scripting
2007-10-30	openldap -- multiple remote denial of service vulnerabilities
2007-10-27	py-django -- denial of service vulnerability
2007-10-25	opera -- multiple vulnerabilities
2007-10-24	drupal --- multiple vulnerabilities
2007-10-23	ldapscripts -- Command Line User Credentials Disclosure
2007-10-22	firefox -- OnUnload Javascript browser entrapment vulnerability
2007-10-17	phpmyadmin -- cross-site scripting vulnerability
2007-10-16	phpmyadmin -- cross-site scripting vulnerability
2007-10-11	nagios-plugins -- Long Location Header Buffer Overflow Vulnerability
2007-10-11	png -- multiple vulnerabilities
2007-10-10	ImageMagick -- multiple vulnerabilities
2007-10-08	jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented
2007-10-08	xfs -- multiple vulnerabilites
2007-10-05	tcl/tk -- buffer overflow in ReadImage function
2007-10-04	firebird -- multiple remote buffer overflow vulnerabilities
2007-10-01	id3lib -- insecure temporary file creation
2007-09-21	mediawiki -- cross site scripting vulnerability
2007-09-21	wordpress -- remote sql injection vulnerability
2007-09-21	samba -- nss_info plugin privilege escalation vulnerability
2007-09-21	bugzilla -- multiple vulnerabilities
2007-09-21	clamav -- multiple remote Denial of Service vulnerabilities
2007-09-20	coppermine -- multiple vulnerabilities
2007-09-20	openoffice -- arbitrary command execution vulnerability
2007-09-20	bugzilla -- "createmailregexp" security bypass vulnerability
2007-09-19	konquerer -- address bar spoofing
2007-09-19	kdm -- passwordless login vulnerability
2007-09-19	flyspray -- authentication bypass
2007-09-19	mozilla -- code execution via Quicktime media-link files
2007-09-11	php -- multiple vulnerabilities
2007-09-11	apache -- multiple vulnerabilities
2007-09-10	lighttpd -- FastCGI header overrun in mod_fastcgi
2007-09-05	rkhunter -- insecure temporary file creation
2007-09-05	lsh -- multiple vulnerabilities
2007-09-02	fetchmail -- denial of service on reject of local warning message
2007-09-01	gtar -- Directory traversal vulnerability
2007-08-27	claws-mail -- POP3 Format String Vulnerability
2007-08-21	rsync -- off by one stack overflow
2007-08-15	opera -- Vulnerability in javascript handling
2007-08-02	fsplib -- multiple vulnerabilities
2007-08-02	joomla -- multiple vulnerabilities
2007-08-02	FreeBSD -- Buffer overflow in tcpdump(1)
2007-08-02	FreeBSD -- Predictable query ids in named(8)
2007-07-31	xpdf -- stack based buffer overflow
2007-07-29	mutt -- buffer overflow vulnerability
2007-07-28	p5-Net-DNS -- multiple Vulnerabilities
2007-07-28	phpsysinfo -- url Cross-Site Scripting
2007-07-28	drupal -- Cross site request forgeries
2007-07-28	drupal -- Multiple cross-site scripting vulnerabilities
2007-07-27	vim -- Command Format String Vulnerability
2007-07-26	libvorbis -- Multiple memory corruption flaws
2007-07-24	tomcat -- XSS vulnerability in sample applications
2007-07-24	tomcat -- multiple vulnerabilities
2007-07-24	dokuwiki -- XSS vulnerability in spellchecker backend
2007-07-21	lighttpd -- multiple vulnerabilities
2007-07-19	opera -- multiple vulnerabilities
2007-07-19	mozilla -- multiple vulnerabilities
2007-07-18	linux-flashplugin -- critical vulnerabilities
2007-07-06	wireshark -- Multiple problems
2007-07-03	typespeed -- arbitrary code execution
2007-06-29	gd -- multiple vulnerabilities
2007-06-28	flac123 -- stack overflow in comment parsing
2007-06-25	evolution-data-server -- remote execution of arbitrary code vulnerability
2007-06-21	xpcd -- buffer overflow
2007-06-19	clamav -- multiple vulnerabilities
2007-06-18	vlc -- format string vulnerability and integer overflow
2007-06-18	p5-Mail-SpamAssassin -- local user symlink-attack DoS vulnerability
2007-06-12	cups -- Incomplete SSL Negotiation Denial of Service
2007-06-09	c-ares -- DNS Cache Poisoning Vulnerability
2007-06-09	wordpress -- XMLRPC SQL Injection
2007-06-09	wordpress -- unmoderated comments disclosure
2007-06-09	webmin -- cross site scripting vulnerability
2007-06-07	mplayer -- cddb stack overflow
2007-06-05	mod_jk -- information disclosure
2007-06-04	typo3 -- email header injection
2007-06-04	phppgadmin -- cross site scripting vulnerability
2007-06-01	findutils -- GNU locate heap buffer overrun
2007-05-24	FreeType 2 -- Heap overflow vulnerability
2007-05-23	FreeBSD -- heap overflow in file(1)
2007-05-21	squirrelmail -- Cross site scripting in HTML filter
2007-05-16	png -- DoS crash vulnerability
2007-05-16	samba -- multiple vulnerabilities
2007-05-07	php -- multiple vulnerabilities
2007-05-01	qemu -- several vulnerabilities
2007-04-30	p5-Imager -- possibly exploitable buffer overflow
2007-04-28	FreeBSD -- IPv6 Routing Header 0 is dangerous
2007-04-24	mod_perl -- remote DoS in PATH_INFO parsing
2007-04-19	claws-mail -- APOP vulnerability
2007-04-14	lighttpd -- DOS when access files with mtime 0
2007-04-14	lighttpd -- Remote DOS in CRLF parsing
2007-04-13	freeradius -- EAP-TTLS Tunnel Memory Leak Remote DOS Vulnerability
2007-04-09	fetchmail -- insecure APOP authentication
2007-04-08	mcweject -- exploitable buffer overflow
2007-04-08	WebCalendar -- "noSet" variable overwrite vulnerability
2007-04-05	zope -- cross-site scripting vulnerability
2007-03-21	Squid -- TRACE method handling denial of service
2007-03-16	sql-ledger -- security bypass vulnerability
2007-03-16	samba -- potential Denial of Service bug in smbd
2007-03-16	samba -- format string bug in afsacl.so VFS plugin
2007-03-11	ktorrent -- multiple vulnerabilities
2007-03-09	mplayer -- DMO File Parsing Buffer Overflow Vulnerability
2007-03-09	trac -- cross site scripting vulnerability
2007-03-05	mod_jk -- long URL stack overflow vulnerability
2007-02-27	bind -- Multiple Denial of Service vulnerabilities
2007-02-27	FreeBSD -- Jail rc.d script privilege escalation
2007-02-27	gtar -- name mangling symlink vulnerability
2007-02-27	FreeBSD -- Kernel memory disclosure in firewire(4)
2007-02-26	libarchive -- Infinite loop in corrupt archives handling in libarchive
2007-02-26	OpenSSL -- Multiple problems in crypto(3)
2007-02-24	mozilla -- multiple vulnerabilities
2007-02-21	snort -- DCE/RPC preprocessor vulnerability
2007-02-17	rar -- password prompt buffer overflow vulnerability
2007-02-17	php -- multiple vulnerabilities
2007-01-17	joomla -- multiple remote vulnerabilities
2007-01-15	sircd -- remote reverse DNS buffer overflow
2007-01-15	sircd -- remote operator privilege escalation vulnerability
2007-01-12	cacti -- Multiple vulnerabilities
2007-01-08	mplayer -- buffer overflow in the code for RealMedia RTSP streams.
