bugtraq 2002/07
By Subject
540 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
Starting: Mon Jul 01 2002 - 09:10:46 PDT
Ending: Tue Aug 06 2002 - 20:50:10 PDT
- 0815 ++ */ SEH_Web
- 26 June 2002 Cumulative Patch for Windows Media Player (Q320920)
- 5 bugs
- @stake Advisory: Multiple Vulnerabilities with Pingtel xpressa SIP Phones
- @stake Advisory: Norton Personal Internet Firewall HTTP Proxy Vulnerability
- [ADVISORY]: Arbitrary file disclosure vulnerability in Sympoll 1.2
- [AP] Oracle Reports Server Information Disclosure Vulnerability
- [CLA-2002:504] Conectiva Linux Security Announcement - apache
- [CLA-2002:505] Conectiva Linux Security Announcement - ethereal
- [CLA-2002:506] Conectiva Linux Security Announcement - squid
- [CLA-2002:507] Conectiva Linux Security Announcement - Resolver libraries
- [CLA-2002:512] Conectiva Linux Security Announcement - libpng
- [CLA-2002:513] Conectiva Linux Security Announcement - openssl
- [CORE-20020528] Multiple vulnerabilities in ToolTalk Database server
- [ESA-20020702-016] several vulnerabilities in the OpenSSH daemon
- [ESA-20020702-017] off-by-one in mod_ssl's configuration directive handling
- [ESA-20020724-018] Buffer overflow in BIND4-derived resolver code.
- [ESA-20020730-019] several vulnerabilities in the openssl library
- [Full-Disclosure] [ESA-20020730-019] several vulnerabilities in the openssl library
- [Full-Disclosure] Again NULL and addslashes() (now in 123tkshop)
- [Full-Disclosure] BadBlue - Unauthorized Administrative Command Execution
- [Full-Disclosure] BadBlue 302 Status Message XSS
- [Full-Disclosure] ezContents multiple vulnerabilities
- [Full-Disclosure] for the record... (Tru64 / Compaq)
- [Full-Disclosure] Geeklog XSS and CRLF Injection
- [Full-Disclosure] it's all about timing
- [Full-Disclosure] Netscape Communicator META Refresh Denial of Service
- [Full-Disclosure] OT: Snosoft vs HP
- [Full-Disclosure] Outlook Express Attachment Property Spoofing Vulnerabilities
- [Full-Disclosure] PHP Resource Exhaustion Denial of Service
- [Full-Disclosure] Pyramid BenHur Firewall active FTP portfilter ruleset results in a firewall leak
- [Full-Disclosure] REFRESH: EUDORA MAIL 5.1.1
- [Full-Disclosure] Security Update: [CSSA-2002-032.0] Linux: temporary file races in libmm
- [Full-Disclosure] Security Update: [CSSA-2002-033.0] Linux: multiple vulnerabilities in openssl
- [fw-wiz] The answer to the PIX encryption issue
- [Global InterSec 2002062801] OpenSSH challenge-response buffer overflow (Update)
- [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind)
- [OpenPKG-SA-2002.007] OpenPKG Security Advisory (mm)
- [OpenPKG-SA-2002.008] OpenPKG Security Advisory (openssl)
- [RHSA-2002:051-16] New Squid packages available
- [RHSA-2002:132-14] Updated util-linux package fixes password locking race
- [RHSA-2002:134-12] Updated mod_ssl packages available
- [RHSA-2002:139-10] Updated glibc packages fix vulnerabilities in resolver
- [RHSA-2002:153-07] Updated mm packages fix temporary file handling
- [RHSA-2002:155-11] Updated openssl packages fix remote vulnerabilities
- [SPSadvisory#47]RealONE Player Gold / RealJukebox2 skin file download vulnerability
- [SPSadvisory#48]RealONE Player Gold / RealJukebox2 Buffer Overflow
- [VulnWatch] 5 bugs
- [VulnWatch] KDE 2/3 artsd 1.0.0 local root exploit
- [VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting
- Abyss Web Server version 1.0.3 shows file and directory content
- Acrobat reader 5.05 temp file insecurity
- Administrivia: Symantec acquiring SecurityFocus
- Advisory 02/2002: PHP remote vulnerability
- Again NULL and addslashes() (now in 123tkshop)
- AIM Exploit!!
- AIM forced behavior "issue"
- ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow)
- Announcement: injectso-0.2
- ANNOUNCING: Debian GNU/Linux 3.0
- Announcing: The Zardoz 'Security Digest' Archives
- Apple OSX and iDisk and Mail.app
- Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta
- Argosoft Mail Server Plus/Pro Webmail Reverse Directory Traversal
- asciiSECURE advisory (2002-07-17/1)
- BadBlue - Unauthorized Administrative Command Execution
- BadBlue 1.73 EXT.DLL XSS Variant
- BadBlue 302 Status Message XSS
- BIND 9.2.1 patch, multiple RR's for singleton types.
