Contents
.Home
.News
.About
.Contacts
.Mirror sites
.Security tools
.Mailing lists
.Documents
.Exploits
.Links
Search
Exploits, bugs and info

Browse by Operating System

Older bugs AIX *BSD* Digital HPUX IRIX
Linux Most UNIXes Win NT Other Systems SCO SunOS & Solaris

mirrored from Security Bugware
What's new

Macromedia Flash Ads clickTAG - Other - Macromedia Flash ad user tracking field xss and session retrieval (Apr 16)
Instaboard - Other - Instaboard SQL injection (Apr 16)
FipsGuestbook - Other - FipsGuestbook script injection (Apr 16)
Progress Database - Other - Progress Database unchecked buffer in BINPATHX leads to overflow (Apr 16)
win2k.sys - NT - Windows 2003 win2k.sys vulnerability (Apr 16)
Netgear - Other - Netgear routers logging vulnerability (Apr 16)
Ez Publish - Other - Ez publish info & path disclosure and XSS (Apr 16)
eog - Other - Eye of GNOME (EOG) arbitrary code execution (Apr 16)
snort - Other - Snort TCP Stream Reassembly Integer Overflow Vulnerability (Apr 16)
NB 1300 modem/router - Other - NB 1300 modem/router password remotely accessible (Apr 16)
ps2epsi - Other - ps2epsi insecure temporary file creation (Apr 16)
gtkHTML - Other - gtkHTML misshandling of malformed messages (Apr 16)
ActivCard - Other - ActivCard password cache memory leakage (Apr 16)
SheerDNS - Other - SheerDNS Buffer Overflow and Directory Traversal (Apr 16)
lprng - mUNIXes - lprng insecure temporary file creation (Apr 16)
veritas backupExec - NT - Veritas BackupExec 9.0 is vulnerable to Slammer worm (Apr 16)
kernel - Linux - Linux local root exploit via ptrace (Mar 17)
DirectoryService - MacOS - DirectoryService privilege escalation and DoS attack (Apr 14)
Gaim-Encryption Plugin - Other - Gaim-Encryption Plugin heap corruption (Apr 14)
FileMaker Pro - Other - FileMaker Pro remote password retrieval (Apr 14)
Ocean12 Guestbook - Other - Ocean12 ASP Guestbook script injection (Apr 14)
Linsys BEFVP41 - Other - Linsys BEFVP41 VPN router information leakage (Apr 14)
MailMax - Other - MailMax Buffer Overflow (potential DoS) (Apr 14)
Progress Database - Other - Progress Database poor bounds checking (local root compromise) (Apr 14)
Oracle - Other - Oracle E-Business Suite FNDFS remotely file retrieval (Apr 14)
xfsdump - mUNIXes - xfsdump insecure file creation (Apr 14)
Apache - Other - Apache HTTP Server Denial of Service (Apr 9)
xfsdump - IRIX - xfsdump insecure file creation (Apr 11)
Microsoft VM - NT - Microsoft Virtual Machine Bytecode Verifier Vulnerability (Apr 11)
KDE - Linux - KDE arbitrary code execution using ghostscript (Apr 11)
phPay - Other - phPay XSS, path disclosure, phpinfo() (Apr 10)
ISC guestbook - Other - ISC guestbook script injection vulnerability (Apr 10)
Hyperion FTP Server - NT - Hyperion FTP Server Buffer Overflow (DoS & remote access) (Apr 10)
seti@home - Other - seti@home client & server Information leakage and remotely exploitable buffer overflow (Apr 10)
Microsoft Proxy Server / Internet Security and Acceleration Server - NT - Microsoft Proxy Server and Internet Security and Acceleration Server DoS (Apr 10)
heimdal - mUNIXes - heimdal Cryptographic weakness (Apr 10)
Portable Executable (PE) File Format For Win32 - NT - Portable Executable (PE) File Format For Win32 analysis and vulnerabilities (Apr 10)
PoPToP PPTP server - mUNIXes - PoPToP PPTP server remote buffer overflow (Apr 10)
samba - mUNIXes - Samba remote buffer overflow (Apr 7)
AMaViS-ng - mUNIXes - AMaViS-ng possible open relay and mail loss (Apr 9)
