bugtraq 2002/11
By Subject
406 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
Starting: Fri Nov 01 2002 - 08:15:15 PST
Ending: Mon Dec 02 2002 - 10:19:16 PST
- 'Malicious-URL' Feature may be Circumvented Using IP Fragmentation
- (Correction) Netscreen SSH1 CRC32 Compensation Denial of service
- (MSIE) -"dialogArguments" (extended)
- (MSIE) when parent gives his son bad things ;) --"dialogArguments " again
- [A3SC] MS IIS out of process privilege elevation vulnerability(A3CR@K-Vul-2002-06-002)
- [Announce] AngeL v0.9.0
- [CLA-2002:544] Conectiva Linux Security Announcement - linuxconf
- [CLA-2002:545] Conectiva Linux Security Announcement - php4
- [CLA-2002:546] Conectiva Linux Security Announcement - bind
- [CLA-2002:547] Conectiva Linux Security Announcement - syslog-ng
- [CLA-2002:549] Conectiva Linux Security Announcement - dhcpcd
- [CLA-2002:550] Conectiva Linux Security Announcement - samba
- [ESA-20021114-029] BIND buffer overflow, DoS attacks.
- [ESA-20021122-030] local kernel vulnerabilities
- [ESA-20021122-031] php upgrade, security fixes
- [ESA-20021127-032] 'pine' version upgrade, security fixes.
- [Full-Disclosure] [ElectronicSouls] - BOOZT CGI Exploit
- [Full-Disclosure] [ESA-20021114-029] BIND buffer overflow, DoS attacks.
- [Full-Disclosure] [ESA-20021122-030] local kernel vulnerabilities
- [Full-Disclosure] [ESA-20021122-031] php upgrade, security fixes
- [Full-Disclosure] [ESA-20021127-032] 'pine' version upgrade, security fixes.
- [Full-Disclosure] [RHSA-2002:197-09] Updated glibc packages fix vulnerabilities in resolver
- [Full-Disclosure] [RHSA-2002:213-06] New PHP packages fix vulnerability in mail function
- [Full-Disclosure] [RHSA-2002:242-06] Updated kerberos packages available
- [Full-Disclosure] [RHSA-2002:262-07] New kernel fixes local denial of service issue
- [Full-Disclosure] [RHSA-2002:264-05] New kernel 2.2 packages fix local denial of service issue
- [Full-Disclosure] [RHSA-2002:266-05] New samba packages available to fix potential security vulnerability
- [Full-Disclosure] [VulnWatch] Weak Password Encryption Scheme in MS SQL Server
- [Full-Disclosure] [VulnWatch] XSS in Postnuke Rogue release (0.72)
- [Full-Disclosure] Apache Security Vulnerabilities on IRIX
- [Full-Disclosure] Bind 8 patches available
- [Full-Disclosure] Buffer Overflow in iSMTP Gateway
- [Full-Disclosure] Eudora 5.2 attachment spoof
- [Full-Disclosure] IRIX CDE ToolTalk rpc.ttdbserverd vulnerabilities
- [Full-Disclosure] IRIX lpd daemon vulnerabilities via sendmail and dns
- [Full-Disclosure] IRIX ToolTalk rpc.ttdbserverd vulnerabilities
- [Full-Disclosure] MS02-065 vulnerability
- [Full-Disclosure] Netscape Problems.
- [Full-Disclosure] Netscape/Mozilla: Exploitable heap corruption via jar: URI handler.
