bugtraq 2002/04
By Subject
385 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
Starting: Mon Apr 01 2002 - 13:08:22 PST
Ending: Thu Apr 10 2003 - 15:48:51 PDT
- (Fwd) Keyservers Cross Site Scripting (When CSS Gets Dangerous)
- (SRADV00006) Remote command execution vulnerabilities in phpGroupWare
- 3CDaemon DoS exploit
- @stake advisory: .htr heap overflow in IIS 4.0 and 5.0
- [[ TH 026 Inc. ]] SA #1 - Multiple vulnerabilities in PVote 1.5
- [[ TH 026 Inc. ]] SA #2 - IcrediBB 1.1, Cross Site Scripting vulnerability.
- [CERT-intexxia] AOLServer DB Proxy Daemon Format String Vulnerability
- [CLA-2002:471] Conectiva Linux Security Announcement - cups
- [CLA-2002:474] Conectiva Linux Security Announcement - ethereal
- [CLA-2002:475] Conectiva Linux Security Announcement - sudo
- [CLA-2002:476] Conectiva Linux Security Announcement - webalizer
- [ESA-20020423-009] webalizer contains a potentially exploitable buffer overflow
- [ESA-20020429-010] 'sudo' heap corruption vulnerability
- [Global InterSec 2002041701] Sudo Password Prompt Vulnerability.
- [RHSA-2001:089-08] Updated tcpdump packages available for Red Hat Linux 6.2 and 7.x
- [RHSA-2002:053-12] Race conditions in logwatch
- [RHSA-2002:054-09] Race conditions in logwatch
- [RHSA-2002:063-05] Updated icecast packages are available
- [RHSA-2002:071-07] Updated sudo packages are available
- [RHSA-2002:072-07] Updated sudo packages are available
- [slackware-security] sudo upgrade fixes a potential vulnerability
- [SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting
- [SNS Advisory No.50] Compaq Tru64 UNIX dtprintinfo "-session" Buffer Overflow Vulnerability
- [SNS Advisory No.51] Compaq Tru64 UNIX libc Buffer Overflow Vulnerability
- [VulnWatch] vuln in wwwisis: remote command execution and get files
- A buffer overflow study - generic protections
- A bug in the Kerberos4 ftp client may cause heap overflow which leads to remote code execution
- A crash course with Linux Kernel 2.4.x, IP ID values & RFC 791
- Ability to read buddy list of AIM users
- About: Using the backbutton in IE is dangerous
- Abyss Webserver 1.0 Administration password file retrieval exploit
- Admin access in GuestBook r4
- AIM Remote File Transfer/Direct Connection Vulnerability
- AIM's 'Direct Connection' feature could lead to arbitrary file creation
- Amazon.com Password limit
- Ammendum: A crash course with Linux Kernel 2.4.x, IP ID values & RFC 791
- An alternative method to check LKM backdoor/rootkit
- ANNOUNCE: RATS 1.4
- Another Faq-O-Matic XSS Vuln?
- ansi outer join syntax in Oracle allows access to any data
- Anthill login and JavaScript vulnerabilities
- apache + .htpasswd - bypass pwd check
- arp problem
- AW: ITCP Advisory 13: Bypassing of ATGuard Firewall possible
- Back Office Web Administrator Authentication Bypass (#NISR17042002A)
- Blahz-DNS: Authentication bypass vulnerability
- buffer overflow, using greek characters, AGAIN!
- Buffer Overrun in Talentsoft's Web+ (3) (#NISR17042002B)
- Bug in QPopper (All Versions?)
- Bypassing javascript filters - problem N3.
- CA security contact
- CGIscript.net - csMailto.cgi - Remote Command Execution
- Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues
- Cisco Security Advisory: Aironet Telnet Vulnerability
- Cisco Security Advisory: Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
- Cisco Security Advisory: Solaris /bin/log vulnerability
- Cisco Security Advisory: Vulnerability in zlib library
- Cisco Security Advisory: Web interface vulnerabilities in ACS for Windows
- Controlling the clipboard with OWC in IE (GM#007-IE)
- CORE-20020409: Multiple vulnerabilities in stack smashing protection technologies
- Cross site scripting in almost every mayor website
- Cross Site Scripting. Many Sites Vulnerable.
