bugtraq 2002/08
By Subject
482 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
Starting: Wed Jul 31 2002 - 22:55:14 PDT
Ending: Thu Sep 05 2002 - 08:52:08 PDT
- "August 2002 Cumulative Update For Internet Explorer (Q323759)" & IE6 SP1
- @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL
- @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL
- @(#)Mordred Labs advisory 0x0004: Multiple buffer overflows in PostgreSQL.
- @stake advisory: WS_FTP SITE CPWD Buffer Overflow vulnerability (a090902-1)
- [CLA-2002:515] Conectiva Linux Security Announcement - krb5
- [CLA-2002:516] Conectiva Linux Security Announcement - openssl
- [CLA-2002:519] Conectiva Linux Security Announcement - kde
- [ESA-20020807-020] ASN.1 vulnerability fix corrections
- [Full-Disclosure] [RHSA-2002:169-13] Updated ethereal packages are available
- [Full-Disclosure] Acrobat Reader symlink vulnerability on IRIX
- [Full-Disclosure] Additional bugs in gallery
- [Full-Disclosure] AOL Instant Messenger - Away Setting and Snoopers
- [Full-Disclosure] Apache 2.0 vulnerability affects non-Unix platforms
- [Full-Disclosure] BIND vulnerabilities in IRIX named
- [Full-Disclosure] Bulk Data Services (BDS) vulnerability on IRIX
- [Full-Disclosure] Clarification on Xitami DoS
- [Full-Disclosure] Cross-Site Scripting Attacks Possible At Multiple Webspace Provid ers
- [Full-Disclosure] Cross-Site Scripting Attacks Possible At Multiple Webspace Providers
- [Full-Disclosure] Cross-Site Scripting Issues in Falcon Web Server
- [Full-Disclosure] Eudora attachment spoof
- [Full-Disclosure] Exploits Contributor Program
- [Full-Disclosure] iDEFENSE Security Advisory: Cross-Site Scripting Vulnerabilities in Popular Web Applications
- [Full-Disclosure] iDEFENSE Security Advisory: iSCSI Default Configuration File Settings
- [Full-Disclosure] IMAP4rev1 2000.283 allows access to system files
- [Full-Disclosure] In regards to ... http://online.securityfocus.com/bid/5382
- [Full-Disclosure] iName/Mail.com security holes opens door to millions of e-mail accounts
- [Full-Disclosure] iPlanet vulnerabilities on IRIX
- [Full-Disclosure] IRIX ftpd minor vulnerabilities
- [Full-Disclosure] it's all about timing
- [Full-Disclosure] JanaWeb
- [Full-Disclosure] L-Forum Vulnerability - SQL Injection
- [Full-Disclosure] L-Forum XSS and upload spoofing
- [Full-Disclosure] Local Root Exploit
- [Full-Disclosure] MAC address change on SGI Origin 3000
- [Full-Disclosure] mantisbt security flaw
- [Full-Disclosure] more about IMAP
- [Full-Disclosure] More Evil from MS (fwd)
- [Full-Disclosure] More OmniHTTPd Problems
- [Full-Disclosure] MSN Groups makes cross site scripting easy
- [Full-Disclosure] Multiple Vulnerabilities in CafeLog Weblog Package
- [Full-Disclosure] Netscape JRE vulnerability on IRIX
- [Full-Disclosure] OmniHTTPd test.php Cross-Site Scripting Issue
- [Full-Disclosure] OmniHTTPd test.shtml Cross-Site Scripting Issue
- [Full-Disclosure] OpenSSL Vulnerabilities
- [Full-Disclosure] OT: Snosoft vs HP
- [Full-Disclosure] phpReactor - Cross-Site Scripting via STYLE
- [Full-Disclosure] Release : ComLog 1.0, a WIN32 command prompt logger
- [Full-Disclosure] rpc.pcnfsd vulnerabilities on IRIX
- [Full-Disclosure] Security Update: [CSSA-2002-034.0] Linux: buffer overflow in multiple DNS resolver libraries
- [Full-Disclosure] Security Update: [CSSA-2002-035.0] Linux: local off by one in cvsd
- [Full-Disclosure] Security Update: [CSSA-2002-SCO.28.1] UnixWare 7.1.1 Open UNIX 8.0.0 : REVISED: rpc.ttdbserverd file creation/deletion and buffer overflow vulnerabilities
- [Full-Disclosure] Security Update: [CSSA-2002-SCO.36] UnixWare 7.1.1 Open UNIX 8.0.0 : command line buffer overflow in ndcfg
- [Full-Disclosure] Security Update: [CSSA-2002-SCO.37] UnixWare 7.1.1 : buffer overflow in DNS resolver
- [Full-Disclosure] Security Update: [CSSA-2002-SCO.38] Open UNIX 8.0.0 UnixWare 7.1.1 : X server insecure popen and buffer overflow