- [Full-Disclosure] Opera 6.03/Linux crashes on HTTPS over Squid Proxy on a site
- [Full-Disclosure] Potential Denial of Service Vulnerability in IRIX RPC-based libc
- [Full-Disclosure] Security contact for SAP database
- [Full-Disclosure] Security Industry Under Scrutiny: Part One
- [Full-Disclosure] Security Industry Under Scrutiny: Part Two
- [Full-Disclosure] Security Update: [CSSA-2002-042.0] Linux: libpng progressive image loading vulnerabilities and other buffer overflows
- [Full-Disclosure] Security Update: [CSSA-2002-044.0] Linux: Preboot eXecution Environment (PXE) server denial-of-service attacks
- [Full-Disclosure] Security Update: [CSSA-2002-045.0] Linux: python insecure temporary files in os._execvpe
- [Full-Disclosure] Security Update: [CSSA-2002-046.0] Linux: buffer overflows and other security issues in squid
- [Full-Disclosure] Security Update: [CSSA-2002-047.0] Linux: KDE SSL and XSS vulnerabilities
- [Full-Disclosure] Security Update: [CSSA-2002-048.0] Linux: wwwoffled remote access vulnerability
- [Full-Disclosure] Security Update: [CSSA-2002-049.0] Linux: lynx CRLF injection vulnerability
- [Full-Disclosure] Security Update: [CSSA-2002-050.0] Linux: tcpdump denial-of-service in print-bgp.c
- [Full-Disclosure] Security Update: [CSSA-2002-051.0] Linux: fetchmail remote vulnerabilities in multidrop mode
- [Full-Disclosure] Security Update: [CSSA-2002-052.0] Linux: sendmail smrsh bypass vulnerabilities
- [Full-Disclosure] Security Update: [CSSA-2002-053.0] Linux: gv execution of arbitrary shell commands
- [Full-Disclosure] Security Update: [CSSA-2002-SCO.42] UnixWare 7.1.1 Open UNIX 8.0.0 : in.talkd format string vulnerabilities
- [Full-Disclosure] Update: iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability
- [Full-Disclosure] Weak Password Encryption Scheme in MS SQL Server
- [Full-Disclosure] XSS in Postnuke Rogue release (0.72)
- [Full-Disclosure] zlib vulnerability in JAVA on IRIX
- [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]
- [LSD] Java and JVM security vulnerabilities
- [OpenBSD] [syslogd] false src-IP when logging to remote syslogd
- [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)
- [OpenPKG-SA-2002.012] OpenPKG Security Advisory (samba)
- [Sec-Tec Advisory] Local scripting vulnerability in phpBB
- [security bulletin] SSRT2265 HP TruCluster Server Interconnect Potential Security Vulnerability (fwd)
- [Security bulletin] SSRT2266 HP Tru64 UNIX IGMP Potential (DoS) Security Vulnerability (fwd)
- [security bulletin] SSRT2301 - HP Tru64 UNIX uudecode Potential Security Vulnerability (fwd)
- [security bulletin] SSRT2385 OSIS V5.4 LDAP Module for System Authentication Potential Security Vulnerability (fwd)
- [SECURITY] [DSA 186-1] New log2mail packages fix several vulnerabilities
- [SECURITY] [DSA 187-1] New Apache packages fix several vulnerabilities
- [SECURITY] [DSA 189-1] New luxman packages fix local root exploit
- [SECURITY] [DSA 191-1] New squirrelmail packages fix cross site scripting bugs
- [SECURITY] [DSA 191-2] New squirrelmail packages fix problem in options page
- [SECURITY] [DSA 192-1] New html2ps packages fix arbitrary code execution
- [SECURITY] [DSA 193-1] New klisa packages fix buffer overflow
- [SECURITY] [DSA 194-1] New masqmail packages fix buffer overflows
- [SECURITY] [DSA 195-1] New Apache-Perl packages fix several vulnerabilities
- [SECURITY] [DSA 197-1] New sqwebmail packages fix local information exposure
- [SECURITY] [DSA 199-1] New mhonarc packages fix cross site scripting
- [SECURITY] [DSA-190-1] buffer overflow in Window Maker
- [SECURITY] [DSA-196-1] New BIND packages fix several vulnerabilities
- [SecurityOffice] Hyperion Ftp Server v2.8.1 Directory Traversal Vulnerability
- [SNS Advisory No.58] Microsoft IIS Local Cross-site Scripting Vulnerability
- [tcpdump-announce] initial comments on trojan attack (fwd)
- [VulnWatch] 'Malicious-URL' Feature may be Circumvented Using IP Fragmentation
- [VulnWatch] (Correction) Netscreen SSH1 CRC32 Compensation Denial of service
- [VulnWatch] [A3SC] MS IIS out of process privilege elevation vulnerability(A3CR@K-Vul-2002-06-002)
