bugtraq 2002/09
By Subject
353 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
Starting: Sat Aug 31 2002 - 22:08:28 PDT
Ending: Wed Oct 23 2002 - 14:00:38 PDT
- (Fwd) MSIEv6 % encoding causes a problem again
- **maillist:: Outlook S/MIME Vulnerability
- *sigh* Trillian multiple DoS's flaws.
- [CLA-2002:522] Conectiva Linux Security Announcement - mailman
- [CLA-2002:523] Conectiva Linux Security Announcement - util-linux
- [CLA-2002:524] Conectiva Linux Security Announcement - postgresql
- [CLA-2002:525] Conectiva Linux Security Announcement - kdelibs
- [CLA-2002:526] Conectiva Linux Security Announcement - xchat
- [Full-Disclosure] *sigh* Trillian multiple DoS's flaws.
- [Full-Disclosure] [RHSA-2002:036-26] Updated ethereal packages available
- [Full-Disclosure] [RHSA-2002:060-17] Updated Zope packages are available
- [Full-Disclosure] [RHSA-2002:096-24] Updated unzip and tar packages fix vulnerabilities
- [Full-Disclosure] [RHSA-2002:188-08] New wordtrans packages fix remote vulnerabilities
- [Full-Disclosure] [RHSA-2002:189-08] Updated gaim client fixes URL vulnerability
- [Full-Disclosure] [VulnWatch] MyNewsGroups :) XSS patch
- [Full-Disclosure] And Again. Trillian 'raw 221' Overflow.
- [Full-Disclosure] Bugtraq postings from non-members may disclose some list-member's addresses
- [Full-Disclosure] Compaq mount patch broken
- [Full-Disclosure] ht://Check XSS
- [Full-Disclosure] iDEFENSE OSF1/Tru64 3.x vuln clarification
- [Full-Disclosure] iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3.
- [Full-Disclosure] Information Disclosure with Invision Board installation (fwd)
- [Full-Disclosure] IRIX default root umask and coredumps
- [Full-Disclosure] IRIX IGMP multicast report Denial of Service vulnerability
- [Full-Disclosure] JAWmail XSS
- [Full-Disclosure] Linux Slapper Worm code
- [Full-Disclosure] major vulnerability in IE 6 :-(
- [Full-Disclosure] MyNewsGroups :) XSS patch
- [Full-Disclosure] Remote detection of vulnerable OpenSSL versions
- [Full-Disclosure] SECNAP Security Alert: Radmin Default install options vulnerability
- [Full-Disclosure] Slapper worm redux;
- [Full-Disclosure] Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later
- [Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52
- [Full-Disclosure] Trillian .73 & .74 "PRIVMSG" Overflow.
- [Full-Disclosure] Yet Another. Trillian 'JOIN' Overflow.
- [Full-Disclosure] zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs Good, Flash Executable Bad]
- [LoWNOISE] "Get Knowledge" SunONE Starter Kit - Sun Microsystems/Astaware
- [security bulletin] SSRT-547 HP Tru64 UNIX Potential Security Vulnerabilities TPC/IP, FTPD, ARP (fwd)
- [security bulletin] SSRT2275 HP Tru64 UNIX - Potential Buffer Overflows & SSRT2229 Potential Denial of Service (fwd)
- [security bulletin] SSRT2310a HP Tru64 UNIX & HP OpenVMS Potential OpenSSL Security Vulnerability (fwd)
- [security bulletin] SSRT2362 WEBES Service Tools (HP Tru64 UNIX, HP OpenVMS, Windows) Potential File Access Vulnerability (fwd)
- [SECURITY] [DSA 149-2] New glibc packages fix
- [SECURITY] [DSA 159-2] New Python packages fix problem introduced by security fix
- [SECURITY] [DSA 160-1] New scrollkeeper packages fix insecure temporary file creation
- [SECURITY] [DSA 161-1] New Mantis package fixes privilege escalation
- [SECURITY] [DSA 162-1] New ethereal packages fix buffer overflow
- [SECURITY] [DSA 163-1] New mhonarc packages fix cross site scripting problems
- [SECURITY] [DSA 164-1] New cacti package fixes arbitrary code execution
- [SECURITY] [DSA 165-1] New PostgreSQL packages fix several vulnerabilities
- [SECURITY] [DSA 166-1] New purity packages fix potential buffer overflows