2007-01-06	fetchmail -- crashes when refusing a message bound for an MDA
2007-01-06	fetchmail -- TLS enforcement problem/MITM attack/password exposure
2007-01-05	opera -- multiple vulnerabilities
2007-01-05	drupal -- multiple vulnerabilities
2007-01-03	w3m -- format string vulnerability
2006-12-27	plone -- user can masquerade as a group
2006-12-21	proftpd -- remote code execution vulnerabilities
2006-12-19	gzip -- multiple vulnerabilities
2006-12-19	bind9 -- Denial of Service in named(8)
2006-12-19	openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3)
2006-12-18	sql-ledger -- multiple vulnerabilities
2006-12-14	dbus -- match_rule_equal() Weakness
2006-12-14	evince -- Buffer Overflow Vulnerability
2006-12-13	tdiary -- injection vulnerability
2006-12-13	wv -- Multiple Integer Overflow Vulnerabilities
2006-12-13	wv2 -- Integer Overflow Vulnerability
2006-12-12	clamav -- Multipart Nestings Denial of Service
2006-12-11	tnftpd -- Remote root Exploit
2006-12-07	libxine -- multiple buffer overflow vulnerabilities
2006-12-07	gnupg -- remotely controllable function pointer
2006-12-04	ruby -- cgi.rb library Denial of Service
2006-12-02	libmusicbrainz -- multiple buffer overflow vulnerabilities
2006-12-02	tdiary -- cross site scripting vulnerability
2006-12-02	ImageMagick -- SGI Image File heap overflow vulnerability
2006-11-30	gtar -- GNUTYPE_NAMES directory traversal vulnerability
2006-11-30	kronolith -- arbitrary local file inclusion vulnerability
2006-11-27	gnupg -- buffer overflow
2006-11-14	proftpd -- Remote Code Execution Vulnerability
2006-11-14	unzoo -- Directory Traversal Vulnerability
2006-11-11	bugzilla -- multiple vulnerabilities
2006-11-08	Imlib2 -- multiple image file processing vulnerabilities
2006-11-04	ruby -- cgi.rb library Denial of Service
2006-10-29	screen -- combined UTF-8 characters vulnerability
2006-10-29	mysql -- database suid privilege escalation
2006-10-29	mysql -- database "case-sensitive" privilege escalation
2006-10-22	kdelibs -- integer overflow in khtml
2006-10-21	Serendipity -- XSS Vulnerabilities
2006-10-20	opera -- URL parsing heap overflow vulnerability
2006-10-20	asterisk -- remote heap overwrite vulnerability
2006-10-19	plone -- unprotected MembershipTool methods
2006-10-18	drupal -- HTML attribute injection
2006-10-18	drupal -- cross site request forgeries
2006-10-18	drupal -- multiple XSS vulnerabilities
2006-10-18	ingo -- local arbitrary shell command execution
2006-10-16	nvidia-driver -- arbitrary root code execution vulnerability
2006-10-16	clamav -- CHM unpacker and PE rebuilding vulnerabilities
2006-10-15	tkdiff -- temporary file symlink privilege escalation
2006-10-15	vtiger -- multiple remote file inclusion vulnerabilities
2006-10-14	google-earth -- heap overflow in the KML engine
2006-10-07	torrentflux -- User-Agent XSS Vulnerability
2006-10-07	python -- buffer overrun in repr() for unicode strings
2006-10-06	php -- _ecalloc Integer Overflow Vulnerability
2006-10-05	mambo -- multiple SQL injection vulnerabilities
2006-10-05	tin -- buffer overflow vulnerabilities
2006-10-05	openldap -- slapd acl selfwrite Security Issue
2006-10-05	mono -- "System.CodeDom.Compiler" Insecure Temporary Creation
2006-10-05	php -- open_basedir Race Condition Vulnerability
2006-10-04	phpbb -- NULL byte injection vulnerability
2006-10-03	postnuke -- admin section SQL injection
2006-10-02	freetype -- LWFN Files Buffer Overflow Vulnerability
2006-10-02	cscope -- Buffer Overflow Vulnerabilities
2006-10-02	gnutls -- RSA Signature Forgery Vulnerability
2006-10-02	MT -- Search Unspecified XSS
2006-10-02	phpmyadmin -- XSRF vulnerabilities
2006-09-30	openssh -- multiple vulnerabilities
2006-09-30	dokuwiki -- multiple vulnerabilities
2006-09-30	dokuwiki -- multiple vulnerabilities
2006-09-30	tikiwiki -- multiple vulnerabilities
2006-09-30	punbb -- NULL byte injection vulnerability
2006-09-26	freeciv -- Denial of Service Vulnerabilities
2006-09-26	freeciv -- Packet Parsing Denial of Service Vulnerability
2006-09-26	plans -- multiple vulnerabilities
2006-09-25	eyeOS -- multiple XSS security bugs
2006-09-22	zope -- restructuredText "csv_table" Information Disclosure
2006-09-22	libmms -- stack-based buffer overflow
2006-09-22	opera -- RSA Signature Forgery
2006-09-15	mozilla -- multiple vulnerabilities
2006-09-14	win32-codecs -- multiple vulnerabilities
2006-09-13	php -- multiple vulnerabilities
2006-09-13	drupal-pubcookie -- authentication may be bypassed
2006-09-12	linux-flashplugin7 -- arbitrary code execution vulnerabilities
2006-09-04	mailman -- Multiple Vulnerabilities
2006-09-02	hlstats -- multiple cross site scripting vulnerabilities
2006-09-02	gtetrinet -- remote code execution
2006-08-30	joomla -- multiple vulnerabilities
2006-08-23	sppp -- buffer overflow vulnerability
2006-08-17	horde -- Phishing and Cross-Site Scripting Vulnerabilities
2006-08-15	globus -- Multiple tmpfile races
2006-08-13	x11vnc -- authentication bypass vulnerability
2006-08-13	alsaplayer -- multiple vulnerabilities
2006-08-13	postgresql -- encoding based SQL injection
2006-08-13	postgresql -- multiple vulnerabilities
2006-08-13	mysql -- format string vulnerability
2006-08-12	squirrelmail -- random variable overwrite vulnerability
2006-08-10	rubygem-rails -- evaluation of ruby code
2006-08-08	clamav -- heap overflow vulnerability
2006-08-02	drupal -- XSS vulnerability
2006-08-02	gnupg -- 2 more possible memory allocation attacks
2006-07-29	ruby -- multiple vulnerabilities
2006-07-28	apache -- mod_rewrite buffer overflow vulnerability
2006-07-27	mozilla -- multiple vulnerabilities
2006-07-14	zope -- information disclosure vulnerability
2006-07-13	drupal -- multiple vulnerabilities
2006-07-11	shoutcast -- cross-site scripting, information exposure
2006-07-10	samba -- memory exhaustion DoS in smbd
2006-07-10	twiki -- multiple file extensions file upload vulnerability
2006-07-07	trac -- reStructuredText breach of privacy and denial of service vulnerability
2006-07-05	horde -- various problems in dereferrer
2006-07-05	mambo -- SQL injection vulnerabilities
2006-07-03	phpmyadmin -- cross site scripting vulnerability
2006-07-02	webmin, usermin -- arbitrary file disclosure vulnerability
2006-06-30	mutt -- Remote Buffer Overflow Vulnerability
2006-06-30	Joomla -- multiple vulnerabilities
2006-06-27	hashcash -- heap overflow vulnerability
2006-06-25	gnupg -- user id integer overflow vulnerability
2006-06-17	horde -- multiple parameter cross site scripting vulnerabilities
2006-06-16	WebCalendar -- information disclosure vulnerability
2006-06-14	sendmail -- Incorrect multipart message handling
2006-06-11	dokuwiki -- multiple vulnerabilities
2006-06-11	libxine -- buffer overflow vulnerability
2006-06-09	smbfs -- chroot escape
2006-06-09	ypserv -- Inoperative access controls in ypserv
2006-06-08	freeradius -- multiple vulnerabilities
2006-06-08	freeradius -- authentication bypass vulnerability
2006-06-05	squirrelmail -- plugin.php local file inclusion vulnerability
2006-06-05	dokuwiki -- spellchecker remote PHP code execution
2006-06-05	drupal -- multiple vulnerabilities
2006-06-01	MySQL -- SQL-injection security vulnerability
2006-06-01	MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities
2006-05-23	frontpage -- cross site scripting vulnerability
2006-05-23	cscope -- buffer overflow vulnerabilities
2006-05-22	coppermine -- Multiple File Extensions Vulnerability
2006-05-22	coppermine -- "file" Local File Inclusion Vulnerability
2006-05-22	coppermine -- File Inclusion Vulnerabilities
2006-05-21	phpmyadmin -- XSRF vulnerabilities
2006-05-18	vnc -- authentication bypass vulnerability
2006-05-14	phpldapadmin -- Cross-Site Scripting and Script Insertion vulnerabilities
2006-05-06	fswiki -- XSS vulnerability
2006-05-06	mysql50-server -- COM_TABLE_DUMP arbitrary code execution
2006-05-05	awstats -- arbitrary command execution vulnerability
2006-05-03	phpwebftp -- "language" Local File Inclusion
2006-05-03	firefox -- denial of service vulnerability
2006-05-03	clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability
2006-05-02	trac -- Wiki Macro Script Insertion Vulnerability
2006-05-01	jabberd -- SASL Negotiation Denial of Service Vulnerability
2006-04-27	cacti -- ADOdb "server.php" Insecure Test Script Security Issue
2006-04-27	amaya -- Attribute Value Buffer Overflow Vulnerabilities
2006-04-27	lifetype -- ADOdb "server.php" Insecure Test Script Security Issue
2006-04-27	ethereal -- Multiple Protocol Dissector Vulnerabilities
2006-04-25	asterisk -- denial of service vulnerability, local system access
2006-04-23	zgv, xzgv -- heap overflow vulnerability
2006-04-23	crossfire-server -- denial of service and remote code execution vulnerability
2006-04-23	p5-DBI -- insecure temporary file creation vulnerability
2006-04-23	wordpress -- full path disclosure
2006-04-23	xine -- multiple remote string vulnerabilities
2006-04-22	cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service
2006-04-19	FreeBSD -- FPU information disclosure
2006-04-18	plone -- "member_id" Parameter Portrait Manipulation Vulnerability
2006-04-16	mozilla -- multiple vulnerabilities
2006-04-16	mailman -- Private Archive Script Cross-Site Scripting
2006-04-10	f2c -- insecure temporary files
2006-04-07	mplayer -- Multiple integer overflows
2006-04-07	kaffeine -- buffer overflow vulnerability
2006-04-07	thunderbird -- javascript execution
2006-04-06	phpmyadmin -- XSS vulnerabilities
2006-04-06	phpmyadmin -- 'set_theme' Cross-Site Scripting
2006-04-06	clamav -- Multiple Vulnerabilities
2006-04-05	mediawiki -- hardcoded placeholder string security bypass vulnerability
2006-04-05	netpbm -- buffer overflow in pnmtopng
2006-04-05	zoo -- stack based buffer overflow
2006-04-05	mediawiki -- cross site scripting vulnerability
2006-04-05	dia -- XFig Import Plugin Buffer Overflow
2006-04-05	openvpn -- LD_PRELOAD code execution on client through malicious or compromised server
2006-04-05	samba -- Exposure of machine account credentials in winbind log files
2006-04-05	mod_pubcookie -- cross site scripting vulnerability
2006-04-05	pubcookie-login-server -- cross site scripting vulnerability
2006-03-29	freeradius -- EAP-MSCHAPv2 Authentication Bypass
2006-03-28	horde -- remote code execution vulnerability in the help viewer
2006-03-27	linux-realplayer -- buffer overrun
2006-03-27	linux-realplayer -- heap overflow
2006-03-24	sendmail -- race condition vulnerability
2006-03-24	OPIE -- arbitrary password change
2006-03-24	ipsec -- reply attack vulnerability
2006-03-21	xorg-server -- privilege escalation
2006-03-20	heimdal -- Multiple vulnerabilities
2006-03-20	curl -- TFTP packet buffer overflow vulnerability
2006-03-17	drupal -- multiple vulnerabilities
2006-03-15	horde -- "url" disclosure of sensitive information vulnerability
2006-03-15	linux-flashplugin -- arbitrary code execution vulnerability
2006-03-12	nfs -- remote denial of service
2006-03-12	openssh -- remote denial of service
2006-03-10	GnuPG does not detect injection of unsigned data
2006-03-09	mplayer -- heap overflow in the ASF demuxer
2006-03-04	SSH.COM SFTP server -- format string vulnerability
2006-03-03	gtar -- invalid headers buffer overflow
2006-02-27	bugzilla -- multiple vulnerabilities
2006-02-24	squirrelmail -- multiple vulnerabilities
2006-02-20	gedit -- format string vulnerability
2006-02-20	WebCalendar -- unauthorized access vulnerability
2006-02-20	abiword, koffice -- stack based buffer overflow vulnerabilities
2006-02-18	postgresql81-server -- SET ROLE privilege escalation
2006-02-17	gnupg -- false positive signature verification
2006-02-16	rssh -- privilege escalation vulnerability
2006-02-16	tor -- malicious tor server can locate a hidden service
2006-02-16	sudo -- arbitrary command execution
2006-02-16	libtomcrypt -- weak signature scheme with ECC keys
2006-02-16	mantis -- "view_filters_page.php" cross site scripting vulnerability
2006-02-16	phpbb -- multiple vulnerabilities
2006-02-16	postgresql -- character conversion and tsearch2 vulnerabilities
2006-02-16	heartbeat -- insecure temporary file creation vulnerability
2006-02-15	kpdf -- heap based buffer overflow
2006-02-15	perl, webmin, usermin -- perl format string integer wrap vulnerability
2006-02-15	phpicalendar -- cross site scripting vulnerability
2006-02-15	phpicalendar -- file disclosure vulnerability
2006-02-14	FreeBSD -- Infinite loop in SACK handling
2006-02-14	pf -- IP fragment handling panic
2006-02-14	FreeBSD -- Local kernel memory disclosure
2006-02-14	IEEE 802.11 -- buffer overflow
2006-02-14	ipfw -- IP fragment denial of service
2006-02-07	kpopup -- local root exploit and local denial of service
2006-01-27	cpio -- multiple vulnerabilities
2006-01-27	ee -- temporary file privilege escalation
2006-01-27	texindex -- temporary file privilege escalation
2006-01-27	cvsbug -- race condition
2006-01-23	sge -- local root exploit in bundled rsh executable
2006-01-23	fetchmail -- crash when bouncing a message
2006-01-10	clamav -- possible heap overflow in the UPX code
2006-01-09	milter-bogom -- headerless message crash
2006-01-07	bogofilter -- heap corruption through excessively long words
2006-01-07	bogofilter -- heap corruption through malformed input
2006-01-04	rxvt-unicode -- restore permissions on tty devices
2006-01-01	apache -- mod_imap cross-site scripting flaw
2005-12-22	nbd-server -- buffer overflow vulnerability
2005-12-22	scponly -- local privilege escalation exploits
2005-12-19	fetchmail -- null pointer dereference in multidrop mode with headerless email
2005-12-14	mantis -- "t_core_path" file inclusion vulnerability
2005-12-14	mantis -- "view_filters_page.php" cross-site scripting vulnerability
2005-12-11	mnemo -- Cross site scripting vulnerabilities in several of the notepad name and note data fields
2005-12-11	nag -- Cross site scripting vulnerabilities in several of the tasklist name and task data fields
2005-12-11	turba -- Cross site scripting vulnerabilities in several of the address book name and contact data fields
2005-12-11	kronolith -- Cross site scripting vulnerabilities in several of the calendar name and event data fields
2005-12-11	horde -- Cross site scripting vulnerabilities in several of Horde's templates
2005-12-09	curl -- URL buffer overflow vulnerability
2005-12-07	phpmyadmin -- register_globals emulation "import_blacklist" manipulation
2005-12-07	phpmyadmin -- XSS vulnerabilities
2005-12-07	ffmpeg -- libavcodec buffer overflow vulnerability
2005-12-07	trac -- search module SQL injection vulnerability
2005-12-01	drupal -- multiple vulnerabilities
2005-11-30	opera -- multiple vulnerabilities
2005-11-30	opera -- command line URL shell command injection
2005-11-30	mambo -- "register_globals" emulation layer overwrite vulnerability
2005-11-27	ghostscript -- insecure temporary file creation vulnerability
2005-11-22	horde -- Cross site scripting vulnerabilities in MIME viewers
2005-11-16	phpmyadmin -- HTTP Response Splitting vulnerability
2005-11-13	phpSysInfo -- "register_globals" emulation layer overwrite vulnerability
2005-11-13	Macromedia flash player -- swf file handling arbitrary code
2005-11-10	flyspray -- cross-site scripting vulnerabilities
2005-11-10	p5-Mail-SpamAssassin -- long message header denial of service
2005-11-07	qpopper -- multiple privilege escalation vulnerabilities
2005-11-04	pear-PEAR -- PEAR installer arbitrary code execution vulnerability
2005-11-01	openvpn -- potential denial-of-service on servers in TCP mode
2005-11-01	openvpn -- arbitrary code execution on client through malicious or compromised server
2005-11-01	PHP -- multiple vulnerabilities
2005-11-01	skype -- multiple buffer overflow vulnerabilities
2005-11-01	squid -- FTP server response handling denial of service
2005-10-31	base -- PHP SQL injection vulnerability
2005-10-30	fetchmail -- fetchmailconf local password exposure
2005-10-30	lynx -- remote buffer overflow
2005-10-27	ruby -- vulnerability in the safe level settings
2005-10-20	xloadimage -- buffer overflows in NIFF image title handling
2005-10-18	snort -- Back Orifice preprocessor buffer overflow vulnerability