Orplex - Other - Orplex guestbook script injection (Apr 9)
mIRC - NT - mIRC dcc filename spoofing (Apr 9)
Opera - Other - Opera Buffer Overflow (Apr 9)
mgetty - Linux - mgetty buffer overflow and permissions problem (Apr 9)
JpegX - Other - JpegX password bypass (Apr 8)
Vignette Story Server - Other - Vignette Story Server sensitive informations leakage (Apr 8)
Coppermine Photo Gallery - Other - Coppermine Photo Gallery remote command execution (Apr 8)
metrics - mUNIXes - metrics insecure temporary file creation (Apr 8)
Lotus Notes - Other - Java Agent freezes Lotus Notes and Domino 6.0.1 (Apr 7)
Usbview - Linux - Usbview exploit (Apr 6)
D-Link Modem/Router - Other - D-Link Broadband Modem/Router (Apr 6)
RealPlayer - Other - RealPlayer PNG deflate heap corruption vulnerability (Apr 6)
QuickTime - NT - Buffer Overflow in Windows QuickTime Player (Apr 6)
IkonBoard - Other - IkonBoard arbitrary command execution (Apr 6)
Netgear FM114P - Other - Netgear FM114P ProSafe Wireless Router upnp hole (Apr 6)
OsCommerce - Other - OsCommerce CVS Security Analysis (Apr 6)
openssl - Other - openssl timming attack to obtain plaintext of SSL/TLS communication (Feb 20)
OpenSSL - Other - OpenSSL and other crypto library timming attack vulenrability (Mar 15)
Sambar - Other - Sambar Server buffer overflow and sample cgi / script vulnerabilities (Apr 6)
kernel - NT - Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability (Apr 6)
passlogd - Other - passlogd sniffer remote buffer overflow root exploit (Apr 6)
kernel - mUNIXes - Syscall implementation could lead to whether or not a file exists (Apr 6)
EZ Server - Other - Remote Denial of Service Vulnerability in EZ Server (Apr 6)
XMB Forum - Other - XMB Forum XSS (Apr 6)
Sendmail - Other - Sendmail remote heap overflow in address parser code (Apr 6)
Ceilidh - Other - Cross Site Scripting vulnerability in Ceilidh testcgi.exe (Apr 6)
Browsers - Other - Java and Javascript script executions and DoS in Netscape and Opera (Apr 6)
Verity - Other - XSS Bug In Verity Information Server (Apr 6)
- none - - Other - SBW team takes some time off - news will get updated, but on a slower rate - (Mar 29)
JWALK - NT - JWALK application server Directory Traversal Vulnerability (Mar 26)
Emule - NT - Emule 0.27b remote crash (Mar 26)
Axis - Other - Axis Video and Camera Servers system log & file access/overwrite via HTTP/CGI (Mar 26)
Symantec - NT - Symantec Enterprise Firewall (SEF) HTTP URL pattern evasion issue (Mar 26)
Adobe Acrobat - Other - Digital signature for Adobe Acrobat/Reader plug-in can be forged (Mar 26)
PHP - Other - PHP Integer overflow in socket_iovec_alloc() function and memory allocator (Mar 26)
MAILsweeper - NT - MAILsweeper MIME attachment evasion (Mar 9)
kernel - NT - IIS remote buffer overflow due to WebDAV/ntdll.dll (Mar 18)
PHP-Arena - Other - PHP-Arena XSS (Mar 26)
Verity - Other - Verity Information Server XSS (Mar 26)
3com - Other - 3com Remote vulnerabilities (Mar 24)
PHP Arena - Other - paFileDB SQL Injection Vulnerability (Mar 24)
Check Point - mUNIXes - Check Point DoS attack against syslog daemon (Mar 22)
ActiveSync - NT - ActiveSync DoS (Mar 22)
PHP-Nuke - Other - PHP-Nuke SQL Injection (Mar 22)
kernel - NT - NT Service Killer (Mar 22)
PostNuke - Other - PostNuke path disclosure (Mar 21)
apcupsd - Linux - apcupsd local buffer overflow (Mar 21)
mutt - Linux - mutt buffer overflow in IMAP client (Mar 20)
dtprintinfo - SCO - dtprintinfo buffer overflow in various Unix systems (Sep 26)