- [SECURITY] [DSA 167-1] New kdelibs fix cross site scripting bug
- [SECURITY] [DSA 168-1] New PHP packages fix several vulnerabilities
- [SECURITY] [DSA-136-2] Multiple OpenSSL problems (update)
- [SECURITY] [DSA-136-3] Multiple OpenSSL problems (update)
- [securitydigest.org]: Changes in August/September 2002
- [UPDATED] Advisory: Multiple 602Pro LAN SUITE 2002 Denial of Service Attacks
- [ut2003bugs] remote denial of service in ut2003 demo
- [VulnWatch] [LoWNOISE] "Get Knowledge" SunONE Starter Kit - Sun Microsystems/Astaware
- [VulnWatch] FVS318 Config stores usernames/passwd's in plain text
- [VulnWatch] IRIX default root umask and coredumps
- [VulnWatch] IRIX IGMP multicast report Denial of Service vulnerability
- [VulnWatch] Microsoft SQL Server Stored procedures [sp_MSSetServerPropertiesn and sp_MSsetalertinfo] (#NISR03092002A)
- [VulnWatch] MyNewsGroups :) XSS patch
- [VulnWatch] NSSI-2002-sygatepfw5: Sygate Personal Firewall IP Spoofing Vulnerability
- [VulnWatch] PHP fopen() CRLF Injection
- [VulnWatch] SECNAP Security Alert: Radmin Default install options vulnerability
- [VulnWatch] Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later
- [VulnWatch] Windows .NET Server (RC1) and MSDE (#NISR03092002B)
- advisory
- Advisory: File disclosure in DB4Web
- Advisory: TCP-Connection risk in DB4Web
- AFD 1.2.14 multiple local root compromises
- All versions of windows infected?
- Allot Netenforcer problems, GNU TAR flaw
- And Again. Trillian 'raw 221' Overflow.
- ANNOUNCE: Egads 0.9.5
- ANNOUNCE: RATS 2.0
- Another possible RFC 2046 vulnerability.
- Apache 2.0.(39|40) DOS (PHP!)
- Apple QuickTime ActiveX v5.0.2 Buffer Overrun (a091002-1)
- Buffer over/underflows in ssldump prior to 0.9b3
- Bug in Opera and Konqueror
- bugtraq.c httpd apache ssl attack
- Bypassing SMTP Content Protection )
- Bypassing SMTP Content Protection with a Flick of a Button
- Bypassing the Finjan SurfinGate URL filter
- Bypassing TrendMicro InterScan VirusWall
- CacheFlow CacheOS Cross-site Scripting Vulnerability
- Cacti security issues
- CanSecWest/core03
- Cisco Security Advisory: Cisco VPN 3000 Concentrator Multiple Vulnerabilities
- Cisco Security Advisory: Cisco VPN 5000 Client Multiple Vulnerabilities
- Cisco Security Advisory: Cisco VPN Client Multiple Vulnerabilities - Second Set
- Cisco Security Advisory: Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045
- Cisco VPN 5000 client buffer overflow vulnerabilities.
- Cobalt 6.0 Local Root
- Compaq mount patch broken
- Cross-Site Scripting in Aestiva's HTML/OS
- ECHU Alert #2: IMG Attack in the news : 6 CMS vulnerables
- efstool slackware 7.1 local root exploit exploit included
- Errata: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv
- Execution Rights Not Checked Correctly For 16-bit Application s
- Execution Rights Not Checked Correctly For 16-bit Applications
- Final Speakers for HiverCon 2002 Announced
- Firewall-1 HTTP Security Server - Proxy vulnerability
- Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP
- FreeBSD Security Advisory FreeBSD-SA-02:39.libkvm
- Fwd: QuickTime for Windows ActiveX security advisory
- GLSA: amavis
- GLSA: dietlibc
- GLSA: glibc
- GLSA: glibc (update)
- GLSA: scrollkeeper
- GLSA: tomcat
- Hacking Citrix Faq
- Hacking Citrix Faq (+DEF CON presentation)
- Hacking Citrix Faq (fwd)
- Happy Labor Day from Snosoft
- ht://Check XSS
- http://online.securityfocus.com/archive/1/291358/2002-09-08/2002-09-14/0, Subj: Norton AintiVirus 2001 POPROXY DoS
- iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities
- iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3.
