bugtraq 2002/03
By Subject
370 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
Starting: Fri Mar 01 2002 - 00:15:47 PST
Ending: Thu Mar 27 2003 - 09:10:55 PST
- *****SPAM***** Another Sql Server 7 Buffer Overflow
- ... Tiny Personal Firewall ...
- 1024-bit RSA keys in danger of compromise
- 2nd Buffer Overflow in Talentsoft's Web+ (#NISR13032002)
- [Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability
- [ARL02-A05] PHP FirstPost System Information Path Disclosure Vulnerability
- [ARL02-A06] Black Tie Project System Information Path Disclosure Vulnerability
- [ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability
- [ARL02-A08] BG Guestbook Cross Site Scripting Vulnerability
- [ARL02-A09] Board-TNK Cross Site Scripting Vulnerability
- [ARL02-A10] News-TNK Cross Site Scripting Vulnerability
- [ARL02-A11] Big Sam (Built-In Guestbook Stand-Alone Module) Multiple Vulnerabilities
- [Bug 131761] Buffer Overflow in Geck/Netscape 5.0/6.0?
- [CLA-2002:465] Conectiva Linux Security Announcement - apache
- [CLA-2002:466] Conectiva Linux Security Announcement - radiusd-cistron
- [CLA-2002:467] Conectiva Linux Security Announcement - openssh
- [CLA-2002:468] Conectiva Linux Security Announcement - php
- [CLA-2002:469] Conectiva Linux Security Announcement - zlib
- [CLA-2002:470] Conectiva Linux Security Announcement - imlib
- [CSS] Cross Site Scripting in the translation and infoplease services of lycos.com possible
- [ESA-20020301-005] 'apache' (mod_ssl) session caching buffer overflow
- [ESA-20020301-006] 'php, mod_php' MIME parsing vulnerabilities
- [ESA-20020307-007] Local vulnerability in OpenSSH's channel code.
- [ESA-20020311-008] Double free() in zlib may lead to buffer overflow.
- [H20020304]: Remotely exploitable format string vulnerability in ntop
- [IMG] tag vulnerability in vBulletin
- [img]-vulnerability in vBulletin Version 2.2.2 & 2.2.1 & maybe olders
- [mattat_private: [Zope-Annce] Zope Hotfix 2002-03-01 (Ownership Roles Enforcement)]
- [Mozilla Bug #131761] Buffer Overflow in Geck/Netscape 5.0/6.0?
- [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)
- [OpenPKG-SA-2002.003] OpenPKG Security Advisory (zlib)
- [PINE-CERT-20020301] OpenSSH off-by-one
- [RHEA-2002:024-23] Updated rpm packages available
- [RHSA-2002:026-35] Vulnerability in zlib library
- [RHSA-2002:026-43] Vulnerability in zlib library
- [RHSA-2002:027-22] Vulnerability in zlib library (powertools)
- [RHSA-2002:030-08] Updated radiusd-cistron packages are available
- [RHSA-2002:032-12] Updated cups packages are available
- [RHSA-2002:035-18] Updated PHP packages are available [updated 2002-Mar-11]
- [RHSA-2002:041-08] Updated mod_ssl packages available
- [RHSA-2002:042-12] Updated secureweb packages available
- [RHSA-2002:043-10] Updated openssh packages available
- [RHSA-2002:048-06] New imlib packages available
- [VulnWatch] Bypassing libsafe format string protection
- [VulnWatch] exploiting the zlib bug in openssh
- [VulnWatch] IMail Account hijack through the Web Interface
- [VulnWatch] NMRC Advisory - KeyManager Issue in ISS RealSecur e on Nokia Appliances
- [Whitehat] about zlib vulnerability
- A possible buffer overflow in libnewt
- about zlib vulnerability
- about zlib vulnerability - Microsoft products
- Account Lockout Vulnerability in Oblix NetPoint v5.2
- ADVISORY: Windows Shell Overflow
- AeroMail multiple vulnerabilities
- Alteon ACEdirector signature/security bug
- Announcing Immunix SnackGuard
- Anonymizer, MSIE, images ...