- BufferOverflow in OmniHTTPd 2.09
- Bug in Eupload
- bug in KSTAT
- CacheFlow CacheOS Cross-site Scripting Vulnerability
- Can anyone identify this backdoor?
- Cisco Security Advisory: Heap Overflow in Solaris cachefs Daemon
- Cisco Security Advisory: TFTP Long Filename Vulnerability
- Cisco VPN3000 gateway MTU overflow
- Cisco VPN3000 MTU overflow (fragmentation issue)
- Cobalt Qube 3 Administration page
- Code injection Vulnerability in endity.com's shoutBOX
- Comment on DMCA, Security, and Vuln Reporting
- CommuniGate Pro directory listings
- CORE-20020620: Inktomi Traffic Server Buffer Overflow
- cross-site scripting bug of Mailman
- CSS in blackboard
- Denial of Service bug in Pine 4.44
- Denial of Service in ZyXEL prestige 642R w/ZyNOS v2.50(FA.1)
- Directory traversal vulnerability in sendform.cgi
- Domain password logon authentication bug in Windows 2000 Advanced Server Domain Controller
- Double Choco Latte multiple vulnerabilities
- Easy Guestbook Vulnerabilities
- Easy Homepage Creator Vulnerability
- Eat gopher!
- EEYE: Remote PGP Outlook Encryption Plug-in Vulnerability
- Error in MS mail handler - noncritical but a problem
- Exploit for a security hole in the pickle module for Python versions <= 2.1.x
- Exploit for previously reported DoS issues in Shambala Server 4.5
- Exploit: TL003/Dot Bug = Reading Non-Parsable Files
- ezContents multiple vulnerabilities
- Fake Identd - Remote root exploit
- Falsifying a VeriSign Seal (Japan)
- FireDeamon exploit
- Forged FROM addresses/non-disclosed info in Outlook can lead to potential serious Social Attack
- Foundstone Advisory - Buffer Overflow in AnalogX Proxy (fwd)
- Foundstone Advisory - Buffer Overflow in AnalogX Proxy (fwd))
- Foundstone Advisory - Buffer Overflow in MyWebServer (fwd)
- Free BodyGuard Demo
- FreeBSD Security Advisory FreeBSD-SA-02:23.stdio [REVISED]
- FreeBSD Security Advisory FreeBSD-SA-02:29.tcpdump
- FreeBSD Security Advisory FreeBSD-SA-02:30.ktrace
- FreeBSD Security Advisory FreeBSD-SA-02:31.openssh
- FreeBSD Security Advisory FreeBSD-SA-02:32.pppd
- FreeBSD Security Advisory FreeBSD-SA-02:34.rpc
- ftp.bitchx.org's ircii-pana-1.0c19.tar.gz is backdoored
- Fwd: non-disclosed info in Outlook can lead to potential serious Social Attack.
- Geeklog XSS and CRLF Injection
- GLSA: OpenSSL
- Hoax Exploit
- Hoax Exploit (2c79cbe14ac7d0b8472d3f129fa1df55 RETURNS)
- Hosting Controller Vulnerability
- How to reproduce PHP segfault.
