bugtraq 2002/01
By Subject
357 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
Starting: Mon Dec 31 2001 - 10:46:09 PST
Ending: Wed Feb 06 2002 - 17:13:36 PST
- "Dec. 6: Oracle server vulnerable on Unix"
- '/usr/bin/at 31337 + vuln' problem + exploit
- (Repost) CwpApi : GetRelativePath() returns invalid paths (security advisory)
- [ Hackerslab bug_paper ] Xkas application vulnerability
- [ WWWThreads, UBBThreads ] Security Hole in upload system
- [Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released.
- [AP] awhttpd v2.2 local DoS
- [AP] awhttpd v2.2 local DoS)
- [AP] awhttpd v2.2 local DoS))
- [ARL02-A01] Vulnerability in Hosting Controller
- [CLA-2002:447] Conectiva Linux Security Announcement - glibc
- [CLA-2002:448] Conectiva Linux Security Announcement - libgtop
- [CLA-2002:449] Conectiva Linux Security Announcement - mutt
- [CLA-2002:450] Conectiva Linux Security Announcement - proftpd
- [CLA-2002:451] Conectiva Linux Security Announcement - sudo
- [CLA-2002:455] Conectiva Linux Security Announcement - MySQL
- [CLA-2002:458] Conectiva Linux Security Announcement - rsync
- [CLA-2002:459] Conectiva Linux Security Announcement - openldap
- [CLA-2002:460] Conectiva Linux Security Announcement - pine
- [ESA-20020114-001] 'sudo' can invoke the system MTA as root
- [ESA-20020114-002] 'pine' URL handling vulnerability
- [ESA-20020114-003] Several local LIDS vulnerabilities
- [ESA-20020125-004] rsync signed integer handling vulnerability
- [Immunix-announce] ImmunixOS 7.0 sudo update
- [NGSEC] Whitepaper Released: Polymorphic shellcodes vs. Application IDSs
- [PTL-2002-01] Vulnerabilities in Oracle9iAS Web Cache
- [resend] Avirt Gateway Telnet Vulnerability (and more?)
- [resend] Strumpf Noir Society on BadBlue
- [RHSA-2001:165-08] The uuxqt utility can be used to execute a rbitrary commands as uucp.uucp
- [RHSA-2001:170-06] Updated Mailman packages available
- [RHSA-2001:176-05] Updated exim packages fix security problem
- [RHSA-2001:179-05] Updated namazu packages are available
- [RHSA-2002:002-10] Updated stunnel packages available.
- [RHSA-2002:003-10] New mutt packages available to fix security problem
- [RHSA-2002:004-06] New groff packages available to fix security problems
- [RHSA-2002:005-09] Updated xchat packages are available
- [RHSA-2002:007-16] Updated 2.4 kernel available
- [RHSA-2002:011-06] Updated sudo packages are available
- [RHSA-2002:013-03] Updated sudo package is available
- [RHSA-2002:014-07] Updated OpenLDAP packages available
- [RHSA-2002:015-13] Updated at package available
- [RHSA-2002:018-05] New rsync packages available
- [RHSA-2002:018-05] New rsync packages available)
- [RHSA-2002:018-10] New rsync packages available
- [SA-2002:00] Slashcode login vulunerability
- [SUPERPETZ ADVISORY #001 - agora.cgi Secret Path Disclosure Vulnerability]
- [VulnWatch] sastcpd Buffer Overflow and Format String Vulnerabilities
- address.com: email vulnerability
- Aftpd core dump vulnerability
- Agoracgi v3.3e Cross Site Scripting Vulnerability
- AIM addendum
- Allaire Forums Vulnerability
- Alteon ACEdirector signature/security bug
- Announce: NGSSniff
- Announcing a new DNS server implementation
- Anonymous Mail Forwarding Vulnerabilities in FormMail 1.9
- AOLserver 3.4.2 Unauthorized File Disclosure Vulnerability
- ASP Application Security: CDONTS.NEWMAIL
- audiogalaxy...little problem....
