bugtraq 2002/05
By Subject
286 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
Starting: Wed May 01 2002 - 08:23:11 PDT
Ending: Sun Jun 02 2002 - 17:37:35 PDT
- "The Cross Site Scripting FAQ"
- (SSRT0822) Security Bulletin - Compaq & Java Proxy/VM Potential Security Vulnerabilities (fwd)
- *****SPAM***** Hosting Controller still have dangerous bugs!
- 14+ CGIscript.net scripts - Path Disclosure
- 1st Linux and Free Software Festival - Ankara 2002
- 2 security problem Quantum SNAP server
- [[ TH 026 Inc. ]] SA #3 - Shambala Server 4.5, Directory Traversal and DoS
- [CARTSA-20020402] Linux Netfilter NAT/ICMP code information leak
- [CLA-2002:477] Conectiva Linux Security Announcement - mod_python
- [CLA-2002:480] Conectiva Linux Security Announcement - tcpdump
- [CLA-2002:481] Conectiva Linux Security Announcement - imlib
- [CLA-2002:483] Conectiva Linux Security Announcement - dhcp
- [CLA-2002:487] Conectiva Linux Security Announcement - imap
- [CLA-2002:489] Conectiva Linux Security Announcement - mailman
- [CLA-2002:490] Conectiva Linux Security Announcement - mozilla
- [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd
- [DER ADV#8] - Local off by one in CVSD
- [Fwd: Updated version of SSH Secure Shell available]
- [GOBBLES] reflections on talkd hole
- [NGSEC-2002-2] ISC DHCPDv3, remote root compromise
- [RHSA-2002:047-10] Updated fetchmail packages available
- [RHSA-2002:062-08] Insecure DocBook stylesheet option
- [RHSA-2002:064-12] Updated Nautilus for symlink vulnerability writing metadata files
- [RHSA-2002:065-13] Updated sharutils package fixes uudecode issue
- [RHSA-2002:070-06] Updated mod_python packages available
- [RHSA-2002:070-08] Updated mod_python packages available
- [RHSA-2002:078-04] Updated mpg321 packages available
- [RHSA-2002:079-13] Updated Mozilla packages fix a security issue
- [RHSA-2002:081-06] perl-Digest-MD5 UTF8 bug results in incorrect MD5 sums
- [RHSA-2002:084-17] Updated nss_ldap packages fix pam_ldap vulnerability
- [RHSA-2002:086-05] Netfilter information leak
- [RHSA-2002:092-11] Buffer overflow in UW imap daemon
- [RHSA-2002:094-08] Updated tcpdump packages fix buffer overflow
- [security-intern] [securityat_private] FWD - GNU rm fileutils race condition problems on SuSE
- [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability
- [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability #2
- [SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability
- [SecurityOffice] Stronghold Secure Webserver Sample Script Path Disclosure Vulnerability
- [SNS Advisory No.48] Microsoft Internet Explorer Still Download And Execute ANY Program Automatically
- [SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability
- [SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability
- Addendum to advisory #NISR29052002 (JRun buffer overflow)
- addition: CVS off by one
- Administrivia
- ADVISORY: MSN Messenger OCX Buffer Overflow
- AIM+ SpyWare
- AMANDA security issues
- Announcing DEF CON 10!
- Another vulnerability in hosting controller
- ATMSNMPD Vulnerable but not Addressed
- b2 php remote command execution
- Beonex Communicator 0.8-pre based on Mozilla 1.0-branch released
- Bug in mnogosearch-3.1.19
- CAPZLOCK SECURITY ADVISORY NO. 1
- Catalyst 4000
- CGIscript.net - csPassword.cgi - Multiple Vulnerabilities
- Cisco ATA-186 admin password can be trivially circumvented
- Cisco IDS Device Manager 3.1.1 Advisory
- Cisco IOS ICMP redirect DoS
- Cisco IOS ICMP redirect DoS - Cisco's response
- Cisco Security Advisory: ATA-186 Password Disclosure Vulnerability
- Cisco Security Advisory: CBOS - Improving Resilience to DoS Attacks
- Cisco Security Advisory: Content Service Switch HTTP Processing Vulnerabilities
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco IP Telephones
- Cisco Security Advisory: NTP vulnerability
- Cisco Security Advisory: NTP vulnerability (fwd)
- Cisco Security Advisory: Transparent Cache Engine and Content Engine TCP Relay Vulnerability
- Classic Cross Site Scripting: Gibson Research Corporation
- cqure.net.20020408.netware_nwftpd.a
- cqure.net.20020412.bordermanager_36_mv1.a
- cqure.net.20020412.netware_client.a
- cqure.net.20020412.netware_sdmr.a
- CRLF Injection
- Cross Site Scripting Vulnerability in phpBB2's [IMG] tag and remote avatar