- HylaFAX - Various Vulnerabilities Fixed
- Icq 2001&2002 vulnerability
- ICQ and MSIE allow execution of arbitrary code
- IE allows universal Cross Domain Scripting (TL#003)
- Interface promiscuity obscurity in Linux
- iPlanet Remote File Viewing
- IPSwitch IMail Advisory #2
- IPSwitch IMail ADVISORY/EXPLOIT/PATCH
- IRIX DNS resolver vulnerability
- ISS Brief: Remote Buffer Overflow Vulnerability in Microsoft Exchange Server (fwd)
- It takes two to tango
- It takes two to tango (or samba for that matter)
- it's all about timing
- Java webstart also allows execution of arbitrary code
- KaZaa v1.7.1 Denial of Service Attack
- KDE 2/3 artsd 1.0.0 local root exploit
- KPMG-2002026: Jrun sourcecode Disclosure
- KPMG-2002028: Sitespring Server Denial of Service
- KPMG-2002029: Bea Weblogic Performance Pack Denial of Service
- KPMG-2002030: Watchguard Firebox Dynamic VPN Configuration Protocol DoS
- KPMG-2002031: Jigsaw Webserver Path Disclosure
- KPMG-2002032: Macromedia Sitespring Cross Site Scripting
- KPMG-2002033: Resin DOS device path disclosure
- KPMG-2002034: Jigsaw Webserver DOS device DoS
- Lil'HTTP Pbcgi.cgi XSS Vulnerability
- Linux kernel setgid implementation flaw
- Linux kernels DoSable by file-max limit
- LinuxSecurity Magazine Online - First Edition
- LOCAL ROOT EXPLOIT - SUPPORT FULL-DISCLOSURE - LOCAL ROOT EXPLOIT
- MacOS X SoftwareUpdate Vulnerability
- MailMax security advisory/exploit/patch
- MDKSA-2002:040-1 - openssh update
- MDKSA-2002:041 - kernel 2.2 and 2.4 updates
- MDKSA-2002:042 - LPRng updates
- MDKSA-2002:043 - bind update
- MDKSA-2002:044 - squid update
- MDKSA-2002:045 - mm update
- MDKSA-2002:046 - openssl update
- Medium security hole affecting W3Mail
- MERCUR Mailserver advisory/remote exploit
- MFC ISAPI Framework Buffer Overflow
- MFC Overflow Test Code
- Microsoft Security Bulletin MS02-032: 26 June 2002 Cumulative Patch for Windows Media Player (Q320920) (Version 2.0) (fwd)
- Microsoft Security Bulletin MS02-036: Authentication Flaw in Microsoft Metadirectory Services Could Allow Privilege Elevation (Q317138) (fwd)
- Microsoft Security Bulletin MS02-038: Cumulative Patch for SQL Server 2000 Service Pack 2 (Q316333) (fwd)
- Microsoft Security Bulletin MS02-039: Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution (Q323875) (fwd)
- Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002)
- Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
- Mozilla cookie stealing - Sandblad advisory #9
- Multiple Security Vulnerabilities in Sharp Zaurus
- Multiple vulnerabilities in atphttpd-0.4b
- Nanog traceroute format string exploit.
- New Paper: Microsoft SQL Server Passwords
- nn remote format string vulnerability
- Noguska Nola 1.1.1 [ Intranet Business Management Software ]
- Norton AV 2002 rewriting SMTP, breaking TLS
- Novell GroupWise 6.0.1 Support Pack 1 Bufferoverflow
- OpenSSL patches for other versions
- OpenSSL Security Altert - Remote Buffer Overflows
- OpenSSL Vulnerabilities
- Outlook Express Attachment Property Spoofing Vulnerabilities
- Outpost24 Advisory: Oddsock PlaylistGenerator Multiple BufferOverlow vulnerability
- Pablo Sofware Solutions FTP server Directory Traversal Vulnerability
- Parachat DoS Vulnerability
- Pegasus mail DoS
- PGP 7.04 Patch Modifies the Password Cache Setting
- Phenoelit Advisory #0815 ++-+ dp_300 (DLINK)
- Phenoelit Advisory #0815 +-+
- Phenoelit Advisory #0815 +--
- Phenoelit ADvisory 0815 ++ ** Ascend
- Phenoelit Advisory 0815 ++ -- Brick
- Phenoelit Advisory 0815 ++ /+ HP ProCurve
- Phenoelit Advisory 0815 ++ // Xedia
- Phenoelit Advisory, 0815 ++ * - Cisco_tftp
- phenoelit advisory, Brother Printers ++/-
- php dotProject by pass authentication
- PHP Resource Exhaustion Denial of Service
- PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
- PHPAuction bug
- phpBB/gender mod allows get admin privilege, exploit/patch
- PHRACK 59 OFFICIAL RELEASE
- Popcorn vulnerabilities
- Portcullis Security Advisory - Directory Traversal Vulnerability in SunPS iRunbook 2.5.2
- Portcullis Security Advisory - IIS Microsoft SMTP Service Encapsu lated SMTP Address Vulnerability
- Potential remote root in CodeBlue log scanner
- Pressing CTRL in IE is dangerous - Sandblad advisory #8
- Proof of Concept Code for OpenSSH
- PTL-2002-03 Betsie XSS Vuln
- pwc.20020630.nims_3.0.3_imapd.a
- pwc.20020630.nims_modweb.b
- Pyramid BenHur Firewall active FTP portfilter ruleset results in a firewall leak