snort - Other - snort bypass using fragroute (Sep 26)
Netscape - Other - Netscape & Mozilla multiple remote vulns (file access, buffer overflow ...) (Sep 26)
ISA - NT - ISA Server DNS Intrusion DoS (Mar 20)
osCommerce - Other - osCommerce multiple XSS vulnerabilities (Mar 20)
Internet Explorer - NT - IE allows universal Cross Site Scripting (Sep 26)
Script - NT - Windows Script Engine Heap Overflow (Mar 20)
Evolution - Linux - Ximian 's Evolution Multiple vulnerabilities (Mar 20)
XOOPS - Other - XOOPS path disclosure (Mar 20)
XDR/RPC - mUNIXes - XDR Integer Overflow (Mar 20)
php - Other - Various Content Managing Systems XSS (Mar 19)
McAfee ePolicy - NT - McAfee ePolicy Orchestrator Format String Vulnerability (Mar 17)
Java - Other - JDK Denial-Of-Service holes (Mar 16)
samba - mUNIXes - samba remote buffer overflow (Mar 16)
kernel - NT - Windows explorer DoS with cross-referenced shortcuts (link(a) <-> link(b)) (Mar 16)
ircII - Linux - ircII-based clients buffer overflows (Mar 15)
DeleGate - Other - DeleGate Pointer Array Overflow May Let Remote Users Execute Arbitrary Code (Mar 14)
iPlanet - NT - Sun ONE (iPlanet) Application Server Connector Module Overflow (Mar 14)
Lotus Notes - Other - Lotus Notes/Domino R6-beta PROTOS LDAP Denial of Service Regression (Mar 14)
Lotus Notes - Other - Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow (Mar 14)
Lotus Notes - Other - Lotus Notes Protocol Authentication Buffer Overflow (Mar 14)
pgp4pine - Linux - pgp4pine stack overflow vulnerability (Mar 12)
PHP-Nuke - Other - PHP-Nuke Serious SQL Injection Security Holes (Mar 6)
Internet Explorer - NT - .MHT Buffer Overflow in Internet Explorer (Mar 12)
MySQL - Other - MySQL configuration injection makes it runs as root (Mar 12)
sudo - mUNIXes - sudo heap overflow exploit via expand_prompt() function (Nov 25)
VPOPMail - mUNIXes - VPOPMail Account Administration (squirrel mail) arbitrary remote command execution (Mar 12)
man - mUNIXes - man arbitrary code execution (Mar 12)
PostgreSQL - Other - PostgreSQL Remote DoS condition (Mar 12)
Opera - Other - Opera long filename download buffer overflow (Mar 12)
802.11b - Other - 802.11b Denial of Service (Mar 12)
SOHO Routefinder 550 VPN - Other - SOHO Routefinder 550 VPN Denial of Service and Buffer Overflow (Mar 12)
qpopper - mUNIXes - Qpopper buffer overflow (Mar 12)
securitybugware - Other - SecurityBugware software news : PacketExcalibur, LibnetGUI (By Louis Botterill) (Mar 11)
lprm - BSD - lprm local exploit (Mar 8)
xscreensaver - Linux - xscreensaver local buffer overflow via XLOCALEDIR var (Mar 8)
DNS - Other - DNS and global Internet security (Mar 7)
file - mUNIXes - file local buffer overflow (Mar 4)
PHP Ping - Other - PHP Ping Remote Command Execution (Mar 6)
ShopFactory - Other - ShopFactory shopping cart price manipulation (Dec 3)
DNS - Other - Log corruption via specially crafted reverse DNS data (Mar 4)
ftp - SCO - ftp client remote command injection with pipe symbols in filenames (Mar 4)
PY-Livredor - Other - PY-Livredor Cross Site Scripting & Script Injection Vulnerability (Mar 4)
Adobe - Other - Implementation flaws in Adobe Document Server for Reader Extensions (Mar 4)
Pastel accounting - NT - Pastel accounting potential user compromise (Mar 4)
Snort - Other - Buffer overflow in Snort RPC preprocessor (Mar 4)
sendmail - Other - sendmail remote buffer overflow with mail header parsing code bug (Mar 4)
Jetdirect - Other - HP Jetdirect SNMP password vulnerability when using Web JetAdmin (Mar 4)