- [Full-Disclosure] Sun RPC xdr_array vulnerability
- [Full-Disclosure] Sun RPC xdr_array vulnerability on IRIX
- [Full-Disclosure] Unchecked Buffer in Jana Web Server
- [Full-Disclosure] WorldView vulnerability on IRIX
- [Full-Disclosure] Xitami Connection Flood Server Termination Vulnerability
- [luca.ercoliat_private: DoS against mysqld]
- [Mantis Advisory/2002-01] SQL poisoning vulnerability in Mantis
- [Mantis Advisory/2002-02] Limiting output to reporters can be bypassed
- [Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation
- [Mantis Advisory/2002-04] Arbitrary code execution vulnerability in Mantis
- [Mantis Advisory/2002-05] Arbitrary code execution and file reading vulnerability in Mantis
- [Mantis Advisory/2002-06] Private bugs accessible in Mantis
- [Mantis Advisory/2002-07] Bugs in private projects listed on 'View Bugs'
- [security bulletin] SSRT2275 HP Tru64 UNIX - Potential Buffer Overflows & SSRT2229 Potential Denial of Service (fwd)
- [SECURITY] [DSA 147-2] New mailman packages fix cross-site scripting problem
- [SECURITY] [DSA 156-1] New Light package fixes arbitrary script execution
- [SECURITY] [DSA 157-1] New irssi-text packages fix denial of service
- [SECURITY] [DSA 158-1] New gaim packages fix arbitrary program execution
- [SECURITY] [DSA 159-1] New Python packages fix insecure temporary file use
- [slackware-security] Security updates for Slackware 8.1
- [SNS Advisory No.55 rev.2] Eudora 5.x for Windows Buffer Overflow Vulnerability
- [SNS Advisory No.55] Eudora 5.x for Windows Buffer Overflow Vulnerability
- [UPDATED] Advisory: Multiple 602Pro LAN SUITE 2002 Denial of Service Attacks
- [VulnWatch] `admin' bug in upb
- [VulnWatch] Arbitrary Command Execution on Distributor SQL Server 2000 machines (#NISR22002002A)
- [VulnWatch] Arbitrary File Creation/Overwrite with SQL Agent Jobs (SQL 2000 and 7) (#NISR19002002A)
- [VulnWatch] Bulk Data Services (BDS) vulnerability on IRIX
- [VulnWatch] FUDforum file access and SQL Injection
- [VulnWatch] iDEFENSE Security Advisory: iSCSI Default Configuration File Settings
- [VulnWatch] iDEFENSE Security Advisory: Linuxconf locally exploitable buffer overflow
- [VulnWatch] L-Forum Vulnerability - SQL Injection
- [VulnWatch] Local Root Exploit
- [VulnWatch] Lynx CRLF Injection
- [VulnWatch] Microsoft Internet Explorer Legacy Text Control Buffer Overflow (#NISR26082002)
- [VulnWatch] Microsoft SQL Server 2000,7 OpenRowSet Buffer Overflow vulnerability (#NISR02072002)
- [VulnWatch] Microsoft SQL Server Agent Jobs Vulnerabilities (#NISR15002002B)
- [VulnWatch] Microsoft SQL Server Extended Stored Procdure privilege upgrade vulnerabilities (#NISR15002002A)
- [VulnWatch] More OmniHTTPd Problems
- [VulnWatch] MSN Groups makes cross site scripting easy
- [VulnWatch] Multiple Buffer Overflow vulnerabilities in SteelArrow (#NISR19082002B)
- [VulnWatch] Multiple Vulnerabilities in CafeLog Weblog Package
- [VulnWatch] new bugs in MyWebServer
- [VulnWatch] OmniHTTPd test.php Cross-Site Scripting Issue
- [VulnWatch] OmniHTTPd test.shtml Cross-Site Scripting Issue
- [VulnWatch] Oracle Listener Control Format String Vulnerabilities (#NISR14082002)
- [VulnWatch] RUS-CERT Advisory 2002-08:01: Incorrect integer overflow detection in C code
- [VulnWatch] RUS-CERT Advisory 2002-08:02: Flaw in calloc and similar routines
- [VulnWatch] SPIKE 2.5 and associated vulns
- [VulnWatch] Sun RPC xdr_array vulnerability on IRIX
- [VulnWatch] uuuppz.com - Advisory 002 - mIRC $asctime overflow
- [Ximian Updates] Hyperlink handling in Gaim allows arbitrary code to be executed
- `admin' bug in upb
- Abyss 1.0.3 directory traversal and administration bugs
- Accessing remote/local content in IE (GM#009-IE)
- Additional bugs in gallery
- Advisory: ArGoSoft Mail Server Pro 1.8.1.7 DoS
- Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities
- Advisory: DoS in WebEasyMail +more possible?