- iDEFENSE Security Advisory 09.23.2002: Directory Traversal in Dino's Webserver
- iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv
- iDEFENSE Security Advisory 09.30.2002: Buffer Overflow in WN Server
- IE6 SP1 Notes
- IE6 SSL Certificate Chain Verification
- IIL Advisory: Format String bug in Null Webmail (0.6.3)
- IIL Advisory: Reverse traversal vulnerability in Monkey (0.1.4) HTTP server
- IIL Advisory: Vulnerabilities in acWEB HTTP server
- IIL Advisory: Winamp 3 (1.0.0.488) XML parser buffer overflow vulnerability
- Information Disclosure with Invision Board installation (fwd)
- JAWmail XSS
- Jetty jsp/servlet engine xss / uname disclosure vuln
- joe editor backup problem
- JSP source code exposure in Tomcat 4.x
- KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability
- KDE Security Advisory: Secure Cookie Vulnerability
- Kondara MNU/Linux
- KPMG-2002035: IBM Websphere Large Header DoS
- KSTAT (and maybe others) bypass
- LEVERAGING CROSS-PROTOCOL SCRIPTING IN MSIE
- Linux Slapper Worm
- Lycos HTMLGear Guestbook Script Injection Vulnerability
- MDKSA-2002:054-1 - gaim update
- MDKSA-2002:057 - krb5 update
- MDKSA-2002:058 - kdelibs update
- MDKSA-2002:059 - php update
- Microsoft PPTP Server and Client remote vulnerability
- Microsoft SQL Server Stored procedures [sp_MSSetServerPropertiesn and sp_MSsetalertinfo] (#NISR03092002A)
- Microsoft Windows Remote Desktop Protocol checksum and keystroke vulnerabilities
- Microsoft Windows Terminal Services vulnerabilities
- Microsoft Windows XP Remote Desktop denial of service vulnerability
- Mozilla vulnerabilities, an update
- MS-02-052
- MSIEv6 % encoding - Konqueror 3.0.3 also vulnerable
- MSIEv6 % encoding causes a problem again
- Multiple NetBSD Security Advisories Released/Updated
- Multiple vulnerabilities in Avaya Argent Office
- MyNewsGroups :) XSS patch
- NetBSD Security Advisory 2002-006: buffer overrun in libc/libresolv DNS resolver
- NetBSD Security Advisory 2002-007: Repeated TIOCSCTTY ioctl can corrupt session hold counts
- NetBSD Security Advisory 2002-009:
- NetBSD Security Advisory 2002-010: symlink race in pppd
- NetBSD Security Advisory 2002-011: Sun RPC XDR decoder contains buffer overflow
- NetBSD Security Advisory 2002-012: buffer overrun in setlocale
- NetBSD Security Advisory 2002-013: Bug in NFS server code allows remote denial of service
- NetBSD Security Advisory 2002-014: fd_set overrun in mbone tools and pppd
- NetBSD Security Advisory 2002-017: shutdown(s, SHUT_RD) on TCP socket does not work as intended
- NetBSD Security Advisory 2002-018: Multiple security isses with kfd daemon
- NetBSD Security Advisory YYYY-NNN: {brief description of SA}
- NetGear FM114P URL filter bypassing vulnerability
- NetMeeting 3.01 Local RDS Session Hijacking
- New Paper: Threat profiling Microsoft SQL Server
- Next-hop scanning for open firewall ports
- nidump on OS X
- Norton AntiVirus 2001 POP3 Proxy local DoS
- Now Online: OWASP Guide to Building Secure Web Applications v1.1
- NSSI-2002-sygatepfw5: Sygate Personal Firewall IP Spoofing Vulnerability
- One step easier password guessing on Windows
- OpenSSH 3.4p1 Privsep
- OpenSSL worm in the wild
- OpenVMS POP server local vulnerability
- Outlook S/MIME Vulnerability
- Password Security Policy Question
- PHP fopen() CRLF Injection