- RAZOR advisory: Linux util-linux chfn local root vulnerability
- REFRESH: EUDORA MAIL 5.1.1
- Remote buffer overflow in resolver code of libc
- Remote Buffer Overflow Vulnerability in Sun RPC
- Remote DoS in AnlaogX SimpleServer:www 1.16
- Remote ICQ Sound Desactivation
- remote winamp 2.x exploit (all current versions)
- Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002)
- Revised OpenSSH Security Advisory
- Security Advisory: Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability
- Security Update: [CSSA-2002-031.0] Linux: mod_ssl off-by-one error
- Security Update: [CSSA-2002-032.0] Linux: temporary file races in libmm
- Security Update: [CSSA-2002-033.0] Linux: multiple vulnerabilities in openssl
- Security Update: [CSSA-2002-SCO.28] UnixWare 7.1.1 Open UNIX 8.0.0 : rpc.ttdbserverd file creation and deletion vulnerabilities
- Security Update: [CSSA-2002-SCO.31] UnixWare 7.1.1 Open UNIX 8.0.0 : Apache Web Server Chunk Handling Vulnerability / mod_ssl off-by-one error
- Security Update: [CSSA-2002-SCO.32] OpenServer 5.0.5 OpenServer 5.0.6 : Apache Web Server Chunk Handling Vulnerability / mod_ssl off-by-one error
- Security Update: [CSSA-2002-SCO.33] OpenServer 5.0.5 OpenServer 5.0.6 : timed does not enforce nulls
- Security Update: [CSSA-2002-SCO.34] OpenServer 5.0.5 OpenServer 5.0.6 : uux status file name buffer overflow
- Security Update: [CSSA-2002-SCO.35] OpenServer 5.0.5 OpenServer 5.0.6 : crontab format string vulnerability
- SECURITY.NNOV: multiple vulnerabilities in JanaServer
- Several problems in CARE 2002
- SGI Apache Web Server Chunk Handling vulnerability
- Sniffable Switch Project
- sparc exploit for known solaris 8 kcms_configure overflow
- SQL Server 2000 Buffer Overflows and SQL Inyection vulnerabilities.
- SQL Server 7 & 2000 Installation process and Service Packs write encoded passwords to a file
- SQL Server passwords
- Squid Security Update Advisory 2002:3
- SSH Protocol Trick
- Sun iPlanet Web Server Buffer Overflow (#NISR09072002)
- SunPCi II VNC weak authentication scheme vulnerability
- SuSE Security Announcement: mod_ssl, mm (SuSE-SA:2002:028)
- SuSE Security Announcement: openssh (SuSE-SA:2002:024)
- SuSE Security Announcement: openssl (SuSE-SA:2002:027)
- SuSE Security Announcement: Resolver (SuSE-SA:2002:026)
- SuSE Security Announcement: squid (SuSE-SA:2002:025)
- Sybase contact
- Technical Details of BadBlue EXT.DLL Vulnerability
- Technical Details of Urlcount.cgi Vulnerability
- The answer to the PIX encryption issue
- The SUPER Bug
- Three BadBlue Vulnerabilities
- Three problems in OpenSSH's ssh-keysign
- Tiny Software and Sygate contact
- Tivoli TMF Endpoint Buffer Overflow
- Tivoli TMF ManagedNode Buffer Overflow
- tru64 proof of concept /bin/su non-exec bypass
- TSLSA-2002-0061 - bind
- TSLSA-2002-0062 - squid
- TSLSA-2002-0063 - openssl
- TSLSA-2002-0064 - util-linux
- TZ Advisores - Buffer Overflow in IBM U2 UniVerse ODBC
- UnBodyGuard a.k.a Bouncer (Solaris kernel function hijacking) (fwd)
- Uninets StatsPlus 1.25 script injection vulnerabilities
- UT (and other game-servers) DDOS
- VMware GSX Server Remote Buffer Overflow
- VNC authentication weakness
- VU#197395 Microsoft IIS SMTP encapsulated e-mail address vulnerability - update
- Vulnerability found: Adobe Acrobat eBook Reader and Content Server
- Vulnerability found: The Adobe eBook Library
- Vulnerability: protected Adobe eBooks can be copied between computers
- warning
- WHERE'S THE CA$H: Internet Explorer 6.00. Outlook Express 6.00
- Wiki module postnuke Cross Site Scripting Vulnerability
- WINAMP also allows execution of arbitrary code (probably a lot more programs aswell)
- Windows mplay32 buffer overflow
- Worldspan DoS
- wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting
- wp-02-0008: Apache Tomcat Cross Site Scripting
- wp-02-0012: Carello 1.3 Remote File Execution
- wwwoffle-2.7b and prior segfaults with negative Content-Length value
- XSS Hole in Fluid Dynamics search Engine
- XSS in ht://Dig
- XSS in Slashcode
- XWT Foundation Advisory
- XWT Foundation Advisory: Firewall circumvention possible with all browsers
- ZyXEL Prestige Router Remote Node Filtering Vulnerability still present
Last message date: Tue Aug 06 2002 - 20:50:10 PDT
Archived on: Sat Apr 19 2003 - 06:16:05 PDT
540 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
This archive was generated by hypermail 2b30
: Sat Apr 19 2003 - 06:16:05 PDT