2005-10-15	WebCalendar -- remote file inclusion vulnerability
2005-10-15	gallery2 -- file disclosure vulnerability
2005-10-12	openssl -- potential SSL 2.0 rollback
2005-10-11	phpmyadmin -- local file inclusion vulnerability
2005-10-11	zope -- expose RestructuredText functionality to untrusted users
2005-10-09	libxine -- format string vulnerability
2005-10-05	imap-uw -- mailbox name handling remote buffer vulnerability
2005-10-02	weex -- remote format string vulnerability
2005-10-02	picasm -- buffer overflow vulnerability
2005-10-01	uim -- privilege escalation vulnerability
2005-10-01	cfengine -- arbitrary file overwriting vulnerability
2005-09-29	phpmyfaq -- SQL injection, takeover, path disclosure, remote code execution
2005-09-24	clamav -- arbitrary code execution and DoS vulnerabilities
2005-09-23	firefox & mozilla -- multiple vulnerabilities
2005-09-22	firefox & mozilla -- command line URL shell command injection
2005-09-17	apache -- Certificate Revocation List (CRL) off-by-one vulnerability
2005-09-17	squirrelmail -- _$POST variable handling allows for various attacks
2005-09-15	X11 server -- pixmap allocation vulnerability
2005-09-15	squid -- possible denial of service condition regarding NTLM authentication
2005-09-13	unzip -- permission race vulnerability
2005-09-10	firefox & mozilla -- buffer overflow vulnerability
2005-09-04	htdig -- cross site scripting vulnerability
2005-09-04	squid -- Denial Of Service Vulnerability in sslConnectTimeout
2005-09-04	squid -- Possible Denial Of Service Vulnerability in store.c
2005-09-03	bind9 -- denial of service
2005-09-03	bind -- buffer overrun vulnerability
2005-09-02	urban -- stack overflow vulnerabilities
2005-08-29	fswiki -- command injection vulnerability
2005-08-27	evolution -- remote format string vulnerabilities
2005-08-27	pam_ldap -- authentication bypass vulnerability
2005-08-26	pcre -- regular expression buffer overflow
2005-08-23	elm -- remote buffer overflow in Expires header
2005-08-19	openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server
2005-08-19	openvpn -- denial of service: malicious authenticated "tap" client can deplete server virtual memory
2005-08-19	openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients
2005-08-19	openvpn -- denial of service: client certificate validation can disconnect unrelated clients
2005-08-17	tor -- diffie-hellman handshake flaw
2005-08-16	acroread -- plug-in buffer overflow vulnerability
2005-08-15	pear-XML_RPC -- remote PHP code injection vulnerability
2005-08-14	awstats -- arbitrary code execution vulnerability
2005-08-12	libgadu -- multiple vulnerabilities
2005-08-12	gaim -- AIM/ICQ non-UTF-8 filename crash
2005-08-12	gaim -- AIM/ICQ away message buffer overflow
2005-08-12	xpdf -- disk fill DoS vulnerability
2005-08-09	gforge -- XSS and email flood vulnerabilities
2005-08-08	postnuke -- multiple vulnerabilities
2005-08-05	mambo -- multiple vulnerabilities
2005-08-05	ipsec -- Incorrect key usage in AES-XCBC-MAC
2005-08-05	zlib -- buffer overflow vulnerability
2005-08-05	devfs -- ruleset bypass
2005-08-03	proftpd -- format string vulnerabilities
2005-08-01	nbsmtp -- format string vulnerability
2005-07-31	sylpheed -- MIME-encoded file name buffer overflow vulnerability
2005-07-31	phpmyadmin -- cross site scripting vulnerability
2005-07-31	gnupg -- OpenPGP symmetric encryption vulnerability
2005-07-31	vim -- vulnerabilities in modeline handling: glob, expand
2005-07-30	tiff -- buffer overflow vulnerability
2005-07-30	opera -- image dragging vulnerability
2005-07-30	opera -- download dialog spoofing vulnerability
2005-07-30	ethereal -- multiple protocol dissectors vulnerabilities
2005-07-30	jabberd -- 3 buffer overflows
2005-07-26	apache -- http request smuggling
2005-07-25	clamav -- multiple remote buffer overflows
2005-07-23	isc-dhcpd -- format string vulnerabilities
2005-07-23	egroupware -- multiple cross-site scripting (XSS) and SQL injection vulnerabilities
2005-07-22	fetchmail -- denial of service/crash from malicious POP3 server
2005-07-21	dnrd -- remote buffer and stack overflow vulnerabilities
2005-07-21	PowerDNS -- LDAP backend fails to escape all queries
2005-07-20	fetchmail -- remote root/code injection from malicious POP3 server
2005-07-18	kdebase -- Kate backup file permission leak
2005-07-16	firefox & mozilla -- multiple vulnerabilities
2005-07-16	drupal -- PHP code execution vulnerabilities
2005-07-09	phpSysInfo -- cross site scripting vulnerability
2005-07-09	mysql-server -- insecure temporary file creation
2005-07-09	net-snmp -- fixproc insecure temporary file creation
2005-07-09	phpbb -- multiple vulnerabilities
2005-07-09	shtool -- insecure temporary file creation
2005-07-08	phppgadmin -- "formLanguage" local file inclusion vulnerability
2005-07-08	pear-XML_RPC -- information disclosure vulnerabilities
2005-07-08	ekg -- insecure temporary file creation
2005-07-08	bugzilla -- multiple vulnerabilities
2005-07-08	nwclient -- multiple vulnerabilities
2005-07-06	acroread -- insecure temporary file creation
2005-07-06	clamav -- cabinet file handling DoS vulnerability
2005-07-06	clamav -- MS-Expand file handling DoS vulnerability
2005-07-06	zlib -- buffer overflow vulnerability
2005-07-06	acroread -- buffer overflow vulnerability
2005-07-05	net-snmp -- remote DoS vulnerability
2005-07-05	cacti -- multiple vulnerabilities
2005-07-05	wordpress -- multiple vulnerabilities
2005-07-05	wordpress -- multiple vulnerabilities
2005-07-03	phpbb -- remote PHP code execution vulnerability
2005-07-03	pear-XML_RPC -- arbitrary remote code execution
2005-06-29	kernel -- ipfw packet matching errors with address tables
2005-06-29	bzip2 -- denial of service and permission race vulnerabilities
2005-06-29	kernel -- TCP connection stall denial of service
2005-06-24	ethereal -- multiple protocol dissectors vulnerabilities
2005-06-24	tor -- information disclosure
2005-06-24	linux-realplayer -- RealText parsing heap overflow
2005-06-23	ruby -- arbitrary command execution on XMLRPC server
2005-06-21	cacti -- potential SQL injection and cross site scripting attacks
2005-06-20	opera -- XMLHttpRequest security bypass
2005-06-20	opera -- "javascript:" URL cross-site scripting vulnerability
2005-06-20	opera -- redirection cross-site scripting vulnerability
2005-06-20	sudo -- local race condition vulnerability
2005-06-20	trac -- file upload/download vulnerability
2005-06-20	razor-agents -- denial of service vulnerability
2005-06-18	p5-Mail-SpamAssassin -- denial of service vulnerability
2005-06-18	squirrelmail -- Several cross site scripting vulnerabilities
2005-06-18	acroread -- XML External Entity vulnerability
2005-06-18	gzip -- directory traversal and permission race vulnerabilities
2005-06-18	tcpdump -- infinite loops in protocol decoding
2005-06-17	gaim -- Yahoo! remote crash vulnerability
2005-06-17	gaim -- MSN Remote DoS vulnerability
2005-06-17	gallery -- remote code injection via HTTP_POST_VARS
2005-06-17	gallery -- cross-site scripting
2005-06-17	kstars -- exploitable set-user-ID application fliccd
2005-06-17	fd_set -- bitmap index overflow in multiple applications
2005-06-09	leafnode -- denial of service vulnerability
2005-06-03	gforge -- directory traversal vulnerability
2005-06-03	imap-uw -- authentication bypass when CRAM-MD5 is enabled
2005-06-03	squid -- denial-of-service vulnerabilities
2005-06-03	racoon -- remote denial-of-service
2005-06-03	xli -- integer overflows in image size calculations
2005-06-03	xloadimage -- arbitrary command execution when handling compressed files
2005-06-03	xloadimage -- buffer overflow in FACES image handling
2005-06-03	yamt -- buffer overflow and directory traversal issues
2005-06-01	xview -- multiple buffer overflows in xv_parse_one
2005-06-01	xtrlock -- X display locking bypass
2005-06-01	linux_base -- vulnerabilities in Red Hat 7.1 libraries
2005-06-01	squirrelmail -- XSS and remote code injection vulnerabilities
2005-06-01	sympa -- buffer overflow in "queue"
2005-06-01	mailman -- generated passwords are poor quality
2005-06-01	mailman -- password disclosure