- PHP header() CRLF Injection
- PHP source injection in phpWebSite
- PHP-Nuke x.x AND PostNuke SQL Injection
- PHP-Nuke x.x SQL Injection
- phpGB: cross site scripting bug
- phpGB: DoS and executing_arbitrary_commands
- phpGB: mysql injection bug
- PHPNUKE 6 XSS Vulnerabilities
- Planet Web Software Buffer Overflow
- Postnuke XSS issues
- Postnuke XSS issues [correction]
- Privacy leak in mozilla
- Protecting you wireless networks a bit more against wardrivers
- QT Assistant leaves port unfiltered
- Race condition in BRU Workstation 17.0
- Rapid 7 Advisory R7-0005: ZMerge Insecure Default ACLs
- remote exploitable heap overflow in Null HTTPd 0.5.0
- remote SYSTEM compromise in WASD OpenVMS http server
- Roaring Penguin fixes for "Bypassing SMTP Content Protection with a Flick of a Button"
- SafeTP coughs up internal server IP addresses
- Savant 3.1 multiple vulnerabilities
- Scan against Enterasys SSR8000 crash the system
- SecuRemote usernames can be guessed or sniffed using IKE exchange
- Security Issue with Mac OS X
- Security side-effects of Word fields
- Security side-effects of Word fields)
- ShadowCon 2002
- Shana Informed 3.05 information disclosure
- slashdot / slashcode disclosing passwords
- Small bug crashes OE
- Small correction...
- Software Update Available for Legacy RapidStream Appliances and W atchGuard Firebox Vclass appliances
- Some unpatched vulnerabilities fixed
- SPIKE 2.6 Released...
- Squirrel Mail 1.2.7 XSS Exploit
- Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later
- SUMMARY: Disabling Port 445 (SMB) Entirely
- SuSE Security Announcement: heimdal (SuSE-SA:2002:034)
- SuSE Security Announcement: Slapper worm (SuSE-SA:2002:033)
- SuSE Security Announcement: xf86 (SuSE-SA:2002:032)
- Technical information about the vulnerabilities fixed by MS-02-52
- The Art of Unspoofing
- the attachement
- The ScrollKeeper Root Trap
- The Trivial Cisco IP Phones Compromise
- Trillian .73 & .74 "PRIVMSG" Overflow.
- Trillian .74 and below, ident flaw.
- trillian DoS: trillian 1.0 pro also vulnerable
- Trillian Remote DoS Attack - AIM
- Trillian weakly encrypts saved passwords
- tst attachment
- Unmask 1.0 Release Party at My House!
- UPDATE: (Was Veritas Backup Exec opens networks for NetBIOS based attacks?)
- Veritas Backup Exec opens networks for NetBIOS based attacks?
- Vulnerabilities in Microsoft's Java implementation
- Watchguard firewall appliances security issues
- Web browser certificate Validation flaw: Netscape, Mozilla, MSIE vulnerable - still?
- Who framed Internet Explorer (GM#010-IE)
- Who framed Internet Explorer and IE6 SP1
- Windows .NET Server (RC1) and MSDE (#NISR03092002B)
- Wireless Networking Frailty
- xbreaky symlink vulnerability
- Xoops RC3 script injection vulnerability
- Xoops RC3 script injection vulnerability fixed
- XSS bug in Monkey (0.5.0) HTTP server
- XSS bug in MyMarket 1.71
- XSS in Null HTTPd
- Yet another XSS vulnerability in PHP NUKE
- Yet Another. Trillian 'JOIN' Overflow.
- zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs Good, Flash Executable Bad]
Last message date: Wed Oct 23 2002 - 14:00:38 PDT
Archived on: Wed Oct 23 2002 - 14:00:40 PDT
353 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
This archive was generated by hypermail 2b30
: Wed Oct 23 2002 - 14:00:40 PDT