- [VulnWatch] acFreeProxy Cross-Site Scripting Vulnerability/Possible DoS
- [VulnWatch] acFTP Authentication Issue
- [VulnWatch] Buffer Overflow in iSMTP Gateway
- [VulnWatch] ClearCase DoS vulnerabilty
- [VulnWatch] KeyFocus KF Web Server File Disclosure Vulnerability
- [VulnWatch] LiteServe Directory Index Cross-Site Scripting
- [VulnWatch] LiteServe URL Decoding DoS
- [VulnWatch] Mulitple Buffer Overflow conditions in RealPlayer/RealOne (#NISR22112002)
- [VulnWatch] Netscreen Malicious URL feature can be bypassed by fragmenting the request
- [VulnWatch] Netscreen SSH1 CRC32 Compensation Denial of service
- [VulnWatch] Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)
- [VulnWatch] Perception LiteServe HTTP CGI Disclosure Vulnerability
- [VulnWatch] Potential H.323 Denial of Service
- [VulnWatch] Predictable TCP Initial Sequence Numbers
- [VulnWatch] SFAD02-002: Calisto Internet Talker Remote DOS
- [VulnWatch] Weak Password Encryption Scheme in MS SQL Server
- [VulnWatch] XSS in Postnuke Rogue release (0.72)
- [VulnWatch] Zeroo Folder Traversal Vulnerability
- A technique to mitigate cookie-stealing XSS attacks
- Accesspoints disclose wep keys, password and mac filter (fwd)
- acFreeProxy Cross-Site Scripting Vulnerability/Possible DoS
- acFTP Authentication Issue
- AIM Bug
- Alert: Microsoft Security Bulletin - MS02-066
- Allied Telesyn switches & routers vulnerability
- Allot Netenforcer problems, GNU TAR flaw
- APBoard - post threads to protected forums and possibility to hijack forum-password
- arp spoofing defence
- ASI Sybase Security Alert: Buffer overflow in DBCC CHECKVERIFY
- ASI Sybase Security Alert: Buffer overflow in DROP DATABASE
- ASI Sybase Security Alert: Buffer overflow in xp_freedll
- BadBlue XSS/Information Disclosure Vulnerabilities
- benchmark tool for HTTP pages.
- Better security through shame
- Bind 8 bug experience
- bind 8 info update regarding ISS
- BIND Exploits
- bogofilter contrib/bogopass temp file vulnerability
- Buffalo AP Denial of Service
- Buffer Overflow in iSMTP Gateway
- Bug in EventSave
- Bug in Monkey Webserver 0.5.0 or minors versions
- Bypassing website filter in SonicWall
- CAIS-ALERT: Vulnerability in the sending requests control of BIND
- CERT Advisory CA-2002-32 Backdoor in Alcatel OmniSwitch AOS (fwd)
- Cisco PIX SSH/telnet dDOS vulnerability CSCdy51810
- Cisco Security Advisory: Cisco PIX Multiple Vulnerabilities
- ClearCase DoS vulnerabilty
- Clipboard in QNX Photon
- Code Injection in phpBB Advanced Quick Reply Mod
- Cracking OpenVMS passwords with John the Ripper
- Cross-site Scripting Vulnerability in ImageFolio Image Gallery Software
- d_path() truncating excessive long path name vulnerability
- Default SNMP community in Surecom Broadband Router
- EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities
- Eudora 5.2 attachment spoof
- Exploit code for IP Smart Spoofing
- Exploit for traceroute-nanog overflow
- File reading vulnerable in PHP and MySQL (Local Exploit)
- FreeBSD Security Advisory FreeBSD-SA-02:40.kadmind
- FreeBSD Security Advisory FreeBSD-SA-02:41.smrsh
- FreeBSD Security Advisory FreeBSD-SA-02:41.smrsh [REVISED]
- FreeBSD Security Advisory FreeBSD-SA-02:42.resolv
- FreeBSD Security Advisory FreeBSD-SA-02:43.bind
- FreeBSD Security Advisory FreeBSD-SA-02:43.bind [REVISED]
- FreeNews & News Evolution (PHP)
- Fresh hole in W3Mail (fwd)
- G-Con Announcement
- GLSA: apache
- GLSA: courier
- GLSA: gtetrinet
- GLSA: kdelibs
- GLSA: kdenetwork
- GLSA: kgpg
- GLSA: MailTools
- GLSA: php
- GLSA: samba
- GNU GCC: Optimizer Removes Code Necessary for Security
- Gnujsp and Domino R5.0.10
- Help Please
- How to execute programs with parameters in IE - Sandblad advisory #10
- i386 Linux kernel DoS
- i386 Linux kernel DoS (fixed)
- IceWarp 3.4.5 XSS *AGAIN*
- iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router
- iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse
- iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability
- iDEFENSE Security Advisory 11.04.02b: Denial of Service Vulnerability in Xeneo Web Server
- iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan
- iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server
- iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS
- iDEFENSE Security Advisory 11.11.02: Buffer Overflow in KDE resLISa
- iDEFENSE Security Advisory 11.19.02a: Denial of Service Vulnerability in Linksys Cable/DSL Routers
- iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability
- iDEFENSE Security Advisory 11.19.02c: Netscape Predictable Directory Structure Allows Theft of Preferences File
- IISPop remote DOS
- Immobilier 1 (PHP)
- Iomega NAS A300U security and inter-operability issues
- ion-p.exe allows Remote File Retrieving
- iPlanet WebServer, remote root compromise
- ISS Security Advisory: Multiple Remote Vulnerabilities in BIND4 and BIND8 (fwd)
- ISS Security Advisory: Multiple Remote Vulnerabilities in BIND4 andBIND8 (fwd)
- ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability (fwd)
- JSP processor 1.1 information disclosure
- KDE Security Advisory: resLISa / LISa Vulnerabilities
- KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO Vulnerability
- Kerberos login sniffer and cracker for Windows 2000/XP
- KeyFocus KF Web Server File Disclosure Vulnerability
- Lag Security Advisory - Com21 cable modem configuration file feeding vulnerability
- Latest libpcap & tcpdump sources from tcpdump.org contain a trojan
- Layer 2 Analysis of WLAN Discovery Applications for Intrusion Detection
- Linksys not fixed
- Linksys router vulnerability
- Linksys security contact
- LiteServe Directory Index Cross-Site Scripting
- LOM: Multiple vulnerabilities in Macromedia Flash ActiveX
- Lotus Domino HTTP Server security issue
- MailEnable POP3 Server remote shutdown !:/ -newest ~ (and previous) bufferoverflow-
- MDKSA-2002:075 - nss_ldap update
- MDKSA-2002:076 - perl-MailTools update
- MDKSA-2002:077 - bind update
- MDKSA-2002:079 - Updated kdelibs packages fix remote command execution vulnerabilites
- MDKSA-2002:080 - Updated kdenetwork packages fix remote command execution vulnerabilites
- MDKSA-2002:081 - Updated samba packages fix potential root compromise
- MDKSA-2002:082 - Updated python packages fix local arbitrary code execution vulnerability
- MDKSA-2002:083 - Updated sendmail packages fix smrsh insecurities
- Mindwall Project
- Moby NetSuite POST Denial of Service Vulnerability
- Motorola Cable Modem DOS
- MS02-064 fix time
- MS02-066 - fixes, gaps and incorrect statements
- Mulitple Buffer Overflow conditions in RealPlayer/RealOne (#NISR22112002)
- Multiple incorrect permissions in QNX.
- Multiple phpNuke Modules Vulnerable to Cross-Site Scripting
- Multiple Vuln. in Hotfoon.com's Hotfoon4.exe dialer
- Multiple vulnerabilities in Tiny HTTPd
- NBActiveX Sure ActiveX Big Vulnerability
- NetBSD Security Advisory 2002-024: IPFilter FTP proxy
- Netscape 4 Java buffer overflow
- Netscape Problems.
- Netscape/Mozilla: Exploitable heap corruption via jar: URI handler.
- Netscreen Malicious URL feature can be bypassed by fragmenting the request
- Netscreen SSH1 CRC32 Compensation Denial of service
- networking_utils.php
- NOVL-2002-2963651 - iManager (eMFrame) Buffer Overflow
- NOVL-2002-2963767 - Remote Manager Security Issue - eDir 8.6.2
- NOVL-2002-2963827 - Remote Manager Security Issue - NW5.1
- Office XP document numbers can be linked to individual machines
- On vulnerabilities in open and closed source products
- Open WebMail 1.71 "background" magic info
- Opera 7 vulnerabilities
- Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)
- Oracle iSQL*Plus buffer Overflow..
- Oracle Security Contact
- patch for named buffer overflow now available (fwd)
- Perception LiteServe HTTP CGI Disclosure Vulnerability
- PHP-Nuke SQL Injection Vulnerability
- PlanetWeb Web Server Buffer Overflow in processing GET requests
- Potential H.323 Denial of Service
- Potential Vuln in McAfee VirusScan 451
- Predictable TCP Initial Sequence Numbers
- pWins Perl Web Server Directory Transversal Vulnerability
- QNX 6.1 TimeCreate weakness
- Remote Buffer Overflow vulnerability in Lib HTTPd.