2005-06-01	tomcat -- Tomcat Manager cross-site scripting
2005-05-29	fswiki -- XSS problem in file upload form
2005-05-22	freeradius -- sql injection and denial of service vulnerability
2005-05-22	ppxp -- local root exploit
2005-05-22	oops -- format string vulnerability
2005-05-19	cdrdao -- unspecified privilege escalation vulnerability
2005-05-19	squid -- possible abuse of cachemgr.cgi
2005-05-19	squid -- DNS lookup spoofing vulnerability
2005-05-14	gaim -- MSN remote DoS vulnerability
2005-05-14	gaim -- remote crash on some protocols
2005-05-13	kernel -- information disclosure when using HTT
2005-05-13	leafnode -- fetchnews denial-of-service triggered by transmission abort/timeout
2005-05-12	mozilla -- privilege escalation via non-DOM property overrides
2005-05-12	mozilla -- "Wrapped" javascript: urls bypass security checks
2005-05-11	mozilla -- code execution via javascript: IconURL vulnerability
2005-05-09	groff -- pic2graph and eqn2graph are vulnerable to symlink attack through temporary files
2005-05-09	groff -- groffer uses temporary files unsafely
2005-05-01	sharutils -- unshar insecure temporary file creation
2005-05-01	rsnapshot -- local privilege escalation
2005-05-01	coppermine -- IP spoofing and XSS vulnerability
2005-04-27	ImageMagick -- ReadPNMImage() heap overflow vulnerability
2005-04-25	mplayer & libxine -- MMS and Real RTSP buffer overflow vulnerabilities
2005-04-25	gaim -- AIM/ICQ remote denial of service vulnerability
2005-04-25	gaim -- remote DoS on receiving malformed HTML
2005-04-23	kdewebdev -- kommander untrusted code execution vulnerability
2005-04-22	junkbuster -- heap corruption vulnerability and configuration modification vulnerability
2005-04-22	kdelibs -- kimgio input validation errors
2005-04-19	gld -- format string and buffer overflow vulnerabilities
2005-04-17	axel -- remote buffer overflow
2005-04-16	firefox -- PLUGINSPAGE privileged javascript execution
2005-04-16	jdk -- jar directory traversal vulnerability
2005-04-16	mozilla -- privilege escalation via DOM property overrides
2005-04-16	mozilla -- code execution through javascript: favicons
2005-04-16	mozilla -- javascript "lambda" replace exposes memory contents
2005-04-16	firefox -- arbitrary code execution in sidebar panel
2005-04-13	openoffice -- DOC document heap overflow vulnerability
2005-04-12	portupgrade -- insecure temporary file handling vulnerability
2005-04-10	gaim -- jabber remote crash
2005-04-10	gaim -- remote DoS on receiving certain messages over IRC
2005-04-10	gaim -- remote DoS on receiving malformed HTML
2005-04-10	php -- readfile() DoS vulnerability
2005-04-10	squid -- DoS on failed PUT/POST requests vulnerability
2005-04-05	horde -- Horde Page Title Cross-Site Scripting Vulnerability
2005-04-04	wu-ftpd -- remote globbing DoS vulnerability
2005-04-02	hashcash -- format string vulnerability
2005-03-26	clamav -- zip handling DoS vulnerability
2005-03-24	wine -- information disclosure due to insecure temporary file handling
2005-03-24	firefox -- arbitrary code execution from sidebar panel
2005-03-24	mozilla -- heap buffer overflow in GIF image processing
2005-03-23	sylpheed -- buffer overflow in header processing
2005-03-21	xv -- filename handling format string vulnerability
2005-03-21	kdelibs -- local DCOP denial of service vulnerability
2005-03-15	phpmyadmin -- increased privilege vulnerability
2005-03-14	ethereal -- multiple protocol dissectors vulnerabilities
2005-03-14	grip -- CDDB response multiple matches buffer overflow vulnerability
2005-03-14	mysql-server -- multiple remote vulnerabilities
2005-03-13	rxvt-unicode -- buffer overflow vulnerability
2005-03-08	phpmyadmin -- information disclosure vulnerability
2005-03-08	phpmyadmin -- arbitrary file include and XSS vulnerabilities
2005-03-08	libexif -- buffer overflow vulnerability
2005-03-05	phpbb -- Insuffient check against HTML code in usercp_register.php
2005-03-04	postnuke -- SQL injection vulnerabilities
2005-03-04	postnuke -- cross-site scripting (XSS) vulnerabilities
2005-03-04	realplayer -- remote heap overflow
2005-03-03	ImageMagick -- format string vulnerability
2005-03-01	uim -- privilege escalation vulnerability
2005-03-01	lighttpd -- script source disclosure vulnerability
2005-02-28	phpbb -- privilege elevation and path disclosure
2005-02-27	curl -- authentication buffer overflow vulnerability
2005-02-27	cyrus-imapd -- multiple buffer overflow vulnerabilities
2005-02-27	sup -- format string vulnerability
2005-02-26	mozilla -- insecure temporary directory vulnerability
2005-02-26	mozilla -- arbitrary code execution vulnerability
2005-02-24	mkbold-mkitalic -- format string vulnerability
2005-02-23	phpbb -- multiple information disclosure vulnerabilities
2005-02-22	unace -- multiple vulnerabilities
2005-02-20	putty -- pscp/psftp heap corruption vulnerabilities
2005-02-18	kdelibs -- insecure temporary file creation
2005-02-18	bidwatcher -- format string vulnerability
2005-02-18	gftp -- directory traversal vulnerability
2005-02-18	opera -- "data:" URI handler spoofing vulnerability
2005-02-18	opera -- kfmclient exec command execution vulnerability
2005-02-17	postgresql -- multiple buffer overflows in PL/PgSQL parser
2005-02-16	awstats -- arbitrary command execution
2005-02-14	powerdns -- DoS vulnerability
2005-02-14	emacs -- movemail format string vulnerability
2005-02-13	ngircd -- format string vulnerability
2005-02-13	ngircd -- buffer overflow vulnerability
2005-02-13	mod_python -- information leakage vulnerability
2005-02-12	mailman -- directory traversal vulnerability
2005-02-11	enscript -- multiple vulnerabilities
2005-02-08	postgresql -- privilege escalation vulnerability
2005-02-08	ethereal -- multiple protocol dissectors vulnerabilities
2005-02-08	squid -- correct handling of oversized HTTP reply headers
2005-02-03	python -- SimpleXMLRPCServer.py allows unrestricted traversal
2005-02-02	perl -- vulnerabilities in PERLIO_DEBUG handling
2005-02-01	newsgrab -- insecure file and directory creation
2005-02-01	newsgrab -- directory traversal vulnerability
2005-02-01	newspost -- server response buffer overflow vulnerability
2005-02-01	newsfetch -- server response buffer overflow vulnerability
2005-01-28	squid -- buffer overflow in WCCP recvfrom() call
2005-01-26	xpdf -- makeFileKey2() buffer overflow vulnerability
2005-01-25	zhcon -- unauthorized file access
2005-01-25	evolution -- arbitrary code execution vulnerability
2005-01-24	mod_dosevasive -- insecure temporary file creation
2005-01-24	squid -- possible cache-poisoning via malformed HTTP responses
2005-01-24	bugzilla -- cross-site scripting vulnerability
2005-01-24	web browsers -- window injection vulnerabilities
2005-01-24	opera -- multiple vulnerabilities in Java implementation
2005-01-23	yamt -- arbitrary command execution vulnerability
2005-01-22	squid -- HTTP response splitting cache pollution attack
2005-01-22	horde -- XSS vulnerabilities
2005-01-21	mc -- multiple vulnerabilities
2005-01-21	perl -- File::Path insecure file/directory permissions
2005-01-21	sudo -- environmental variable CDPATH is not cleared
2005-01-21	fcron -- multiple vulnerabilities
2005-01-21	realplayer -- arbitrary file deletion and other vulnerabilities
2005-01-21	imlib -- xpm heap buffer overflows and integer overflows
2005-01-21	egroupware -- arbitrary file download in JiNN
2005-01-21	quake2 -- multiple critical vulnerabilities
2005-01-19	konversation -- shell script command injection
2005-01-19	squid -- no sanity check of usernames in squid_ldap_auth
2005-01-18	cups-base -- CUPS server remote DoS vulnerability
2005-01-18	tiff -- divide-by-zero denial-of-service
2005-01-18	zgv -- exploitable heap overflows
2005-01-18	mozilla -- insecure permissions for some downloaded files
2005-01-18	awstats -- remote command execution vulnerability
2005-01-18	ImageMagick -- PSD handler heap overflow vulnerability
2005-01-17	cups-lpr -- lppasswd multiple vulnerabilities
2005-01-17	cups-base -- HPGL buffer overflow vulnerability
2005-01-16	mysql-scripts -- mysqlaccess insecure temporary file creation