- AOL Instant Messenger Servers Patched and...Un-Patched?
- Apache 1.3.24 Released! (fwd)
- Apache+php Proof of Concept Exploit
- Apache-SSL 1.3.22+1.47 - update to security fix
- Apache-SSL buffer overflow (fix available)
- Authentication with RSA SecurID and Outlook web access
- Automatically opening + Executing attachments
- Automatically opening IE + Executing attachments
- BSD: IPv4 forwarding doesn't consult inbound SPD in KAME-derived IPsec
- Buffer Overflow in Geck/Netscape 5.0/6.0?
- Buffer Overrun in Talentsoft's Web+ (#NISR01032002A)
- Bug in QPopper (All Versions?)
- Bypassing libsafe format string protection
- CaupoShop: cross-site-scripting bug
- Cert Advisory 2002-03 and HP JetDirect)
- CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable)
- Cgisecurity.com Paper #5: Fingerprinting Port 80 Attacks: A look into web server, and web application attack signatures: Part Two
- Checkpoint FW1 SecuRemote/SecureClient "re-authentication" (client side hacks of users.C)
- Cisco Security Advisory: LDAP Connection Leak in CTI when User Authentication Fails
- Citadel/UX Server Remote DoS attack Vulnerability
- Citrix contacts
- Citrix Nfuse directory traversal with boilerplate.asp
- Citrix vulnerability disclosure/bug reports contact
- Colbalt-RAQ-v4-Bugs&Vulnerabilities
- Command execution in phprojekt.
- Considerations for IIS Authentication (#NISR05032002C)
- Cross-site scripting.
- CSS in ikonboard 3.0.1,3.0.2,3.0.3
- d_path() truncating excessive long path name vulnerability
- dcshop.cgi anybody can delete *.setup for database
- DebPloit (exploit)
- Default SNMP configuration issue with Foundry Networks EdgeIron 4802F
- Denial of Service in Sphereserver
- Directory traversal vulnerability in phpimglist
- DoS in debian (potato) proftpd
- DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1
- Ecartis/Listar multiple vulnerabilities
- Edvice Security Services <supportat_private, 000701c1c5fb$c168f970$5a01010a@mic2000
- efingerd remote buffer overflow and a dangerous feature
- Endymion SakeMail and MailMan File Disclosure Vulnerability
- Etnus TotalView 5.
- Excite Email Disclosure Vulnerability
- exploiting the zlib bug in openssh
- Foundry Networks ServerIron don't decode URIs
- FreeBSD Ports Security Advisory FreeBSD-SA-02:14.pam-pgsql
- FreeBSD Ports Security Advisory FreeBSD-SA-02:15.cyrus-sasl
- FreeBSD Ports Security Advisory FreeBSD-SA-02:16.netscape
- FreeBSD Ports Security Advisory FreeBSD-SA-02:17.mod_frontpage
- FreeBSD Ports Security Advisory FreeBSD-SA-02:18.zlib
- FreeBSD Ports Security Advisory FreeBSD-SA-02:19.squid
- Fun With MSN Chat Part I (Cross Scripting)
- Fwd: DebPloit (exploit)
- GNU fileutils - recursive directory removal race condition
- Gravity Storm Service Pack Manager 2000 Share Vulnerability
- Hosting Directory Traversal madness...
- Hotline Client Plain password vuln.
- How Outlook 2002 can still execute JavaScript in an HTML email message
- iBuySpy store hole
- Identifying Kernel 2.4.x based Linux machines using UDP
- IE execution of arbitrary commands without Active Scripting
- IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)
- IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE) + Workaround.