- Advisory: Multiple 602Pro LAN SUITE 2002 Denial of Service Attacks
- AOL Instant Messenger - Away Setting and Snoopers
- AOL Instant Messenger Heap Overflow
- Apache 2.0 vulnerability affects non-Unix platforms
- Apache 2.0.39 directory traversal and path disclosure bug
- Arbitrary code execution problem in Achievo
- Arbitrary Command Execution on Distributor SQL Server 2000 machines (#NISR22002002A)
- Arbitrary File Creation/Overwrite with SQL Agent Jobs (SQL 2000 and 7) (#NISR19002002A)
- Belkin F5D6130 Wireless Network Access Point SNMP Request Denial Of Service Vulnerability
- Blazix 1.2 jsp view and free protected folder access
- bugtraqat_private list issues [2]
- Bypassing cookie restrictions in IE 5+6
- CERN Proxy Server: Cross-Site Scripting Vulnerability
- Cisco IOS exploit PoC
- Cisco Security Advisory: Cisco Content Service Switch 11000 Series Web Management Vulnerability
- Cisco Security Advisory: Cisco VPN 5000 Series Concentrator RADIUS PAP Authentication Vulnerability
- Cisco Security Advisory: Cisco VPN Client Multiple Vulnerabilities
- Clarification on Xitami DoS
- code injection in gallery
- CodeCon 2003 Call for Papers
- Comment on DMCA, Security, and Vuln Reporting
- Comment on DMCA, Security, and Vuln Reporting]
- CORE-20020618: Vulnerabilities in Windows SMB (DoS)
- Cross-Site Scripting Attacks Possible At Multiple Webspace Providers
- Cross-Site Scripting Issues in Falcon Web Server
- CSS bug in Winamp
- Delete arbitrary files using Help and Support Center [MSRC 1198dg]
- DoS against mysqld
- EEYE: Macromedia Shockwave Flash Malformed Header Overflow
- EEYE: Sun(TM) ONE / iPlanet Web Server 4.1 and 6.0 Remote Buffer Overflow
- Enableing java logging in MSIE is dangerous
- ENTERCEPT RICOCHET ADVISORY: Multi-Vendor CDE ToolTalk Database Server Remote Buffer Overflow Vulnerability
- Eudora attachment spoof
- Exploiting the Google toolbar (GM#001-MC)
- FactoSystem CMS Contains Multiple Vulnerabilities
- Fate Research Labs Advisory: Retrieve SHOUTcast Admin Password Through GET /
- Formal Response to HP
- FreeBSD Security Advisory FreeBSD-SA-02:34.rpc
- FreeBSD Security Advisory FreeBSD-SA-02:34.rpc [REVISED]
- FreeBSD Security Advisory FreeBSD-SA-02:35.ffs
- FreeBSD Security Advisory FreeBSD-SA-02:36.nfs
- FreeBSD Security Advisory FreeBSD-SA-02:37.kqueue
- FreeBSD Security Advisory FreeBSD-SA-02:38.signed-error
- FUDforum file access and SQL Injection
- Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release
- GLSA: ethereal
- HiverCon 2002, Ireland - Earlybird registration now available
- IceWarp Webmail XSS
- iDEFENSE Security Advisory: iSCSI Default Configuration File Settings
- iDEFENSE Security Advisory: Linuxconf locally exploitable buffer overflow
- IE [with Google Toolbar installed] crash
- IE bug not fixed - update
- IE SSL Exploit
- IE SSL Vulnerability
- IE SSL Vulnerability (Konqueror affected too)
- Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG
- Incorrect Dichotomy - Was: It takes two to tango
- Information disclosure on mod_auth ( apache 1.3.26 ) ?
- Input validation attack in php-affiliate-v1.0
- Insufficient Verification of Client Certificates in IIS 5.0 pre sp3
- Internet explorer can read local files
- iPlanet vulnerabilities on IRIX
- IPSwitch IMail ADVISORY/EXPLOIT/PATCH
- IPv4 mapped address considered harmful
- It takes two to tango
- it's all about [timing] responsibility
- it's all about timing
- it's all about timing (wasn't that a John Denver song?)