- Remote Buffer Overflow vulnerability in Light HTTPd
- Remote Buffer Overflow vulnerability in Zeroo HTTP Server.
- Remote Frame Pointer Overwrite vulnerability in LIB CGI in Language C.
- Remote Heap malloc/free & multiple Overflow vulnerability in WSMP3.
- Remote Multiple Buffer Overflow(s) vulnerability in Libcgi-tuxbr.
- Remote pine Denial of Service
- Remote POST Buffer Overflow vulnerability in Pserv.
- RES: A technique to mitigate cookie-stealing XSS attacks
- RhinoSoft Serv-U FTP Anonymous Remote DoS Vulnerability
- Securing OWA on public computers.
- Security holes... Who cares?
- Security Patch for PortailPHP 0.99
- Security Update: [CSSA-2002-042.0] Linux: libpng progressive image loading vulnerabilities and other buffer overflows
- Security Update: [CSSA-2002-044.0] Linux: Preboot eXecution Environment (PXE) server denial-of-service attacks
- Security Update: [CSSA-2002-045.0] Linux: python insecure temporary files in os._execvpe
- Security Update: [CSSA-2002-046.0] Linux: buffer overflows and other security issues in squid
- Security Update: [CSSA-2002-047.0] Linux: KDE SSL and XSS vulnerabilities
- Security Update: [CSSA-2002-048.0] Linux: wwwoffled remote access vulnerability
- Security Update: [CSSA-2002-049.0] Linux: lynx CRLF injection vulnerability
- Security Update: [CSSA-2002-052.0] Linux: sendmail smrsh bypass vulnerabilities
- Security Update: [CSSA-2002-SCO.42] UnixWare 7.1.1 Open UNIX 8.0.0 : in.talkd format string vulnerabilities
- SFAD02-002: Calisto Internet Talker Remote DOS
- SnortCenter 0.9.5 temp file naming problems...
- Solaris priocntl exploit
- Sun Security Bulletin #00220
- SuSE Security Announcement: KDE lanbrowser vulnerability (SuSE-SA:2002:042)
- SuSE Security Announcement: Multiple vulnerabilities in BIND8 (SuSE-SA:2002:044)
- SuSE Security Announcement: perl-MailTools (SuSE-SA:2002:041)
- SuSE Security Announcement: pine (SuSE-SA:2002:046)
- SuSE Security Announcement: samba (SuSE-SA:2002:045)
- SuSE Security Announcement: SuSE-SA:2002:043 (traceroute-nanog/nkitb)
- tcpdump and libpcap
- Technical information about unpatched MS Java vulnerabilities
- TFTPD32 Buffer Overflow Vulnerability (Long filename)
- TFTPD32 Directory Traversal Vulnerability
- The Unix Auditor's Practical Handbook
- Timing the Application of Security Patches for Optimal Uptime
- TracerouteNG - never ending story
- TSLSA-2002-0077 - kernel
- TSLSA-2002-0080 - samba
- Update to LOM's advisory
- Update: iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability
- UPDATE: Linksys router vulnerability (add'l models affected)
- Updated ypserv packages fix memory leak
- User downgraded from Administrator to User retains the ability to list other user's running tasks
- vBulletin XSS Injection Vulnerability
- Vulnerability in Cutecast Forum v1.2
- Weak Password Encryption Scheme in Integrated Dialer
- Weak Password Encryption Scheme in MS SQL Server
- Web Server Creator - Web Portal 0.1 (PHP)
- WebChat for XOOPS RC3 SQL INJECTION
- Well known flaw in web cart software remains wide open
- When scrubbing secrets in memory doesn't work
- xoops Quizz Module IMG bug
- XOOPS WebChat module - patch UPDATE
- XSS bug in phpBB
- XSS bug in vBulletin
- XSS in Postnuke Rogue release (0.72)
- XSS vulnerability in Bugzilla if upgraded from 2.10 or earlier
- Yahoo Messenger: Invisible User Detect
- ZDnet forum: IE formatting local drive
- Zeroo Folder Traversal Vulnerability
- Zeus Admin Server v4.1r2 index.fcgi XSS bug
- ZoneEdit Account Hijack Vulnerability
Last message date: Mon Dec 02 2002 - 10:19:16 PST
Archived on: Mon Dec 02 2002 - 10:19:19 PST
406 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
This archive was generated by hypermail 2b30
: Mon Dec 02 2002 - 10:19:19 PST