CoffeeCup - Other - CoffeeCup users password and config remotely accessible (Mar 2)
PHP-Nuke - Other - PHP-Nuke allows remote copy of arbitrary files (Jan 21)
Internet Explorer - NT - IE Self-Executing HTML (Feb 26)
Typo3 - Linux - Typo3 remote file disclosure, command execution ... (Mar 1)
QuickTime - MacOS - QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities (Feb 25)
netscape - mUNIXes - netscape (Nov 10)
Axis Webcam - Other - Axis Webcam remote DoS via web server (Feb 28)
ISMAIL - NT - ISMAIL remote buffer overrun (Feb 28)
ml85p - Linux - ml85p local root exploit (Feb 28)
Ecartis - Linux - Ecartis Password Reseting Vulnerability (Feb 28)
Kernel - NT - MS-Windows ME IE/Outlook/HelpCenter remote script execution (Feb 28)
AMX-Mod - Other - Half-Life AMX-Mod remote (root) hole (Feb 27)
Netscape - Other - Netscape crashes by a simple stylesheet... (Feb 25)
lynx - Linux - lynx CRLF injection vulnerability (Feb 25)
terminal - mUNIXes - Hacking terminal emulators (Feb 25)
zlib - Other - zlib buffer overrun in gzprintf() (Feb 24)
Mambo - Other - Mambo SiteServer exploit gains administrative privileges (Feb 25)
Internet Explorer - NT - IE Shared codebase of (eg. in Outlook) allows silent delivery and exec of code (Feb 24)
Platinum FTP - NT - Platinum FTP directory traversal (Feb 24)
Glftpd - Linux - Glftpd remote root and other vulnerabilities (Feb 24)
Webmin - mUNIXes - Webmin/Usermin Session ID Spoofing Vulnerability (Sep 26)
moxftp - BSD - moxftp remote overlfow (Feb 24)
sircd - BSD - sircd remote overflow (Feb 24)
WWWBoard - Other - WWWBoard XSS (Feb 24)
Telindus - Other - Telindus password recovery due to weak encryption scheme (Feb 24)
Cpanel - Other - Cpanel remote command execution and local root vulnerabilities (Feb 19)
kernel - NT - Bypassing Personal Firewalls with code injection , sample in C (Feb 22)
Myguestbook - Other - Myguestbook (PHP) XSS and admin page access (Feb 22)
Cisco SIP - Other - Cisco SIP remote crash (Feb 22)
Perl2Exe - NT - Perl2Exe EXEs Can Be Decompiled (Feb 22)
Cisco - Other - Cisco OSPF remote buffer overflow POC exploit (Feb 20)
PHPNuke - Other - PHPNuke SQL Injection (Feb 21)
phpBB - Other - phpBB Security Bugs (Feb 21)
Credit Cards - Other - Credit Cards security at risk (Feb 21)
myphpnuke - Other - myphpnuke xss (Feb 20)
Norton - NT - Symantec Norton AntiVirus buffer overflow in scanning compressed files (Feb 20)
kernel - NT - Priviledge escalation (Feb 20)
Proxomitron - Other - Proxomitron Naoko Long Path Buffer Overflow/DoS (Feb 20)
libIM.a - AIX - libIM.a Buffer Overflow (Feb 13)
PHP - Other - PHP CGI priviledge escalation and remote file compromise (Feb 17)
Oracle - Other - Oracle bfilename function buffer overflow vulnerability (Feb 17)
kernel - NT - Riched20.DLL attribute label buffer overflow vulnerability (Feb 17)
Lotus iNotes - Other - Lotus iNotes Client ActiveX Control Buffer Overrun (Feb 17)
Lotus Domino - Other - Lotus Domino Web Server iNotes Overflow (Feb 17)
Lotus Domino - Other - Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (Feb 17)
Oracle9i - Other - Oracle9i Application Server Format String Vulnerability (Feb 17)
Oracle - Other - Oracle TO_TIMESTAMP_TZ & TZ_OFFSET Remote System Buffer Overrun (Feb 17)
Oracle - Other - Oracle unauthenticated remote system compromise (Feb 17)
Lotus Domino - Other - Lotus Domino DOT Bug Allows for Source Code Viewing (Feb 13)
kernel - SunOS - Signal hooking allows to view process memory on badly configured hosts (Feb 13)
CGI::Lite - Other - CGI::Lite::escape_dangerous_chars() permits remote compromise (Feb 12)