- JanaWeb
- KDE Security Advisory: Konqueror SSL vulnerability
- kerberos rpc xdr_array
- Kerio Mail Server Multiple Security vulnerabilities
- Kerio Personal Firewall DOS Vulnerability
- L-Forum Vulnerability - SQL Injection
- L-Forum XSS and upload spoofing
- Lcc-win32 infos diffusion
- LG Electronics LG3001f router
- LG Electronics LG3100p router
- Light Security Advisory: Remotely-exploitable code execution
- List of mirrors carrying trojaned OpenSSH
- Lynx CRLF Injection
- Lynx CRLF Injection, part two
- Macromedia Flash plugin can read local files
- Macromedia Shockwave Flash Malformed Header Overflow
- Manipulating Microsoft SQL Server Using SQL Injection
- mantisbt security flaw
- MDKSA-2002:038-1 - bind update
- MDKSA-2002:046-1 - openssl update
- MDKSA-2002:047 - util-linux update
- MDKSA-2002:048 - mod_ssl update
- MDKSA-2002:049 - libpng update
- MDKSA-2002:050 - glibc update
- MDKSA-2002:051 - xchat update
- MDKSA-2002:052 - sharutils update
- MDKSA-2002:053 - xinetd update
- MDKSA-2002:054 - gaim update
- MDKSA-2002:055 - hylafax update
- Microsoft Internet Explorer 'Folder View for FTP sites' Script Execution vulnerability
- Microsoft Internet Explorer Legacy Text Control Buffer Overflow (#NISR26082002)
- Microsoft SQL Server 2000,7 OpenRowSet Buffer Overflow vulnerability (#NISR02072002)
- Microsoft SQL Server Agent Jobs Vulnerabilities (#NISR15002002B)
- Microsoft SQL Server Extended Stored Procdure privilege upgrade vulnerabilities (#NISR15002002A)
- Microsoft Terminal Server Client Buffer Overrun (A082802-1)
- MidiCart Shopping Cart Software database vulnerability
- MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin system
- More DBCC overruns SQL SEVER 2000
- More OmniHTTPd Problems
- More on Shatter
- More Vulnerabilities with Pingtel xpressa SIP-based IP phones
- Mozilla FTP View Cross-Site Scripting Vulnerability
- MS SQL Server Hello Overflow NASL script
- MSN Groups makes cross site scripting easy
- Multiple Buffer Overflow vulnerabilities in SteelArrow (#NISR19082002B)
- Multiple Cyan Chat Exploits
- Multiple security vulnerabilities inside Microsoft File Transfer Manager ActiveX control (<4.0) [buffer overflow, arbitrary file upload/download]
- Multiple Vulnerabilities in CafeLog Weblog Package
- nCipher Advisory #5: C_Verify validates incorrect symmetric signatures
- NetBSD Security Advisory 2002-009: Multiple vulnerabilities in OpenSSL code
- NetBSD Security Advisory 2002-010: symlink race in pppd
- NetBSD Security Advisory 2002-011: Sun RPC XDR decoder contains buffer overflow
- new bugs in MyWebServer
- New l2tpd release 0.68
- New SecurityFocus Lists
- Nmap 3.00 Released -- http://www.insecure.org/
- NOVL-2002-2961546 - SNMPv1 Trap and Request HandlingVulnerabilities
- NOVL-2002-2963081 - Novell iManager (eMFrame 1.2.1) DoS Attack
- NOVL-2002-2963297 - NetBasic Buffer Overflow + Scripting Vulnerability
- NOVL-2002-2963307 - PERL Handler Vulnerability
- NOVL-2002-2963349 - Rconag6 Secure IP Login Vulnerability - NW6SP2
- NOVL-2002-FAQ - Novell Security Alerts Facts Sheet
- NTFS Hard Links Subvert Auditing (A081602-1)
- OmniHTTPd test.php Cross-Site Scripting Issue
- OmniHTTPd test.shtml Cross-Site Scripting Issue
- OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers
- OpenBSD Security Advisory: Select Boundary Condition (fwd)
- OpenSSH Security Advisory: Trojaned Distribution Files
- openssh-3.4p1.tar.gz distribution recently trojaned
- OpenSSL Security Altert - Remote Buffer Overflows
- OpenSSL Vulnerabilities
- Opera FTP View Cross-Site Scripting Vulnerability
- Oracle Listener Control Format String Vulnerabilities (#NISR14082002)
- Origin of downloaded files can be spoofed in MSIE
- Phenoelit Advisory 0815 ++ -- Brick
- PHP-Nuke v5.6 - Users can compromise admin accts
- PHP-Nuke v5.6 - Users can compromise admin accts.