- De-anonymizer
- Demarc PureSecure 1.05 may be other (user can bypass login)
- Demarc Security Update Advisory
- Denial of Service in Mosix 1.5.x
- Disclosing information in Super GuestBook
- dnstools: authentication bypass vulnerability
- DOS for Icq 2001&2002
- DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1
- DoS in Multiple IE Versions (Self-Referenced Directives)
- Dynamic Guestbook V3.0 Cross Site Scripting and Arbitrary Command Execution under certain circumstances
- Early Reg to Close Soon! (fwd)
- emumail.cgi
- emumail.cgi, one more local vulnerability (not verified)
- eSecurityOnline Security Advisories notes
- eSecurityOnline Security Advisory 2397 - Sun Solaris admintool -d and PRODVERS buffer overflow vulnerabilities
- eSecurityOnline Security Advisory 2406 - CDE dtprintinfo Help sea rch buffer overflow vulnerability
- eSecurityOnline Security Advisory 2408 - CIDER SHADOW CGI
- eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy dis play name buffer overflow vulnerability
- eSecurityOnline Security Advisory 4123 - Sun Solaris admintool me dia installation path buffer overflow vulnerability
- eSecurityOnline Security Advisory 4197 - Sun Solaris cachefsd den ial of service vulnerability
- eSecurityOnline Security Advisory 4198 - Sun Solaris cachefsd mou nt file buffer overflow vulnerability
- Exploit for Tarantella Enterprise 3 installation (BID 3966)
- Firewall-1 Identification : port 257 (ie archive : 18701)
- Follows: Norton Personal Firewall 2002 vulnerable to SYN/FIN scan
- Fragroute and ISS (NetworkICE) products: a brief analysis
- fragroute vs. snort: the tempest in a teacup
- Fragroute-NetworkICE follow-up
- FreeBSD Security Advisory FreeBSD-SA-02:18.zlib [REVISED]
- FreeBSD Security Advisory FreeBSD-SA-02:20.syncache
- FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip
- FreeBSD Security Advisory FreeBSD-SA-02:23.stdio
- FreeBSD Security Advisory FreeBSD-SA-02:23.stdio)
- Full analysis of multiple remotely exploitable bugs in Icecast 1.3.11
- HiverCon 2002
- Howto exploit a remote format bug automatically
- Huge Privacy Threats in Webmails and How Big Companies Handle them
- IBM Informix Web DataBlade: Auto-decoding HTML entities
- IBM Informix Web DataBlade: Local root by design
- IBM Informix Web DataBlade: SQL injection
- IBM Security Advisory: IBM Tivoli Policy Director WebSEAL
- icecast 1.3.11 remote shell/root exploit - #temp
- Icecast temp patch (OR: Patches? We DO need stinkin' patches!!@$!)