- IE: Remote webpage can script in local zone
- IIS Internal IP Address Disclosure (#NISR05032002B)
- IIS SMTP component allows mail relaying via Null Session
- IMail Account hijack through the Web Interface
- Instant Web Mail additional POP3 commands and mail headers
- IRIX FTP Bounce vulnerability
- Java HTTP proxy vulnerability
- Javascript loop causes IE to crash
- JS embedding @ www.reed.co.uk
- JS embedding @ yahoo.com
- KPMG-2002005: BitVise WinSSH Denial of Service
- KPMG-2002006: Lotus Domino Physical Path Revealed
- LilHTTP Web Server Protected File Access Vulnerability (Solution)
- Linksys BEFVP41 VPN Server does not follow proper VPN standards
- linux <=2.4.18 x86 traps.c problem
- Local privalege escalation issues with Webmin 0.92
- Local Security Vulnerability in Windows NT and Windows 2000
- Many, many, many Sql Server 7 & 2000 Buffer Overflows
- Marcus S. Xenakis "directory.php" allows arbitrary code execution
- MDKSA-2002:019 - openssh update
- MDKSA-2002:020 - mod_ssl update
- MDKSA-2002:021 - mod_frontpage update
- MDKSA-2002:022 - zlib update
- MDKSA-2002:023 - packages containing zlib update
- MDKSA-2002:023-1 - packages containing zlib update
- MDKSA-2002:024 - rsync update
- MDKSA-2002:025 - fix for insecure default kdm configuration
- memberlist.php of vBulletin
- mIRC DCC Server Security Flaw
- Mistype a URL? M$N knows what you typed.
- mod_ssl Buffer Overflow Condition (Update Available)
- More Office XP problems
- More SWF vulnerabilities?
- move_uploaded_file breaks safe_mode restrictions in PHP
- MSIE vulnerability exploitable with Eudora (was: IncrediMail)
- MSIE vulnerability exploitable with IncrediMail
- mtr 0.45, 0.46
- mutants! - spp_fnord.c (It can see the FNORDs! :-)
- NAI Gauntlet Firewall 5.5 for NT (Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability (bugtraq id 4131)
- NetBSD Security Advisory 2002-002: gzip buffer overrun with long filename
- NetBSD Security Advisory 2002-004: Off-by-one error in openssh session
- New Bill attempts to regulate hardware, software development
- NFuse Cross Site Scripting vulnerability
- NMRC Advisory - KeyManager Issue in ISS RealSecure
- NMRC Advisory - KeyManager Issue in ISS RealSecure on Nokia A ppliances
- NMRC Advisory - KeyManager Issue in ISS RealSecure on Nokia Appliances
- NMRC Advisory: RealSecure KeyManager Issue - Further Explanation
- NT user (who is locked changing his/her password by administrator ) can bypass the security policy and Change the password.
- On the ultimate futility of server-based mail scanning
- Open Security Testing Meth 2.0 released
- OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix
- OpenSSH channel code vulnerability
- OpenSSH rebuild warning: problems avoiding zlib problems in Solaris
- OpenSSH Security Advisory (adv.channelalloc)
- Oracle9i TSN DoS Attack
- Outlook Express Attach Execution Exploit (img tag + innerHTML + TIF dos name)
- packet filter fingerprinting(open but closed, closed but filtered)
- PCFriendly DVD Backchannel
- Phorum Discussion Board Security Bug (Email Disclosure)
- PHP Net Toolpack: input validation error
- PHP script: Penguin Traceroute, Remote Command Execution
- PHP-Nuke & Post-Nuke account hijacking.
- Pi3Web/2.0.0 File-Disclosure/Path Disclosure vuln
- popper_mod 1.2.1 and previous accounts compromise
- PostNuke Bugged
- postnuke v 0.7.0.3 remote command execution
- Potential vulnerabilities of the Microsoft RVP-based Instant Messaging
- privacy issues in metor.com (a search engine)
- PureTLS Security Announcement: Upgrade to 0.9b2
- Questionable security policies in Outlook 2002
- RCA cable modem Deny of Service
- RealPlayer bug
- ReBB javascripts vulnerability
- Remote Cobalt Raq XTR vulns
- Retrieving information on local files in IE (GM#003-IE)
- secureinc.com Vulnerability
- Security contact for Network Associates?