2005-01-16	unrtf -- buffer overflow vulnerability
2005-01-13	mozilla -- heap overflow in NNTP handler
2005-01-13	mpg123 -- buffer overflow vulnerability
2005-01-12	squid -- denial of service with forged WCCP messages
2005-01-12	squid -- buffer overflow vulnerability in gopherToHTML
2005-01-12	libxine -- DVD subpicture decoder heap overflow
2005-01-12	libxine -- multiple vulnerabilities in VideoCD handling
2005-01-12	libxine -- multiple buffer overflows in RTSP
2005-01-11	hylafax -- unauthorized login vulnerability
2005-01-11	xshisen -- local buffer overflows
2005-01-10	helvis -- arbitrary file deletion problem
2005-01-10	helvis -- information leak vulnerabilities
2005-01-08	dillo -- format string vulnerability
2005-01-07	tnftp -- mget does not check for directory escapes
2005-01-06	tiff -- tiffdump integer overflow vulnerability
2005-01-06	tiff -- directory entry count integer overflow vulnerability
2005-01-06	vim -- vulnerabilities in modeline handling
2005-01-06	pcal -- buffer overflow vulnerabilities
2005-01-05	exim -- two buffer overflow vulnerabilities
2005-01-03	mpg123 -- playlist processing buffer overflow vulnerability
2005-01-03	greed -- insecure GRX file processing
2005-01-03	golddig -- local buffer overflow vulnerabilities
2005-01-02	up-imapproxy -- multiple vulnerabilities
2005-01-01	kdelibs3 -- konqueror FTP command injection vulnerability
2004-12-30	a2ps -- insecure temporary file creation
2004-12-29	libxine -- buffer-overflow vulnerability in aiff support
2004-12-26	jabberd -- denial-of-service vulnerability
2004-12-23	squid -- confusing results on empty acl declarations
2004-12-23	ethereal -- multiple vulnerabilities
2004-12-23	xpdf -- buffer overflow vulnerability
2004-12-22	phpbb -- arbitrary command execution and other vulnerabilities
2004-12-21	acroread5 -- mailListIsPdf() buffer overflow vulnerability
2004-12-21	ecartis -- unauthorised access to admin interface
2004-12-21	mplayer -- multiple vulnerabilities
2004-12-21	krb5 -- heap buffer overflow vulnerability in libkadm5srv
2004-12-21	samba -- integer overflow vulnerability
2004-12-17	php -- multiple vulnerabilities
2004-12-16	mysql -- GRANT access restriction problem
2004-12-16	mysql -- ALTER MERGE denial of service vulnerability
2004-12-16	mysql -- FTS request denial of service vulnerability
2004-12-16	mysql -- mysql_real_connect buffer overflow vulnerability
2004-12-16	mysql -- erroneous access restrictions applied to table renames
2004-12-15	phpmyadmin -- command execution vulnerability
2004-12-15	phpmyadmin -- file disclosure vulnerability
2004-12-14	wget -- multiple vulnerabilities
2004-12-12	konqueror -- Password Disclosure for SMB Shares
2004-12-11	mod_access_referer -- null pointer dereference vulnerability
2004-12-09	squid -- possible information disclosure
2004-12-08	viewcvs -- information leakage
2004-12-07	cscope -- symlink attack vulnerability
2004-12-04	bnc -- remotely exploitable buffer overflow in getnickuserhost
2004-12-02	rssh & scponly -- arbitrary command execution
2004-12-02	rockdodger -- buffer overflows
2004-12-01	zip -- long path buffer overflow
2004-12-01	sudoscript -- signal delivery vulnerability
2004-11-30	jabberd -- remote buffer overflow vulnerability
2004-11-27	Open DC Hub -- remote buffer overflow vulnerability
2004-11-26	unarj -- long filename buffer overflow
2004-11-26	unarj -- directory traversal vulnerability
2004-11-25	jdk/jre -- Security Vulnerability With Java Plugin
2004-11-25	ProZilla -- server response buffer overflow vulnerabilities
2004-11-22	Cyrus IMAPd -- APPEND command uses undefined programming construct
2004-11-22	Cyrus IMAPd -- FETCH command out of bounds memory corruption
2004-11-22	Cyrus IMAPd -- PARTIAL command out of bounds memory corruption
2004-11-22	Cyrus IMAPd -- IMAPMAGICPLUS preauthentification overflow
2004-11-20	phpMyAdmin -- cross-site scripting vulnerabilities
2004-11-18	Overflow error in fetch
2004-11-17	smbd -- buffer-overrun vulnerability
2004-11-15	twiki -- arbitrary shell command execution
2004-11-15	proxytunnel -- format string vulnerability
2004-11-13	sudo -- privilege escalation with bash scripts
2004-11-13	ruby -- CGI DoS
2004-11-12	samba -- potential remote DoS vulnerability
2004-11-12	gnats -- format string vulnerability
2004-11-12	squirrelmail -- cross site scripting vulnerability
2004-11-11	hafiye -- lack of terminal escape sequence filtering
2004-11-11	ez-ipupdate -- format string vulnerability
2004-11-11	ImageMagick -- EXIF parser buffer overflow
2004-11-10	apache2 multiple space header denial-of-service vulnerability
2004-11-10	socat -- format string vulnerability
2004-11-09	libxml -- remote buffer overflows
2004-11-08	p5-Archive-Zip -- virus detection evasion
2004-11-06	apache mod_include buffer overflow vulnerability
2004-11-06	postgresql-contrib -- insecure temporary file creation
2004-11-05	gd -- integer overflow
2004-11-04	putty -- buffer overflow vulnerability in ssh2 support
2004-11-03	wzdftpd -- remote DoS
2004-10-27	horde -- cross-site scripting vulnerability in help window
2004-10-26	bogofilter -- RFC 2047 decoder denial-of-service vulnerability
2004-10-25	rssh -- format string vulnerability
2004-10-25	xpdf -- integer overflow vulnerabilities
2004-10-25	gaim -- MSN denial-of-service vulnerabilities
2004-10-25	gaim -- Content-Length header denial-of-service vulnerability
2004-10-25	gaim -- multiple buffer overflows
2004-10-25	gaim -- heap overflow exploitable by malicious GroupWise server
2004-10-25	gaim -- malicious smiley themes
2004-10-25	gaim -- buffer overflow in MSN protocol support
2004-10-23	mod_ssl -- SSLCipherSuite bypass
2004-10-23	mpg123 -- buffer overflow in URL handling
2004-10-21	apache2 -- SSL remote DoS
2004-10-20	phpmyadmin -- remote command execution vulnerability
2004-10-20	cabextract -- insecure directory handling
2004-10-20	a2ps -- insecure command line argument handling
2004-10-19	ifmail -- unsafe set-user-ID application
2004-10-19	imwheel -- insecure handling of PID file
2004-10-18	squid -- NTLM authentication denial-of-service vulnerability
2004-10-17	cacti -- SQL injection
2004-10-17	apache13-modssl -- format string vulnerability in proxy support
2004-10-15	tor -- remote DoS and loss of anonymity
2004-10-13	icecast -- Cross-Site Scripting Vulnerability
2004-10-13	icecast -- HTTP header overflow
2004-10-13	freeradius -- denial-of-service vulnerability
2004-10-13	xerces-c2 -- Attribute blowup denial-of-service
2004-10-13	wordpress -- XSS in administration panel
2004-10-13	tiff -- multiple integer overflows
2004-10-13	CUPS -- local information disclosure
2004-10-13	tiff -- RLE decoder heap overflows
2004-10-13	sharutils -- buffer overflows
2004-10-12	zinf -- potential buffer overflow playlist support
2004-10-12	mail-notification -- denial-of-service vulnerability
2004-10-12	squid -- SNMP module denial-of-service vulnerability
2004-10-12	cyrus-sasl -- potential buffer overflow in DIGEST-MD5 plugin
2004-10-08	cyrus-sasl -- dynamic library loading and set-user-ID applications
2004-10-05	imp3 -- XSS hole in the HTML viewer
2004-10-05	bmon -- unsafe set-user-ID application
2004-10-05	gnutls -- certificate chain verification DoS
2004-10-05	php -- php_variables memory disclosure
2004-10-05	xv -- exploitable buffer overflows
2004-10-04	getmail -- symlink vulnerability during maildir delivery
2004-10-04	Boundary checking errors in syscons
2004-10-03	racoon -- improper certificate handling
2004-10-03	distcc -- incorrect parsing of IP access control rules
2004-09-30	mozilla -- scripting vulnerabilities
2004-09-30	mozilla -- users may be lured into bypassing security dialogs
2004-09-30	mozilla -- hostname spoofing bug
2004-09-30	samba -- remote file disclosure
2004-09-28	mozilla -- BMP decoder vulnerabilities
2004-09-28	mozilla -- vCard stack buffer overflow
2004-09-28	mozilla -- multiple heap buffer overflows
2004-09-27	php -- strip_tags cross-site scripting vulnerability
2004-09-27	php -- memory_limit related vulnerability
2004-09-26	subversion -- WebDAV fails to protect metadata