- IE allows universal Cross Site Scripting (TL#002)
- IE DoS and possibly exploitable stack overflow
- IE Word ActiveX DoS Loop
- IE/OE6.0 cannot handle malformed XBM files
- IIS allows universal CrossSiteScripting
- Ikonboard 2.1.9 (possible other versions) Vulnerability when HTML is ON
- IMP 2.2.8 (SECURITY) released
- IndiaTimes.com - Email - Session hijacking and Inbox Blocking
- Inn (Inter Net News) security problems
- Intel D845HV/WN/PT series motherboard vulnerability
- IRIX XFS filesystem denial of service attack
- ISS Advisory: Remote Buffer Overflow Vulnerability in IRIX SNMP Daemon
- ISS Advisory: Remote Denial of Service Vulnerability in RealSecure Network Sensor
- ITCP Advisory 13: Bypassing of ATGuard Firewall possible
- iXsecurity.20020313.nw6remotemanager.a
- iXsecurity.20020314.csadmin_fmt.a
- iXsecurity.20020316.csadmin_dir.a
- iXsecurity.20020327.tivoli_tsm_dsmcad.a
- iXsecurity.20020328.tivoli_tsm_dsmsvc.a
- KPMG-2002006: Lotus Domino Physical Path Revealed
- KPMG-2002008: Watchguard SOHO IP Restrictions Flaw
- KPMG-2002009: Microsoft IIS W3SVC Denial of Service
- KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun
- KPMG-2002011: Windows 2000 microsoft-ds Denial of Service
- KPMG-2002012: (Re-submitted) Sambar Webserver Serverside Fileparse Bypass
- KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass
- KPMG-2002013: Coldfusion Path Disclosure
- KPMG-2002014: Foundstone Fscan Format String Bug
- KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS
- KPMG-2002016: Bea Weblogic incorrect URL parsing issues
- LabVIEW Web Server DoS Vulnerability
- Levcgi.coms MyGuestbook JavaScript Injection Vulnerability
- Lil' HTTP Server Directory Traversal Vulnerability
- local root compromise in openbsd 3.0 and below
- LogWatch 2.5 still vulnerable
- Mailman/Pipermail private mailing list/local user vulnerability
- Matu FTP remote buffer overflow vulnerability
- MDKSA-2002:024-1 - rsync update
- MDKSA-2002:026 - libsafe update
- MDKSA-2002:027 - squid update
- MDKSA-2002:028 - sudo update
- MDKSA-2002:029 - imlib update
- Melange Chat POC DOS
- MHonArc v2.5.2 Script Filtering Bypass Vulnerability
- Microsoft FTP Service STAT Globbing DoS
- Microsoft IIS 5.0 CodeBrws.asp Source Disclosure
- Microsoft Security Bulletin - MS02-020
- Microsoft Security Bulletin MS02-019: Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute (Q321309)
- Microsoft Security Bulletin MS02-020
- Microsoft Security Bulletin MS02-020:SQL Extended Procedure Functions Contain Unchecked Buffers (Q319507)
- More Cross site Scripting in PHPNuke
- More Office XP problems
- More Office XP problems (Version 2.0)
- More Office XP problems (version 3.0)
- Mp3 file can execute code in Winamp [Sandblad advisory #5]
- MS 3/28/02 Security Patch for IE6 - warning!
- MS02-018
- multiple CGIscript.net scripts - Remote Code Execution
- Multiple local files detection issues with OWC in IE (GM#008-IE)
- Multiple Vendor "talkd" user validation fault
- Multiple Vendor "talkd" user validation fault.
- Multiple Vulnerabilities in PostBoard
- Multiple Vulnerabilties in Sambar Server
- Multiple Vulnerabilties Sambar Webserver
- NetWare Remote Manager patches
- Nortel CVX 1800s will dump all local user names and passwords via SNMP
- Norton Personal Firewall 2002 vulnerable to SYN/FIN scan
- NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow
- NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow
- OpenBSD 3.0: Bug in rshd(8) and rexecd(8) (fwd)
- OpenBSD Local Root Compromise
- OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow
- packet filter fingerprinting(open but closed, closed but filtered)
- Philip Chinery's Guestbook 1.1 fails to filter out js/html
- PHP problem
- PHP-Survey Database Access Vulnerability
- PHProjekt multiple vulnerabilities
- Pine Internet Advisory: Setuid application execution may give local root in FreeBSD
- Possible vulnerabilities of ICQ files opened in IE or OE
- psyBNC 2.3 DoS / Bug
- PsyBNC Remote Dos POC
- QPopper 4.0.4 buffer overflow
- Quik-Serv Web Server v1.1B Arbitrary File Disclosure
- R: MS02-018
- Raptor Firewall FTP Bounce vulnerability
- Reading local files in Netscape 6 and Mozilla (GM#001-NS)
- Reading local files with OWC in IE (GM#006-IE)
- Reading portions of local files in IE, depending on structure (GM#004-IE)
- Redux: NIDS, fragrouter, and off-topic sanity [WAS: Snort exploit]
- regarding SSL issues
- Remote buffer overflow in Webalizer
- Remote Timing Techniques over TCP/IP
- Response to KF about Listar/Ecartis Vulnerability
- Restricted Shells
- Revised OpenSSH Security Advisory (adv.token)
- RFC: suggestions for SSL security enhancements in Microsoft Internet Explorer
- SASL (v1/v2) MYSQL/LDAP authentication patch.