- PHP: Bypass safe_mode and inject ASCII control chars with mail()
- phpReactor - Cross-Site Scripting via STYLE
- possible exploit: D-Link DI-804 unauthorized DHCP release from WAN
- Potential issue with Ethereal
- REFRESH: EUDORA MAIL 5.1.1
- Remote Buffer Overflow Vulnerability in Sun RPC
- Repost: Buffer overflow in Microsoft DirectX Files Viewer xweb.ocx (<2,0,16,15) ActiveX sample
- RETRY : newly released winamp 3 fails to address serious "execution of arbitrary" code issue when combined with MSIE6
- RPC analysis
- rpc.pcnfsd vulnerabilities on IRIX
- SAME LADY, DIFFERENT DRESS: Internet Explorer 6
- SAP R/3 default password vulnerability
- Security Advisory: Raptor Firewall Weak ISN Vulnerability
- Security side-effects of Word fields
- Security Update 2002-08-02 for OpenSSL, Sun RPC, mod_ssl for OS X
- Security Update: [CSSA-2002-034.0] Linux: buffer overflow in multiple DNS resolver libraries
- Security Update: [CSSA-2002-035.0] Linux: local off by one in cvsd
- Security Update: [CSSA-2002-SCO.28.1] UnixWare 7.1.1 Open UNIX 8.0.0 : REVISED: rpc.ttdbserverd file creation/deletion and buffer overflow vulnerabilities
- Security Update: [CSSA-2002-SCO.36] UnixWare 7.1.1 Open UNIX 8.0.0 : command line buffer overflow in ndcfg
- Security Update: [CSSA-2002-SCO.37] UnixWare 7.1.1 : buffer overflow in DNS resolver
- Security Update: [CSSA-2002-SCO.38] Open UNIX 8.0.0 UnixWare 7.1.1 : X server insecure popen and buffer overflow
- SECURITY.NNOV: Windows 2000 system partition weak default permissions
- SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0
- SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0]
- SNMP vulnerability in AVAYA Cajun firmware
- Software vulnerability reporting survey
- Solaris 2.6-8 SPARC Telnetd Vulnerability
- SPIKE 2.5 and associated vulns
- ssh trojaned
- Subtle insinuations may be more than idle threats I'm afraid.
- SUMMARY: Disabling Port 445 (SMB) Entirely
- Sun AnswerBook2 format string and other vulnerabilities
- Sun RPC xdr_array vulnerability
- SuSE Security Announcement: glibc (SuSE-SA:2002:031)
- SuSE Security Announcement: i4l (SuSE-SA:2002:030)
- SWServer 2.2 directory traversal bug
- Terrible: Windows Media Player
- The Large-Scale Threat of Bad Data in DNS
- The SUPER bug
- Tiny Personal Firewall 3.0 Denial of Service Vulnerabilities
- Tiny3 vs Winhelp32 Bof
- TinySSL Vendor Statement: Basic Constraints Vulnerability
- ToorCon Call for Papers 5 Day Notice
- ToorCon Computer Security Conference 2002 Announcement
- trillian buffer overflow
- Trillian XML parser buffer overflow
- Trivial root compromise in Gateway GS-400 NAS Servers
- trojan horse in recent openssh (version 3.4 portable 1)
- TSLSA-2002-0067 - glibc
- Two more exploitable holes in the trillian irc module
- Unchecked Buffer in Jana Web Server
- uuuppz.com - Advisory 002 - mIRC $asctime overflow
- vulnerabilities in scponly
- Vulnerability in Oracle
- W3C Jigsaw Proxy Server: Cross-Site Scripting Vulnerability (REPOST)
- Weak MySQL Default Configuration on Windows
- Web Shop Manager Security Vulnerability
- Webmin Vulnerability Leads to Remote Compromise (RPC CGI)
- White paper: Exploiting the Win32 API.
- Win32 API 'shatter' vulnerability found in VNC-based products
- Windows 2000 Service Pack 3 now available.
- Windows SMB DoS - Proof of concept
- Winhelp32 Remote Buffer Overrun
- Xitami Connection Flood Server Termination Vulnerability
- Xprobe2 - Tool & Paper release
- Yahoo Messenger Install Secuirty
- Yet another SMB dos concept code
Last message date: Thu Sep 05 2002 - 08:52:08 PDT
Archived on: Thu Sep 05 2002 - 08:52:12 PDT
482 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
This archive was generated by hypermail 2b30
: Thu Sep 05 2002 - 08:52:12 PDT