- Authorize.Net Plain Text Login Transmission
- Automated remote CGI vulnerability discovery
- autoresponder program could be tricked by spamers to send unsolicited mail to victim's address
- autoresponder program could be tricked by spamers to send unsolicitedmail to victim's address (fwd)
- Avirt Gateway Suite Remote SYSTEM Level Compromise
- Avirt Proxy Buffer Overflow Vulnerabilities
- AW: IE https certificate attack
- Betr.: Long path exploit on NTFS
- BindView NetInventory NetRC hostcfg_ni password passed in clear t ext
- BlackMoon FTPd Buffer Overflow Vulnerability
- BOOZT! Standard 's administration cgi vulnerable to buffer overflow
- BOOZT! Standard CGI Vuln : fixed in 0.9.9
- BOOZT! Standard CGI Vulnerability : Exploit Released
- Bounce vulnerability in SpoonFTP 1.1.0.1
- Breakable
- bru backup program
- BSCW: Vulnerabilities and Problems
- Bug in alcatel speed touch home adsl modem
- C2IT.com Cross Site Scripting Vulnerability
- CDE bug in Unixware 7.1
- cdrdao insecure filehandling
- cgiaudit release information
- Chinput Buffer Overflow Vulnerability
- Cisco Security Advisory: Cisco CatOS Telnet Buffer Vulnerability
- Cisco Security Advisory: Hardening of Solaris OS for MGC
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco SN 5420 Storage Router
- Citrix NFuse 1.6
- Compaq Tru64 patches for CERT VU#10277
- Cookie modification allows unauthenticated user login in Geeklog 1.3
- Cross Site Scripting in microsoft.com
- Cross-Site Scripting Vuln...
- Cross-Site Vulnerabilities (Still) Found in Major Web Sites
- CrossSiteScripting PostNuke.
- CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]
- CyberStop-Server-DoS-remote-attacks
- D-Link DWL-1000AP can be compromised because of SNMP configuration
- Denial of Service flaw in Apache
- Details on the updated namazu packages that are available
- dnrd 2.10 dos
- DoS bug on Tru64
- dtterm exploit in Unixware 7.1.1
- efax
- Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability
- Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability (Solution)
- Fairly serious vulnerability in vBulletin 2.2.0
- Faqmanager.cgi file read vulnerability
- File Transversal Vulnerability in Dino's WebServer
- For European and Asian Knowledge Seekers
- Full path disclosure vulnerabilty in Sun's Web site
- FWD: IRIX nsd Vulnerability
- FWD: Sun Microsystems, Inc. Security Bulletin
- gnuchess buffer overflow vulnerabilty
- gzip bug w/ patch..
- Handspring Visor D.O.S
- Heap overflow in snmpnetstat
- HP Secure OS Software for Linux security bulletins digest
- HP-UX security bulletins digest
- ICQ remote buffer overflow vulnerability
- Identifying PGP Corporate Desktop 7.1 with PGPfire Personal Desktop Firewall Installed (no need to be enabled) on Microsoft Windows Based OSs
- IE Clipboard Stealing Vulnerability
- IE FORM DOS
- IE GetObject() problems
- IE https certificate attack
- Inproper input validation in Bugzilla <=2.14 - exploit
- Intel WLAN Driver storing 128bit WEP-Key in plain text!
- Internet Explorer Javascript Modeless Popup Local Denial of Service Vulnerability
- Internet Explorer Pop-Up OBJECT Tag Bug
- ISSTW Security Advisory Tarantella Enterprise 3.11.903 Directory Index Disclosure Vulnerability
- Kerberos 5 ftp client Core Dump
- KPMG-2002003: Bea Weblogic DOS-device Denial of Service
- Legato Vulnerable
- LIDS Security Advisory 1
- Linksys 'routers', SNMP issues
- Long path exploit on NTFS
- Macinosh IE file execuion vulerability
- Maelstrom 1.4.3 abartity file overwrite
- Maelstrom file overwrite
- Mail.com Cross Site Scripting Vulnerability
- MDKSA-2001:095-1 - glibc update
- MDKSA-2002:001 - bind update
- MDKSA-2002:002 - mutt update
- MDKSA-2002:003 - sudo update
- MDKSA-2002:004 - stunnel update
- MDKSA-2002:007 - at update
- MDKSA-2002:008 - jmcce update
- MDKSA-2002:009 - rsync update
- MDKSA-2002:010 - enscript update
- MDKSA-2002:011 - gzip update
- Microsoft Security Bulletin MS02-001
- MiraMail 1.04 can give POP account access and details
- More information on alcatel speed touch home modem
- More reading of local files in MSIE
- Mozilla Cookie Exploit
- msdtc on 3372
- MSIE 6.0 will rollback during XP Pro Install -- Ref: MSIE may download and run programs automatically - details
- MSIE may download and run programs automatically - details
- myvoicestream.com vulnerability
- NetBSD Security Advisory 2002-001 Close-on-exec, SUID and ptrace(2)
- New SQL Injection Whitepaper
- NMRC Advisory: OpenFile Win32 API Log Overwriting/Rewriting
- Novell Netware Login "bypass" to execute programs
- Palm Desktop 4.0b76-77 for Mac OS X
- Paper: Unicode overflow technique
- PHP 4.x session spoofing
- PHP-Nuke allows Command Execution & Much more
- Pi3Web Webserver v2.0 Buffer Overflow Vulnerability
- Pine 4.33 (at least) URL handler allows embedded commands.