- Scripting for the scriptless with OWC in IE (GM#005-IE)
- Security Update: [CSSA-2002-014.0] Linux: rsync supplementary groups vulnerability
- Security Update: [CSSA-2002-015.0] Linux: Double free in zlib (libz) vulnerability
- Security Update: [CSSA-2002-016.0] Linux: horde/imp cross scripting vulnerabilities
- Security Update: [CSSA-2002-017.0] Linux: squid compressed DNS answer message boundary failure
- Security Update: [CSSA-2002-018.0] Linux: Race condition in fileutils
- Security Update: [CSSA-2002-019.0] Linux: imlib processes untrusted images
- Security Update: [CSSA-2002-SCO.14] Open UNIX 8.0.0 UnixWare 7.1.1 : X server allows access to any shared memory on the system
- Security Update: [CSSA-2002-SCO.15] Open UNIX 8.0.0 UnixWare 7.1.1 : Buffer overflow in libX11 with -xrm
- Security Update: [CSSA-2002-SCO.16] UnixWare 7.1.1 : Multiple Vulnerabilities in BIND
- SECURITY.NNO: FTGate PRO/Office hotfixes
- segfault in ntop
- Several x-dev.de Guestbook and xNewsletter Vulnerabilities ( www.x-dev.de )
- Slrnpull Buffer Overflow (-d parameter)
- Snitz Forums 2000 remote SQL query manipulation vulnerability
- Snort exploits
- SOAP::Lite hole
- Solaris 2.6, 7, 8
- SPIKE version released that detects .HTR and ISAPI overflows (see spike.sourceforge.net)
- SQL injection in PHPGroupware
- Sudo version 1.6.6 now available (fwd)
- Summercon 2002 CFP
- SunSop: cross-site-scripting bug
- SuSE Security Announcement: radiusd-cistron (SuSE-SA:2002:013)
- SuSE Security Announcement: sudo (SuSE-SA:2002:014)
- SWS Vuln (small but important to those using it.)
- Taxonomies
- Tomcat 4.1 real path disclosure
- Tomcat real path disclosure (2)
- Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses
- TSLSA-2002-0046 - sudo
- TSLSA-2002-0047 - openssh
- Typsoft FTP Server: yet another directory traversal vulnerability
- Unauthorized remote control access to systems running Funk Softwa re's Proxy v3.x
- Using the backbutton in IE is dangerous
- Various Vulnerabilities in ZoneAlarm MailSafe
- VNC Security Bulletin - zlib double free issue (multiple vendors and versions)
- vqServer Demo Files Cross-Site Scripting
- Vulnerabilities in the Melange Chat Server
- Vulnerability in HP Photosmart/Deskjet Drivers for Mac OS X (root compromise)
- Vulnerability in PostCalendar
- Vulnerability: Windows2000Server running Terminalservices
- w00w00 on Microsoft IE/Office for Mac OS
- wbboard 1.1.1 Cross Site Scripting Vulnerability
- Webtrends Reporting Center Buffer Overflow (#NISR17042002C)
- Winamp: Mp3 file can control the minibrowser
- Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow
- Windows 2000 DCOM clients may leak sensitive information onto the network
- Windows 2000 Sec rollup 2 patch -- Ouch!
- XMB cross-scripting vulnerability
- Xpede many vulnerabilities
- Zope security address
- ç”å¤: An alternative method to check LKM bakdoor/rootki
Last message date: Thu Apr 10 2003 - 15:48:51 PDT
Archived on: Thu Apr 10 2003 - 15:48:53 PDT
385 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
This archive was generated by hypermail 2b30
: Thu Apr 10 2003 - 15:48:53 PDT