- cross-site scripting bug of ViewCVS
- dH team & SECURITY.NNOV: A variant of "Word Mail Merge" vulnerability
- dH team & SECURITY.NNOV: special device access, information leakage and DoS in Outlook Express
- Efficient Networks Contact info
- eSecurityOnline advisory 5063 - Sun AnswerBook2 gettransbitmap buffer overflow vulnerability
- eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy dis play name buffer overflow vulnerability
- Evolution of Cross-Site Scripting Attacks
- File Locking Local Denial of Service; Impact on sendmail
- FIRST 2002 reminder
- Fix for Mozilla XMLHttpRequest file disclosure vulnerability
- Flaw caused by default rulesets in many desktop firewalls under windows
- Foundstone Advisory - Buffer Overflow in Ipswitch Imail 7.1 and prior (fwd)
- FreeBSD Security Advisory FreeBSD-SA-02:23.stdio)
- FreeBSD Security Advisory FreeBSD-SA-02:24.k5su
- FreeBSD Security Advisory FreeBSD-SA-02:25.bzip2
- FreeBSD Security Advisory FreeBSD-SA-02:26.accept
- FreeBSD Security Advisory FreeBSD-SA-02:27.rc
- Fscan advisory (fwd)
- Fwd: [EXPL] Remote Exploit for UW-IMAPd Capability (IMAP4)
- Fwd: GOBBLES RESPONSE TO THE BLUE BOAR ("fixed version")
- Gafware's CFXImage vulnerability
- Gaim abritary Email Reading
- GNU rm fileutils race condition problems on SuSE
- GOBBLES SECURITY ADVISORY #33
- Grsecurity problem - modifying "read-only kernel"
- Hole in AOL Instant Messenger
- Honeynet Project -> The Reverse Challenge
- HP-UX security bulletins digest
- IE dot bug - Sandblad advisory #7
- Information Disclosure Vulnerability in IDS 0.8x
- Informix SE-7.25 /lib/sqlexec Vulnerability
- Intel D845HV/WN/PT series motherboard vulnerability
- irssi backdoored.
- ISS Alert: Microsoft SQL Spida Worm Propagation
- iXsecurity.20020404.4d_webserver.a
- KPMG-2002017: Snapgear Lite+ Firewall Denial of Service
- KPMG-2002018: Pointsec for PalmOS PIN disclosure
- LevCGI.coms NetPad 1.0.2 multiple vulnerabilities
- Linux kernel 2.4 "weak end host" issue (previously discussed here as "arp problem")
- Linux kernel 2.4 "weak end host" issue Explained
- Logitech Keyboard Insecurity
- Lysias Lidik Webserver suffers from a Directory Traversal Vulnerability
- Macromedia Flash Activex Buffer overflow
- Macromedia JRUN Buffer overflow vulnerability (#NISR29052002)
- MatuFtpServer Remote Buffer Overflow and Possible DoS
- MDKSA-2002:030 - temporary fix for netfilter information leak
- MDKSA-2002:031 - fileutils update
- MDKSA-2002:032 - tcpdump update
- MDKSA-2002:033 - webmin update
- MDKSA-2002:034 - imap update
- MDKSA-2002:035 - perl-Digest-MD5 update
- MDKSA-2002:036 - fetchmail update
- MDKSA-2002:037 - dhcp update
- MDKSA-2002:037-1 - dhcp update
- Microsoft Active Directory security vulnerability
- Misformated message header causes msn messenger to crash
- Mnews 1.22 PoC exploit
- More ELF buggery...
- MS02-023 does not patch actual issue!
- Multiple Vulnerabilities in CISCO VoIP Phones
- Multiple Vulnerabilities in MDaemon + WorldClient
- Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1
- Multiple vulnerabilities in QNX
- nCipher Security Advisory #3: MSCAPI CSP Install Wizard
- Nearly undocumented NT security feature - the solution to executable attachments?
- NetPad eq MALWARE, was: LevCGI.coms NetPad 1.0.2 multiple vulnerabilities
- Netscreen 25 unauthorised reboot issue
- Netstd 3.07-17 multiple remote buffer overflows
- New Macromedia Security Zone Bulletins Posted
- NOCC: cross-site-scripting bug
- NTFS and PGP interact to expose EFS encrypted data
- OpenBSD local DoS and root exploit
- OpenSSH 3.2.2 released (fwd)
- OpenSSH 3.2.3 released (fwd)
- Opera javascript protocoll vulnerability [Sandblad advisory #6]
- Opty-Way Enterprise includes MSDE with sa <blank>
- Patrol security bugs
- Phorum 3.3.2a has another bug for remote command execution
- Phorum 3.3.2a remote command execution
- pks public key server DOS and remote execution
- Plain Text Password Vulnerability in Winamp 2.80
- Possible Buffer Overflow in ACDSee 4.0
- Potential security issues in Ethereal
- Problems with various windows FTP servers
- ps under FreeBSD
- R7-0003: Nautilus Symlink Vulnerability
- Reading ANY local file in Opera (GM#001-OP)
- Remote quake 2 3.2x server cvar leak
- Reverse Challenge - Binary released
- route of #phrack is a funny man!