- Plumtree Corporate Portal Cross-Site Scripting (Patch Available)
- Possible privilege escalation with NDS for NT
- Potential RealPlayer 8 Vulnerability
- psyBNC 2.3 Beta - encrypted text "spoofable" in others' irc terminal
- psyBNC2.3 Beta - encrypted text spoofable in others irc terminal
- Razor warning (SPAM/UBE/UCE)
- Razor Warning: SPAM/UBE/UCE
- RealPlayer Buffer Overflow [Sentinel Chicken Networks Security Advisory #01]
- remote buffer overflow in sniffit
- remote memory reading through tcp/icmp
- remote memory reading through tcp/icmp (linux)
- Sambar Webserver Sample Script v5.1 DoS Vulnerability Exploit
- Sambar Webserver v5.1 DoS Vulnerability
- Sapgui 4.6D for Windows
- sastcpd 8.0 'authprog' local root vulnerability
- sastcpd Buffer Overflow and Format String Vulnerabilities
- Savant Webserver Buffer Overflow Vulnerability
- Script for find domino's users
- Security Advisory for Bugzilla v2.15 (cvs20020103) and older
- Security flaws in tinc
- Security Update: [CSSA-2001-039.0] Linux - IMP/HORDE cross site scripting vulnerability
- Security Update: [CSSA-2001-SCO.35.2] REVISED: OpenServer: setcontext and sysi86 vulnerabilities
- Security Update: [CSSA-2002-SCO.1] OpenServer: wu-ftpd ftpglob() vulnerability
- Security Update: [CSSA-2002-SCO.2] Open UNIX, UnixWare 7: sort creates temporary files insecurely
- security vulnerability in chuid
- Security weaknesses of VTun
- SECURITY.NNOV: stream3 Windows NT/2000 DoS (Q280446)
- Semi-serious vulnerability in vBulletin 2.2.0
- Serious privacy leak in Python for Windows
- Shockwave Flash player issue
- Shoutcast server 1.8.3 win32
- sltrib.com, using nacorp.com's web forms are submitted insecurely, and are clearly promoted as being secure
- Snort core dumped
- squirrelmail bug
- Stunnel: Format String Bug update
- Sudo version 1.6.4 now available (fwd)
- SuSE Security Announcement: at (SuSE-SA:2002:003)
- SuSE Security Announcement: mutt (SuSE-SA:2002:001)
- SuSE Security Announcement: rsync (SuSE-SA:2002:004)
- SuSE Security Announcement: sudo (SuSE-SA:2002:002)
- svindel.net security advisory - web admin vulnerability in CacheOS
- tac_plus version F4.0.4.alpha on at least Solaris 8 sparc
- The "Lunch Break Hole"
- Timbuktu 6.0.1 and Older DoS Advisory
- TSLSA-2002-0003 - mutt
- TSLSA-2002-0025 - rsync
- Unixware 7.1.1 rpc.cmsd remote exploit code.
- Unixware 7.1.1 scoadminreg.cgi local exploit
- Update on the SuperCookie issue
- UPNP Denial of Service
- user-mode-linux problems
- USPS Online Bill Pay - Cleartext Password Leakage
- USPS Online Bill Pay - Cleartext Password Leakage (resolved)
- uucp --config patch -- not sufficient
- VERISIGN "PAYFLOW LINK" PAYMENT SERVICE SECURITY FAI LURE (#5947-000093-7546\939465)
- VERISIGN "PAYFLOW LINK" PAYMENT SERVICE SECURITY FAILURE
- Vulnerabilities in EServ 2.97
- Vulnerabilities in squirrelmail
- Vulnerability in encrypted loop device for linux
- Vulnerability in hellbent
- Vulnerability in new user creation in Geeklog 1.3
- Vulnerability in user posting in Nick.com forums
- Vulnerability Netgear RP-114 Router - nmap causes DOS
- Vulnerabilty in PaintBBS v1.2
- w00w00 on AIM Filter (Backdoors & SpyWare)
- w00w00 on AOL Instant Messenger (serious vulnerability)
- Web Server 4D/eCommerce 3.5.3 Directory Traversal Vulnerability
- Web Server 4D/eCommerce 3.5.3 DoS Vulnerability
- xchat IRC session hijacking vulnerability (versions 1.4.1, 1.4.2)
- Xoops Private Message System Script injection
- Xoops SQL fragment disclosure and SQL injection vulnerability
- Xoops topics : One more time
- xterm exploit in Unixware 7.0.1
- ZBServer Pro DoS Vulnerability
Last message date: Wed Feb 06 2002 - 17:13:36 PST
Archived on: Wed Feb 06 2002 - 17:13:40 PST
357 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
This archive was generated by hypermail 2b30
: Wed Feb 06 2002 - 17:13:40 PST