2004-09-23	lha -- numerous vulnerabilities when extracting archives
2004-09-23	mysql -- heap buffer overflow with prepared statements
2004-09-22	mozilla -- security icon spoofing
2004-09-22	mozilla -- NULL bytes in FTP URLs
2004-09-22	mozilla -- automated file upload
2004-09-22	mozilla -- built-in CA certificates may be overridden
2004-09-21	rssh -- file name disclosure bug
2004-09-20	gnu-radius -- SNMP-related denial-of-service
2004-09-20	sudo -- sudoedit information disclosure
2004-09-20	Cyrus IMSPd multiple vulnerabilities
2004-09-19	apache -- heap overflow in mod_proxy
2004-09-15	php -- vulnerability in RFC 1867 file upload processing
2004-09-15	gdk-pixbuf -- image decoding vulnerabilities
2004-09-15	xpm -- image decoding vulnerabilities
2004-09-15	cups -- print queue browser denial-of-service
2004-09-15	apache -- apr_uri_parse IPv6 address handling vulnerability
2004-09-15	mod_dav -- lock related denial-of-service
2004-09-15	apache -- ap_resolve_env buffer overflow
2004-09-14	webmin -- insecure temporary file creation at installation time
2004-09-14	samba3 DoS attack
2004-09-14	mozilla -- POP client heap overflow
2004-09-14	mozilla -- SOAPParameter integer overflow
2004-09-14	openoffice -- document disclosure
2004-09-14	mpg123 buffer overflow
2004-09-03	vpopmail multiple vulnerabilities
2004-09-03	multiple vulnerabilities in LHA
2004-08-31	ImageMagick -- BMP decoder buffer overflow
2004-08-31	imlib -- BMP decoder heap buffer overflow
2004-08-31	krb5 -- double-free vulnerabilities
2004-08-31	krb5 -- ASN.1 decoder denial-of-service vulnerability
2004-08-31	imlib2 -- BMP decoder buffer overflow
2004-08-30	cdrtools local privilege escalation
2004-08-27	nss -- exploitable buffer overflow in SSLv2 protocol handler
2004-08-27	ripMIME -- decoding bug allowing content filter bypass
2004-08-26	moinmoin -- ACL group bypass
2004-08-26	rsync -- path sanitizing vulnerability
2004-08-26	gnomevfs -- unsafe URI handling
2004-08-26	SoX buffer overflows when handling .WAV files
2004-08-26	kdelibs -- konqueror cross-domain cookie injection
2004-08-23	SpamAssassin -- denial-of-service in tokenize_headers
2004-08-22	fidogate -- write files as `news' user
2004-08-22	qt -- image loader vulnerabilities
2004-08-22	courier-imap -- format string vulnerability in debug mode
2004-08-22	mysql -- mysqlhotcopy insecure temporary file creation
2004-08-20	Qt 3.x BMP heap-based overflow, GIF and XPM DoS NULL pointer dereference
2004-08-17	cvs -- numerous vulnerabilities
2004-08-17	tnftpd -- remotely exploitable vulnerability
2004-08-17	multiple vulnerabilities in the cvs server code
2004-08-16	Ruby insecure file permissions in the CGI session management
2004-08-16	ruby CGI::Session insecure file creation
2004-08-13	Arbitrary code execution via a format string vulnerability in jftpgw
2004-08-13	CVStrac remote code execution vulnerability
2004-08-13	jftpgw remote syslog format string vulnerability
2004-08-12	Mutiple browser frame injection vulnerability
2004-08-12	kdelibs insecure temporary file handling
2004-08-12	gaim remotely exploitable vulnerabilities in MSN component
2004-08-12	acroread uudecoder input validation error
2004-08-12	popfile file disclosure
2004-08-12	KDElibs temporary directory vulnerability
2004-08-12	DCOPServer Temporary Filename Vulnerability
2004-08-12	gaim remotely exploitable vulnerabilities in MSN component
2004-08-11	Konqueror frame injection vulnerability
2004-08-10	SpamAssassin DoS vulnerability
2004-08-04	libpng stack-based buffer overflow and other code concerns
2004-08-04	ImageMagick png vulnerability fix
2004-08-04	Acrobat Reader handling of malformed uuencoded pdf files
2004-08-04	libpng stack-based buffer overflow and other code concerns
2004-08-04	ImageMagick png and bmp vulnerabilities
2004-07-30	Mozilla / Firefox user interface spoofing vulnerability
2004-07-30	Mozilla certificate spoofing
2004-07-30	Mozilla / Firefox user interface spoofing vulnerability
2004-07-30	Mozilla certificate spoofing
2004-07-21	Multiple Potential Buffer Overruns in Samba
2004-07-15	PHP memory_limit and strip_tags() vulnerabilities
2004-07-11	multiple vulnerabilities in ethereal
2004-07-11	multiple vulnerabilities in ethereal
2004-07-11	multiple vulnerabilities in ethereal
2004-07-11	multiple vulnerabilities in ethereal
2004-07-05	MySQL authentication bypass / buffer overflow
2004-07-05	Format string vulnerability in SSLtelnet
2004-07-05	"Content-Type" XSS vulnerability affecting other webmail systems
2004-07-05	MySQL authentication bypass / buffer overflow
2004-07-03	Pavuk HTTP Location header overflow
2004-07-03	Several vulnerabilities found in PHPNuke
2004-07-02	Remote code injection in phpMyAdmin
2004-07-02	GNATS local privilege elevation
2004-06-30	Linux binary compatibility mode input validation error
2004-06-30	SSLtelnet remote format string vulnerability
2004-06-28	XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0
2004-06-28	MoinMoin administrative group name privilege escalation vulnerability
2004-06-25	isc-dhcp3-server buffer overflow in logging mechanism
2004-06-25	Remote Denial of Service of HTTP server and client
2004-06-25	isc-dhcp3-server buffer overflow in logging mechanism
2004-06-24	Gallery 1.4.3 and ealier user authentication bypass
2004-06-09	Buffer overflow in Squid NTLM authentication helper
2004-06-07	jailed processes can manipulate host routing tables
2004-05-26	buffer cache invalidation implementation issues
2004-05-21	leafnode denial-of-service triggered by article request
2004-05-21	leafnode fetchnews denial-of-service triggered by missing header
2004-05-21	leafnode fetchnews denial-of-service triggered by truncated transmission
2004-05-19	neon date parsing vulnerability
2004-05-19	subversion date parsing vulnerability
2004-05-19	cvs pserver remote heap buffer overflow
2004-05-18	URI handler vulnerabilities in several browsers
2004-05-12	Cyrus IMAP pre-authentication heap overflow vulnerability
2004-05-06	exim buffer overflow when verify = header_syntax is used
2004-05-06	phpBB session table exhaustion
2004-05-05	heimdal kadmind remote heap buffer overflow
2004-05-02	libpng denial-of-service
2004-05-02	Midnight Commander buffer overflows, format string bugs, and insecure temporary file handling
2004-05-02	proftpd IP address access control list breakage
2004-05-02	lha buffer overflows and path traversal issues
2004-05-02	rsync path traversal issue
2004-05-02	xine-lib arbitrary file overwrite
2004-05-02	pound remotely exploitable vulnerability
2004-05-02	libpng denial-of-service
2004-04-23	xchat remotely exploitable buffer overflow (Socks5)
2004-04-23	phpBB IP address spoofing
2004-04-23	TCP denial-of-service attacks against long lived connections
2004-04-23	ident2 double byte buffer overflow
2004-04-16	MySQL insecure temporary file creation (mysqlbug)
2004-04-15	neon format string vulnerabilities
2004-04-15	kdepim exploitable buffer overflow in VCF reader
2004-04-14	CVS path validation errors
2004-04-14	racoon remote denial of service vulnerability (ISAKMP header length field)
2004-04-07	mksnap_ffs clears file system options
2004-04-07	shmat reference counting bug
2004-04-07	jailed processes can attach to other jails
2004-04-07	many out-of-sequence TCP packets denial-of-service
2004-04-07	racoon remote denial of service vulnerability (IKE Generic Payload Header)
2004-04-07	racoon fails to verify signature during Phase 1
2004-04-03	Midnight Commander buffer overflow during symlink resolution
2004-04-02	Incorrect cross-realm trust handling in Heimdal
2004-03-31	isakmpd payload handling denial-of-service vulnerabilities
2004-03-31	Courier mail services: remotely exploitable buffer overflows
2004-03-31	mplayer heap overflow in http requests
2004-03-31	tcpdump ISAKMP payload handling remote denial-of-service
2004-03-30	MPlayer remotely exploitable buffer overflow in the ASX parser
2004-03-30	MPlayer remotely exploitable buffer overflow in the HTTP parser
2004-03-29	ecartis buffer overflows and input validation bugs
2004-03-29	setsockopt(2) IPv6 sockets input validation error