Java - Other - Many Java Virtual Machine implementations failures leads to remote compromise (Nov 23)
SQLBase - Other - SQLBase Buffer OverFlow (Feb 11)
NOD32 - Other - NOD32 Antivirus Software for Unix Buffer Overflow (Feb 11)
Opera - Other - Opera Java-Applet crash (Feb 11)
Netgear - Other - Netgear configuration accessible to unauthentified users (Feb 11)
Kaspersky - NT - Kaspersky Antivirus DoS (Feb 11)
kernel - NT - Windows cmd.exe long path buffer overflow/DoS (Feb 11)
Far - NT - Far buffer overflow (Feb 11)
kernel - NT - Preventing buffer exploits discussion (Feb 4)
PKzip - NT - Pkzip encryption random seed attack (Feb 8)
Wall - HpUX - Wall Buffer Overflow (Feb 7)
OpenLDAP - Linux - openldap setuid .ldaprc buffer overflow (Feb 6)
Unreal - Other - Unreal engine whitepaper analysis (Feb 6)
Opera - Other - Opera mutiple vulnerabilities (Feb 5)
qt-dcgui - Linux - qt-dcgui remote file compromise (Feb 5)
Majordomo - mUNIXes - Majordomo info leakage (mailing list exposure), all versions (Feb 5)
Network - Other - Block-Based Protocol Analysis (Feb 5)
sh-utils - Linux - Insecure default pam_xauth for sh-utils priviledge escalation (Feb 4)
MySQL - Other - MySQL DoS via double-free() bug (Feb 4)
Internet Explorer - NT - Internet Explorer local file reading (Feb 4)
PHP-Nuke - Other - PHP-Nuke Avatar Code injection vulnerability (Feb 3)
Blade encoder - NT - Blade encoder overflow in wave file parsing (Feb 3)
phpMyShop - Other - phpMyShop SQL Injection (Feb 3)
Kazaa - NT - Kazaa crash with downloading of ad banners (Feb 3)
CVS - Other - CVS remote compromise (Jan 23)
Apache Jakarta Tomcat - Other - Apache Jakarta Tomcat 3 URL parsing vulnerability (Jan 31)
3DM - Other - 3Ware 3DM denial of service attack (Jan 31)
kernel - NT - RPC Locator Buffer Overflow (Jan 31)
Kerberos - mUNIXes - Multiple vulnerabilities in MIT Kerberos 5 releases (Jan 30)
Apache Tomcat - Other - Tomcat information exposure and cross site scripting (Jan 30)
ProxyView - NT - ProxyView default undocumented password (Jan 28)
Java - Other - Java Secure Socket Extension Incorrect Certificate Validation (Jan 28)
at - SunOS - at -r job name handling and race condition (Jan 27)
Nuked-Klan - Other - Multiple Cross Site Scripting Vulnerabilities in Nuked-Klan (Jan 27)
slocate - Linux - slocate buffer overflow (Jan 25)
SpamAssassin - Linux - SpamAssassin's spamc program in BSMTP mode could be tricked for remote execution (Jan 25)
YabbSE - Other - YabbSE remote code execution (Jan 23)
List Site - Other - List Site user account Hijacking (Jan 25)
msgina.dll - NT - Windows 2000 Terminal Server DoS attack (Jan 24)
WinRAR - NT - WinRAR buffer overflow (Jan 23)
Apache - Other - Apache HTTP Server Path Parsing Errata (Jan 23)
Blackboard - NT - Blackboard Password Retrieval (Jan 23)
PeopleTools - Other - PeopleSoft PeopleTools XML External Entities vulnerability (Jan 23)
Internet Explorer - NT - IE HttpOnly circumvention via http TRACE (that requires already elaborate access) (Jan 23)
PHPLink - Other - PHPLinks multiple vulnerabilties (Jan 21)
EFS - NT - Attacking EFS through cached domain logon credentials (Jan 21)
kernel - NT - Windows SMB implementation local and remote overflow (Aug 23)
phpBB - Other - phpBB SQL Injection vulnerability (Jan 20)
phpPass - Other - phpPass sql injection (Jan 20)
CuteFTP - NT - CuteFTP buffer overflow (Jan 20)
Outreach - Linux - Outreach Project Tool issues (Jan 20)
mpg123 - Linux - mpg123 Local/remote exploit (Jan 14)