- SafeWeb Vulnerability - Fingerprinting Websites Using Traffic Analysis
- Scanners and unpublished vulnerabilities - Full Disclosure
- Security Implications of Novell eDirectory.
- Security Update: [CSSA-2002-018.1] Linux: REVISED: Race condition in fileutils
- Security Update: [CSSA-2002-020.0] Linux: icecast buffer overflows and denial-of-service
- Security Update: [CSSA-2002-021.0] Linux: imapd buffer overflow when fetching partial mailbox attributes
- Security Update: [CSSA-2002-022.0] Linux: OpenSSH ticket and token passing buffer overflow
- Security Update: [CSSA-2002-023.0] Linux: PHP multipart/form-data vulnerabilities
- Security Update: [CSSA-2002-SCO.17] OpenServer 5.0.5 : sar -o buffer overflow
- Security Update: [CSSA-2002-SCO.18] Open UNIX 8.0.0 UnixWare 7.1.1 : CDE /var/dt and subdirectories are writable by world
- Security Update: [CSSA-2002-SCO.19] OpenServer 5.0.5 OpenServer 5.0.6 : yppasswdd remotely exploitable buffer overflow
- Security Update: [CSSA-2002-SCO.20] OpenServer 5.0.5 OpenServer 5.0.6 : popper buffer overflow and denial-of-service
- Security Update: [CSSA-2002-SCO.21] OpenServer 5.0.5 OpenServer 5.0.6 : sort command creates temporary files insecurely
- Security Update: [CSSA-2002-SCO.22] OpenServer 5.0.5 OpenServer 5.0.6 : scoadmin command creates temporary files insecurely
- Security Update: [CSSA-2002-SCO.23] Open UNIX 8.0.0 UnixWare 7.1.1 : ftpd allows data connection hijacking via PASV mode
- SECURITY vulnerability in ECS-K7S5A(L) boards
- Security-risk on gridscan.com
- SRT Security Advisory (SRT2002-04-31-1159): Mnews
- Summercon 2002 Announce
- SuSE Security Announcement: dhcp/dhcp-server (SuSE-SA:2002:019)
- SuSE Security Announcement: imlib (SuSE-SA:2002:015)
- SuSE Security Announcement: lukemftp, nkitb, nkitserv (SuSE-SA:2002:018)
- SuSE Security Announcement: shadow (SuSE-SA:2002:017)
- SuSE Security Announcement: sysconfig (SuSE-SA:2002:016)
- SuSE Security Announcement: tcpdump/libpcap (SuSE-SA:2002:020)
- swatch bug in throttle
- To Provide a Patch or to Service Pack?
- TrendMicro Interscan VirusWall security problem
- Trojan/backdoor in fragroute 1.2 source distribution
- Two (2) Critical Path inJoin V4.0 Directory Server Issues
- Unfortunate interaction between EZMLM and MessageLabs virus scanning
- UPDATE (1-May-2002): Reading local files in Netscape 6 and Mozilla (GM#001-NS)
- Update and comments on the MS02-023 patch, holes still remain
- US TurboLinux Security Severely Out of Date
- Verisign PKI: anyone to subordinate CA
- VP-ASP shopping cart software.
- Vulnerability in 3Com® OfficeConnect® Remote 812 ADSL Router
- Vulnerability in Apache Tomcat v3.23 & v3.24
- Vulnerability in Apache Tomcat v3.23 & v3.24 (part 2)
- Vulnerability in Apache Tomcat v3.23 & v3.24 (part 3)
- Vulnerability in Novell Netware 5.0 (part 2)
- Vulnerability in Novell Netware 5.0 (part1)
- w00w00 on AOL Instant Messenger remote overflow #2
- wbbboard 1.1.1 registration _new_users_vulnerability_
- Windows 2000 Server IIS 5.0 .ASP Overflow Exploit
- wu-imap buffer overflow condition
- Xerox DocuTech problems
- XSS And Headers...
- Yahoo Messenger - Multiple Vulnerabilities
- YoungZSoft CMailServer overflow, PATCH + WAREZ!@#!
Last message date: Sun Jun 02 2002 - 17:37:35 PDT
Archived on: Sun Jun 02 2002 - 17:37:38 PDT
286 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
This archive was generated by hypermail 2b30
: Sun Jun 02 2002 - 17:37:38 PDT