2004-03-29	zebra/quagga denial of service vulnerability
2004-03-28	oftpd denial-of-service vulnerability (PORT command)
2004-03-28	Buffer overflows and format string bugs in Emil
2004-03-28	Critical SQL injection in phpBB
2004-03-26	multiple vulnerabilities in ethereal
2004-03-26	insecure temporary file creation in xine-check, xine-bugreport
2004-03-26	squid ACL bypass due to URL decoding bug
2004-03-26	multiple vulnerabilities in phpBB
2004-03-26	ezbounce remote format string vulnerability
2004-03-25	racoon security association deletion vulnerability
2004-03-18	uudeview buffer overflows
2004-03-17	ModSecurity for Apache 2.x remote off-by-one overflow
2004-03-17	OpenSSL ChangeCipherSpec denial-of-service vulnerability
2004-03-08	Apache 2 mod_ssl denial-of-service
2004-03-08	wu-ftpd ftpaccess `restricted-uid'/`restricted-gid' directive may be bypassed
2004-03-08	Apache 1.3 IP address access control failure on some 64-bit platforms
2004-03-07	mpg123 vulnerabilities
2004-03-06	GNU Anubis buffer overflows and format string vulnerabilities
2004-03-05	multiple buffer overflows in xboing
2004-03-03	mod_python denial-of-service vulnerability in parse_qs
2004-02-25	fetchmail -- denial-of-service vulnerability
2004-02-25	mailman denial-of-service vulnerability in MailCommandHandler
2004-02-25	mailman XSS in admin script
2004-02-25	mailman XSS in create script
2004-02-25	mailman XSS in user options page
2004-02-25	SQL injection vulnerability in phpnuke
2004-02-25	lbreakout2 vulnerability in environment variable handling
2004-02-25	hsftp format string vulnerabilities
2004-02-25	Darwin Streaming Server denial-of-service vulnerability
2004-02-25	libxml2 stack buffer overflow in URI parsing
2004-02-22	Vulnerabilities in H.323 implementations
2004-02-22	file disclosure in phpMyAdmin
2004-02-18	metamail format string bugs and buffer overflows
2004-02-15	mnGoSearch buffer overflow in UdmDocToTextBuf()
2004-02-13	GNU libtool insecure temporary file handling
2004-02-12	clamav remote denial-of-service
2004-02-12	Several remotely exploitable buffer overflows in gaim
2004-02-12	Buffer overflows in XFree86 servers
2004-02-12	seti@home remotely exploitable buffer overflow
2004-02-12	icecast 1.x multiple vulnerabilities
2004-02-12	nap allows arbitrary file access
2004-02-12	CCE contains exploitable buffer overflows
2004-02-12	ChiTeX/ChiLaTeX unsafe set-user-id root
2004-02-12	pine remotely exploitable buffer overflow in newmail.c
2004-02-12	pine insecure URL handling
2004-02-12	pine remote denial-of-service attack
2004-02-12	pine remotely exploitable vulnerabilities
2004-02-12	rsync buffer overflow in server mode
2004-02-12	Samba 3.0.x password initialization bug
2004-02-12	Buffer overflow in Mutt 1.4
2004-02-10	Apache-SSL optional client certificate vulnerability
2004-01-19	fsp buffer overflow and directory traversal vulnerabilities
2004-01-19	L2TP, ISAKMP, and RADIUS parsing vulnerabilities in tcpdump
2004-01-08	Buffer overflow in INN control message handling
2004-01-05	ProFTPD ASCII translation bug resulting in remote root compromise
2003-12-12	bind8 negative cache poison attack
2003-12-12	ElGamal sign+encrypt keys created by GnuPG can be compromised
2003-12-12	Mathopd buffer overflow
2003-12-12	lftp HTML parsing vulnerability
2003-12-12	qpopper format string vulnerability
2003-10-25	fetchmail -- address parsing vulnerability
2003-10-25	Buffer overflow in pam_smb password handling
2003-10-25	Buffer overflows in libmcrypt
2000-00-00	Mozilla / NSS S/MIME DoS vulnerability
2000-00-00	DBMail: remote exploitable buffer overflow
2000-00-00	phpGroupWare stores passwords in plain text
2000-00-00	Dropbear DSS verification vulnerability
2000-00-00	ISC DHCPD minires library contains multiple buffer overflows
2000-00-00	a2ps: Possible execution of shell commands as local user
2000-00-00	pavuk digest auth buffer overflow
2000-00-00	Sqwebmail XSS vulnerability
2000-00-00	Sympa unauthorized list creation
2000-00-00	GnuTLS certificate chain verification DoS
2000-00-00	phpMyAdmin configuration manipulation and code injection
2000-00-00	xine-lib RTSP handling vulnerabilities
2000-00-00	Possible information leak in multi-gnome-terminal
2000-00-00	Pure-FTPd DoS when maximum number of connections is reached
2000-00-00	super format string vulnerability
2000-00-00	Horde: two XSS vulnerabilities can be exposed by making an authenticated user click on a specially crafted URL and allows to execute JavaScript code in the context of Horde.
2000-00-00	Multiple integer overflow and integer arithmetic flaws in imported xpdf code
2000-00-00	Vulnerability in star versions that support ssh for remote tape access
2000-00-00	XSS hole in the HTML viewer - This vulnerability only exists when using the Internet Explorer to access IMP and only when using the inline MIME viewer for HTML messages.
2000-00-00	multiple vulnerabilities in Bugzilla
2000-00-00	XSS hole in the HTML viewer - The script vulnerabilities can only be exposed with certain browsers and allow XSS attacks when viewing HTML messages with the HTML MIME viewer.
2000-00-00	multiple vulnerabilities in gaim
2000-00-00	Opera "location" object write access vulnerability
2000-00-00	Buffer overflow in word-list-compress
2000-00-00	subversion: remote exploitable buffer overflow in 'svn://' parser
2000-00-00	rssh file existence information disclosure weakness
2000-00-00	SquirrelMail XSS vulnerability
2000-00-00	Nessus "adduser" race condition vulnerability
2000-00-00	mod_authz_svn access control bypass
2000-00-00	chora: hole in the diff code that allowed malicious input
2000-00-00	cfengine authentication heap corruption
2000-00-00	phpGedView: muliple vulnerabilities
2000-00-00	MIT Kerberos 5 krb5_aname_to_localname() buffer overflow
2000-00-00	Roundup remote file disclosure vulnerability
2000-00-00	ircd-hybrid-7 low-bandwidth DoS
2000-00-00	phpGroupWare calendar and infolog SQL injection, calendar server side script execution
2000-00-00	libpng row buffer overflow
2000-00-00	Gallery arbitrary PHP file upload
2000-00-00	Icecast remote DoS vulnerability
2000-00-00	Apache input header folding DoS vulnerability
2000-00-00	CMU SUP logging format string vulnerabilities
2000-00-00	mailman allows 3rd parties to retrieve member passwords
2000-00-00	mod_proxy buffer overflow (CAN-2004-0492)
2000-00-00	phpBB cross site scripting vulnerabilities
2000-00-00	Racoon may validate invalid certificates
2000-00-00	mpg123 layer 2 decoder buffer overflow
2000-00-00	samba printer change notification request DoS
2000-00-00	multiple buffer overflows in xv
2000-00-00	LCDProc buffer overflow/format string vulnerabilities
2000-00-00	BNBT Authorization Header DoS
2000-00-00	isakmpd security association deletion vulnerability
2000-00-00	rlpr "msg()" buffer overflow and format string vulnerabilities
2000-00-00	ISC "dhcrelay" fails to limit hop count when malicious bootp packet is received
2000-00-00	modified server can execute commands on the client
2000-00-00	zlib DoS vulnerability
2000-00-00	Squid NTLM authentication helper DoS
2000-00-00	l2tpd BSS-based buffer overflow
2000-00-00	mod_ssl stack-based buffer overflow
2000-00-00	Multiple integer overflow and integer arithmetic flaws in imported xpdf code
2000-00-00	Multiple vulnerabilities in Webmin
2000-00-00	imp: XSS hole exploited via the Content-type header of malicious emails
2000-00-00	potential security flaws in mod_ssl
2000-00-00	wv library datetime field buffer overflow
2000-00-00	Scorched 3D server chat box format string vulnerability
2000-00-00	Usermin remote shell command injection and insecure installation vulnerability
2000-00-00	XSS vulnerability in phpGroupWare wiki module
2000-00-00	DansGuardian banned extension filter bypass vulnerability
2000-00-00	mod_ssl format string vulnerability
2000-00-00	smtpproxy: remotely exploitable format string vulnerability

[Sorted by package name]

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Team. Refer to "FreeBSD Security Information" for more information.

Oliver Eikemeier <eik@FreeBSD.org>