- security problem fixed in zlib 1.1.4
- Security Update: [CSSA-2002-004.1] REVISED: Linux: Various security problems in ucd-snmp
- Security Update: [CSSA-2002-005.0] Linux - LD_LIBRARY_PATH problem in KDE sessions
- Security Update: [CSSA-2002-007.0] Linux: Updated Caldera Public Keys
- Security Update: [CSSA-2002-008.0] Linux: CUPS buffer overflow when reading names of attributes
- Security Update: [CSSA-2002-009.0] Linux: X server allows access to any shared memory on the system
- Security Update: [CSSA-2002-010.0] Linux: ftp vulnerability in squid
- Security Update: [CSSA-2002-011.0] Linux: mod_ssl Buffer Overflow Condition
- Security Update: [CSSA-2002-012.0] Linux: OpenSSH channel code vulnerability
- Security Update: [CSSA-2002-013.0] Linux: Name Service Cache Daemon (nscd) advisory
- Security Update: [CSSA-2002-SCO.10] OpenServer: OpenSSH channel code vulnerability
- Security Update: [CSSA-2002-SCO.12] Open UNIX, UnixWare 7: rpc.cmsd can be remotely exploited
- Security Update: [CSSA-2002-SCO.7] OpenServer: multiple vulnerabilities in squid
- Security Update: [CSSA-2002-SCO.8] OpenServer: dlvr_audit: exploitable buffer overflow
- Security Update: [CSSA-2002-SCO.9] OpenServer: IPFilter may incorrectly pass packets
- SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations
- SMStools vulnerabilities in release before 1.4.8
- SouthWest Telnet talker server. DoS (Denial of Service Attack).
- squirrelmail 1.2.5 email user can execute command
- SunSolve CD cgi scripts...
- SuSE Security Announcement: libz/zlib (SuSE-SA:2002:010) (tandem-announcement, first part)
- SuSE Security Announcement: openssh (SuSE-SA:2002:009)
- SuSE Security Announcement: packages containing libz/zlib (SuSE-SA:2002:011) (tandem-announcement, second part)
- SuSE Security Announcement: squid (SuSE-SA:2002:008)
- Suspect 'advisory' from someone claiming to be from Microsoft (was Fwd: Internet Security Update)
- Symantec LiveUpdate
- TCP Connections to a Broadcast Address on BSD-Based Systems
- Team Asylum: Online renewal sites susceptible to spammer "harvesting"
- the dangers of disclosing vulnerabilities when the guilty party is ignorant of industry standards
- Tiny Personal Firewall
- Tomcat Security Exposure
- TSLSA-2002-0039 - openssh
- TSLSA-2002-0040 - zlib
- Two new white papers
- UniNet InfoSec Conference
- updated squid advisory
- UPDATED: Cisco Security Advisory: LDAP Connection Leak in CTI when User Authentication Fails
- Various Vulnerabilities in Norton Anti-Virus 2002
- VirusWall HTTP proxy content scanning circumvention
- vuln in wwwisis: remote command execution and get files
- Vulnerability Details for MS02-012
- Vulnerability in my guest book
- WebSight Directory System: cross-site-scripting bug
- Webtraversal in PCI Netsupport Manager (all version up to 7 using web extensions)
- Windows 2000 password policy bypass possibility
- Xchat /dns command execution vulnerability
- Xerver Free Web Server 2.10 file Disclosure & DoS PATCH (update version)
- Xerver-2.10-File-Disclousure&DoS-attack
- Xpede passwords exposed (2 vuln.)
- xtux server DoS.
- zlib & java
- ZLib double free bug: Windows NT potentially unaffected
- zlibscan : script to find suid binaries possibly affected by zlib vulnerability
- ZyXEL ZyWALL10 DoS
Last message date: Thu Mar 27 2003 - 09:10:55 PST
Archived on: Thu Mar 27 2003 - 09:10:58 PST
370 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
This archive was generated by hypermail 2b30
: Thu Mar 27 2003 - 09:10:58 PST